"The project MUST have performed a security review within the last 5 years. This review MUST consider the security requirements and security boundary." – Best Practices Badging Criterion
...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
Yes, CPS architecture documentation can be found @ https://docs.onap.org/projects/onap-cps/en/latest/architecture.html *Page is being updated for the next release to reflect that the architecture diagram reflects the latest release. (https://gerrit.onap.org/r/c/cps/+/133557) | Please refer to the latest ONAP architecture diagram. |
Documentation Security
Does your project have a description of what a user of your project can and cannot expect in terms of security from the software produced by the project, (In other words, what are its 'security requirements'?)
...
| Your Answers-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
CPS is compliant and compatible with the ongoing service mesh implementation (see https://gerrit.onap.org/r/c/oom/+/124287) for ONAP. CPS service port names has been changed to include http in name. |
Crypto Credential Agility
...
| Your Answers-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
CPS is compliant and compatible with the ongoing service mesh implementation (see https://gerrit.onap.org/r/c/oom/+/124287) for ONAP. CPS service port names has been changed to include http in name. |
Crypto Used Network
Does your software have network communications inbound or outbound? If so, do you support secure protocols for all such network communications?
...