Versions Compared

Old Version 6

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version 7

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Your Answer-Please DescribeSECCOM Feedback / Recommendations

All the resources that can be accessed in PF require authentication

  • Please submit link with your security documentation + information about what capabilities authentication provides.
  • Do you require authorization?
  • Can PF restrict access to resources based on identity? if so what mechanisms are used?
  • Are there different levels of authorization once you've authenticated?
  • Is there authentication and authorization on the events being acted?
  • What kind of security is used to control access to the network elements being controlled?

...

Your Answer-Please DescribeSECCOM Feedback / Recommendations

Test cases are found at https://github.com/onap/policy-docker/tree/master/csit/resources/tests showing that authentication must be done before interacting with any resource.

ONAP docs describring how to run test cases https://docs.onap.org/projects/onap-policy-parent/en/latest/development/devtools/testing/csit.html

Good start, answer questions above in documentation security, create Wiki and provide answers there and provide link to that Wiki.

Vulnerability Mitigation

Vulnerabilities Critical Fixed

...