Note for the reader: this is a 1st draft, created mainly based on the ONAP VNF Security Requirements.
The SECCOM agreed way forward is:
- Review the requirements. As a tool helping the review, below is a list of Jira tickets, one per requirement. For time being the Jira tickets are the master version of the requirements itself. Review should be done by a wide audience as security is everybody's responsibility:
- by SECCOM
- by ONAP projects
- Everyone is encouraged to check the requirements and write comments in the Jira tickets listed below!
- Check overlap with CII Badging requirements. It is perhaps OK to have those overlaps if those are only few (as expected)...
- Finally: Identify the most important requirements, those should be candidates to be enforced in El Alto.
The objective is to provide the key security requirements that need to be met by ONAP. The security requirements are grouped into five areas as listed below. Majority of the security requirements are applicable to all ONAP components. However, for some requirements the ONAP level security architecture needs to be settled first, to specify the impacted components and/or how to implement.
The requirements are categorized in five broad security areas:
- ONAP General Security
- ONAP Identity and Access Management:
- ONAP API Security
- ONAP Security Analytics
- ONAP Data Protection