2023-03-14 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 14th of March 2023.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



Security Questionnaire for CPS

We reviewed updated responses from CPS team and provided some comments.

  • Security requirements were added by CPS team

  • Architecture diagram is pretty old and should be updated. Reference link: London-R12 Architecture Diagram

  • Please elaborate this statement: "Usernames and passwords are configurable by the clients via configuring the application .yml file".

    Expectation: passwords are not in yml file. The yml should point to user store (e.g. LDAP or K8s secrets). 

  • Please add these statements to a new Security Assurance section just after: Configuration Persistence Service Project#CPSSECURITYREQUIREMENTS

    Also add statements that indicate how you protect your username and password configurations. (See other questions on hashing of secrets, use of crypto and permissions on files.)

ongoing





Security test cases review 

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2023-02/25_04-42/

-CI/CD pipeline aspects - infrastructure ans security test cases to be further elaborated.







PTL meeting (March 13th)

Unmaintained process review by Amy







TSC meeting (March 9th)

DT ONAP Takeaways by Andreas

Requirements Subcommittee merged with Architecture Subcommittee







SECCOM MEETING CALL WILL BE HELD ON 28th March 2023. 

CPS Security updated questionnaire review by SECCOM - final round with CPS team.











Recordings: 

2023-03-14_SECCOM_week.mp4

SECCOM presentation:

2023-03-14 ONAP Security Meeting - AgendaAndMinutes.pptx