ONAP Security Requirements
- Samuli Kuusela
Note for the reader: this is a 1st draft, created mainly based on the ONAP VNF Security Requirements.
The SECCOM agreed way forward is:
Review the requirements. As a tool helping the review, below is a list of Jira tickets, one per requirement. For time being the Jira tickets are the master version of the requirements itself. Review should be done by a wide audience as security is everybody's responsibility:
by SECCOM
by ONAP projects
Everyone is encouraged to check the requirements and write comments in the Jira tickets listed below!
Check overlap with CII Badging requirements. It is perhaps OK to have those overlaps if those are only few (as expected)...
Finally: Identify the most important requirements, those should be candidates to be enforced in El Alto.
The objective is to provide the key security requirements that need to be met by ONAP. The security requirements are grouped into five areas as listed below. Majority of the security requirements are applicable to all ONAP components. However, for some requirements the ONAP level security architecture needs to be settled first, to specify the impacted components and/or how to implement.
The requirements are categorized in five broad security areas:
ONAP General Security
ONAP Identity and Access Management:
ONAP API Security
ONAP Security Analytics
ONAP Data Protection