Level Definitions
Project-level requirements
- Level 0: None
- Level 1: CII Passing badge
- Including no critical and high known vulnerabilities > 60 days old
- Level 2: CII Silver badge, plus:
- All internal/external system communications shall be able to be encrypted.
- All internal/external service calls shall have common role-based access control and authorization using CADI framework.
- Level 3: CII Gold badge
ONAP Platform-level requirements per release
- Level 1: 70 % of the projects passing the level 1
- with the non-passing projects reaching 80% passing level
- Non-passing projects MUST pass specific cryptography criteria outlined by the Security Subcommittee*
- Level 2: 70 % of the projects passing silver
- with non-silver projects:
- completed passing level and 80% towards silver level
- internal/external system communications shall be able to be encrypted
- with non-silver projects:
- Level 3: 70% of the projects passing gold
- with non-gold projects achieving silver level and achieving 80% towards gold level
- Level 4: 100 % passing gold.
Minimum Levels (Dublin)
- Absolute Minimum expectation:
- CII badging passing level
- Continuously retaining no critical or high known vulnerabilities > 60 days old
- All communication shall be able to be encrypted and have common role-based access control and authorization.
- Desired expectation is full CII badging silver level, if not 75% towards that.
- Stretch goal: Project Level 2
Guidance for Implementation
- Refer to the Security Subcommittee
Contacts
- Refer to the Security Subcommittee