[RM Ch07] Security chapter Clean up & re-arrangement

[ASawwaf]

Work on Security chapter Clean up & re-arrangement

[pgoyal01]

For each Section change a PR will be opened.

Suggested Reorg: • 7.1 Introduction rewrite PR #1677
• 7.2 Principles and Guidelines delete PR #1678 o 7.2.1 Overarching Objectives and Goals o 7.2.2 Verification Methodologies o 7.2.3 Governance • 7.3 Common standards exchange with 7.4 (this section becomes 7.4) o 7.3.1 Potential attack vectors o 7.3.2 Testing demarcation points • 7.4 Security Scope exchange with 7.3 (this section becomes 7.3) o 7.4.1 In-scope and Out-of-Scope definition o 7.4.2 Security requirements rename Security Domains; edit certification from Fig o 7.4.3 Platform security requirements move under 7.5 o 7.4.4 Workload security requirements move under 7.6 o 7.4.5 Certification/validation requirements no content -- delete • 7.5 Platform Security o 7.5.1 General Platform Security o 7.5.2 Platform ‘back-end’ access security o 7.5.3 Platform ‘front-end’ access security • 7.6 Workload Security - Vendor Responsibility o 7.6.1 Software Hardening o 7.6.2 Port Protection o 7.6.3 Software Code Quality o 7.6.4 Alerting and Monitoring o 7.6.5 Logging o 7.6.6 VNF images o 7.6.7 Identity and Access Management o 7.6.8 CVEs and Vulnerability Management o 7.6.9 Encryption suite supports o 7.6.10 Password complexity support o 7.6.11 Customized Banner • 7.7 Workload Security- Operator Responsibility o 7.7.1 Remote Attestation/openCIT o 7.7.2 VNF Image Scanning / Signing • 7.8 VNF Vendors responsibility align TOC title with actual section title • 7.9 Cloud Infrastructure Vendors responsibility Relabel to measurement related Changed content and moved some to 7.6.8 and 7.7.1 PR #1733 o 7.9.1 Networking Security Zoning belongs in 7.5 o 7.9.2 Encryption belongs in 7.5 o 7.9.3 Platform Patching belongs in 7.5 DONE now 7.5.4 o 7.9.4 Boot Integrity Measurement (TPM) Relabeled and changed content o 7.9.5 Runtime Integrity Measurement (TPM) Relabeled and changed content o 7.9.6 Cloud Infrastructure & Cloud Infrastructure Manager belongs in 7.5 • 7.10 Certification requirements very light content and doesn’t align -- rewrite • 7.11 Consolidated Security requirements o 7.11.1 System Hardening o 7.11.2 Platform Access o 7.11.3 Confidentiality and Integrity o 7.11.4 Workload Security o 7.11.5 Image Security o 7.11.6 Security LCM o 7.11.7 Monitoring and Security Audit o 7.11.8 Compliance with Standards o 7.11.9 References

Final TOC changes

The reorg/rewrite should also ensure that all requirements are captured in 7.11 including recommendations from a review of the ONAP Security Requirements.

[ASawwaf]

@pgoyal01 , i belive 7.9 completely should be under 7.5

are you ok with this @pgoyal01 @karinesevilla

[pgoyal01]

@ASawwaf As you can see most subsections move under 7.5 but the main section ans sub-sections remain in 7.5. The title of 7.5 will then need to be changed.

Please see my TOC in one of the above comments.

[ASawwaf]

@pgoyal01 Yes , this based on your TOC , but it is not reflected

Can you lead in this

@ASawwaf will do. I will create a new PR for this. Thanks.

[wmk-admin]

The clean-up has been done along these lines. If there are any further requirements we will need to create new specific Issues/PRs