hubertdcruze
commented
6 months ago Comments from TC meeting on Feb 8 must be refined and more detailed, which specific SFRs and best practices should be clarified be more specific – keep it for now...
Open hubertdcruze opened 6 months ago
hubertdcruze
commented
6 months ago Comments from TC meeting on Feb 8 must be refined and more detailed, which specific SFRs and best practices should be clarified be more specific – keep it for now...
hubertdcruze
commented
6 months ago A bit refined and more detailed, shared below, as suggested. Please let us know what you think, otherwise, we will keep the above ones. Please add/delete as you find appropriate:
SDN Controllers must comply with established security standards and implement best practices for API security, particularly emphasizing REST security principles. They are expected to follow guidelines set forth by recognized entities like OWASP, NIST, and ISO/IEC. This involves ensuring secure authentication, authorization, encryption, and coding practices, alongside conducting regular security evaluations and managing vulnerabilities to protect against current and emerging cyber threats.
SDN Controllers are mandated to conform to essential security standards, focusing on API security and REST security principles as outlined by leading organizations such as OWASP, NIST, and ISO/IEC. This includes adopting secure authentication and authorization practices, data encryption, and following secure coding guidelines. Additionally, they must engage in continual security assessments and vulnerability management to mitigate against a spectrum of cyber risks.
pbelani
commented
6 months ago I like Option 1 here
The SDN Controllers must adhere to relevant security standards and best practices for API security including REST security principles as recommended by OWASP, NIST, and ISO/IEC.