Versions Compared

Old Version 31

changes.mady.by.user Robert Heinemann

Saved on

compared with

New Version 32

changes.mady.by.user Robert Heinemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These below refer to the ONAP (Application and Infrastructure Columns)

Proposed Logging Practice Requirements

IDDescriptionReference

CON-LOG-REQ-19

The container MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible to eliminate ambiguity owing to daylight savings time.R-629534









Proposed Security Event Generation Requirements

...

IDDescriptionReference

CON-LOG-REQ-

...

The container and container application MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege.

...

R-54520

...

...

CON-LOG-REQ-

...

The container and container application MUST log logoffs.

...

R-55478

...

...

CON-LOG-REQ-

...

The container and container application MUST log starting and stopping of security logging.

...

R-13344

...

...

CON-LOG-REQ-

...

The container and container application MUST log success and unsuccessful creation, removal, or change to the inherent privilege level of users.

...

R-07617

...

...

CON-LOG-REQ-

...

The container and container application MUST log connections to the network listeners of the container.

...

 R-94525

...

...

CON-LOG-REQ-6

...

The container and container application MUST log the addition and deletion of files in the container.


Proposed Required Metadata for Security Events

IDDescriptionReference
CON-LOG-REQ-7The container and container application MUST log the field “date/time” in the security audit logs. R-97445

CON-LOG-REQ-8

The container and container application MUST log the field “protocol” in the security audit logs.R-25547

CON-LOG-REQ-9

The container and container application MUST log the field “service or program used for access” in the security audit logs.R-06413

CON-LOG-REQ-10

The container and container application MUST log the field “success/failure” in the security audit logs. R-15325
CON-LOG-REQ-11The container and container application MUST log the field “Login ID” in the security audit logs. R-89474

CON-LOG-REQ-19

The container MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible to eliminate ambiguity owing to daylight savings time.R-629534














Best Practices and Risk Analysis for an Operator

...