Page History

...

• ONAP API and data security conformance 
  • Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurationconfigurations
    • Does the component have AAF dependency? If so, describe the current dependency and a migration plan to remove the dependancy.
    • How does the component support authentication and authorization of its clients (User, APIs)?
  • Describe the component data protection
    
    • Data storage location/mechanism
    • Data protection plan, such as data at rest, access control, others
    • User sensitive data handling
• Describe the component / container hardening
  • Does the component use non-root-access only? Otherwise, describe the reasons and non-root-access plans
  • Does the component container require privilege access/right? If so, describe the reasons and migration plans
  • Is the component image signed digitally?
  • Does the component use the basic image to conform to the global requirement

    Jira
    server ONAP Jira serverId 425b2b0a-557c-3c0c-b515-579789cceedb key REQ-1073

  • Does the component follow the K8s hardening guide? e.g., from NSA, https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF 
• Describe the component logging conformance
  • Does the component conform to the Log field standards best practice,

    Jira
    server ONAP Jira serverId 425b2b0a-557c-3c0c-b515-579789cceedb key REQ-1072

    ? If not, please describe the reasons and support plans.
  • Does the component exclude user sensitive data from log? If not, please describe the reasons and support plans.
  • Does the component support the Logging destination STDOUT / STDERR conformance? If not, please describe the reasons and support plans.
• Documentation for the component security
  • Describe the component security architecture and conformance in the document.

...