Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Level Definitions

    • Project-level requirements

      • Level 0: None
      • Level 1: CII Passing badge
        • Including no critical and high known vulnerabilities > 60 days old
      • Level 2: CII Silver badge, plus:
        • All internal/external system communications shall be able to be encrypted.
        • All internal/external service calls shall have common role-based access control and authorization using CADI framework.
      • Level 3: CII Gold badge 

      ONAP Platform-level requirements per release 

      • Level 1: 70 % of the projects passing the level 1 
        • with the non-passing projects reaching 80% passing level
        • Non-passing projects MUST pass specific cryptography criteria outlined by the Security Subcommittee*
      • Level 2: 70 % of the projects passing silver 
        • with non-silver projects:
          •  completed passing level and 80% towards silver level
          • internal/external system communications shall be able to be encrypted
      • Level 3: 70% of the projects passing gold 
        • with non-gold projects achieving silver level and achieving 80% towards gold level
      • Level 4: 100 % passing gold.

...

  • Platform Level 2
  • Additional recommendations: 
    • All projects SHOULD migrate from the Jackson Data Processor packages to the GSON packages unless the Jackson dependency is inherited from an outside project such as ODL.
    • All projects SHOULD provide the ability to turn on and turn off Secure communication. Secure communication is on by default.

Guidance for Implementation

  • Refer to the Security Subcommittee

Contacts

  • Refer to the Security Subcommittee

...