...
| Time | TopicTop | Driver/Presenter | Description | ||||
|---|---|---|---|---|---|---|---|
| 28 November | |||||||
| 9:00 - 9:15 | Status of the Casablanca Priorities (SECCOM-82) | Amy | Review the Casablanca security achievements 18_11_28_ONAPCasablancaSecurityPrioritiesStatus.pptx | ||||
| 9:15 - 10:00 | Outline Dublin Security Priorities (SECCOM-73) | Stephen | Create the Dublin security priorities draft to review with seccom and present to the TSC 2018-11-14 Dublin Security - RequirementsV2.pptx | ||||
| 10:00 - 10:30 | Vulnerability Management Process Review (SECCOM-63) | Pawel/Robert | Updates to the vulnerability management process | ||||
| 10:30 -10:45 | Break | ||||||
| 10:45 11:15 | Silver CII Badging (SECCOM-79) | Amy | Determine the Silver requirements the projects need to focus on for Dublin and the requirements that are met by the overall ONAP processes 18_11_28_ONAPDublinCIISilverRequirements.pptx | ||||
| 11:15 - 12:00 | Relationship between vulnerability reviews and release gates (relates to security by design (SECCOM-75)) | Amy | Lessons learned from the Beijing and Casablanca reviews Enumerate the vulnerability mitigates tasks for each milestone and release candidate. This will help the projects schedule package upgrades, replacements, and the development of compensating controls early in the release cycle. 18_11_28_ONAPDublinVulnerabilityReviewsAndMilestones.pptx | ||||
| 12:00 - 1:00 | Lunch | ||||||
| 1:00 - 1:45 | Vulnerability handling clarifications (SECCOM-7488) | Amy | Create a simple workflow that will be used to explain the vulnerability remediation and documentation process to the PTLs 18_11_28_ONAPDublinVulnerabilityReviewsAndMilestones.pptx (see page 5) | ||||
| 1:45 - 2:30 | API Security (SECCOM-80) | Natacha | Review the ETSI API security recommendations and requirements name | ONAPseccom-API_security.pptxheight | 250 | | |
| 2:30 - 2:45 | break | ||||||
| 2:45 - 3:00 | Risk Assessment Review (SECCOM-81) | Pawel/Samuli | Review the findings from the risk assessments Discuss the questionnaire proposed by Robert to help identify risk in projects ONAP Beijing Security Assessment (DB & Kubernetes) 27-11-2018--ONAP-Beijing-Security-Assessment.pptx ONAP Beijing CIS Benchmark for K8S test: CIS_Kubernetes_1.1.xlsx Risk Assessment table (still under development and not yet mature): ONAP Risk Assessment table v 0 8.xlsx | ||||
| 3:00 - 4:00 | Risk Assessment Overall Plan. Also in (SECCOM-81) | Pawel/Samuli | Define the scope of the risk assessment and the plan to complete the assessment Focus on some selected areas of risk | ||||
| 4:00-4:15 | Break | ||||||
| 4:15 -5:00 | wrap up | ||||||
| 29 November | |||||||
| 9:00 - 10:00 1hr | ONAP Communication Security Requirements | Pawel | Review communication security between ONAP components and ensure that the transactions exchange between the different components are secure (Authentication, Authorization, Confidentiality) | ||||
| 10:00 - 10:30 | Security by design (SECCOM-75) | TBDStephen | What guidelines are required to projects and the milestones to place security first and foremost.
| ||||
| 10:30-10:45 | Break | ||||||
| 10:45-11:15 | Security Guidelines (SECCOM-93) | Zygmunt | Develop a plan to document the security of ONAP | ||||
| 11:15-12:30 | Discussion and Review Action Items | Amy | Review the meeting; assign action items | ||||
| 12:30-1:30 | Lunch | ||||||
| 1:30-4:00 | Backup if needed | Additional discussions among participants still available |
...