iPage Status:

Component Status:

Last Reviewed on:

Certified by:

1. High Level Component Definition and Architectural Relationships (template)

2. Component API definitions

Template Component provides the following interfaces:

Note:   xxxI interface is a internal interface.  xxxxE interface is a external interface

Template Component consumes the following Interfaces:

3. Component Description:

A more detailed figure and description of the component.

<< link to project-specific description elsewhere >>

4. Component Deployment Architecture

Should reference the deployment section in the component description template

5. New Release Capabilities

<< list the new capabilities that were introduced in this release, or a hot-link to the key features. New sub-chapter per release, as per a release notes document >> 

6. Security Conformance 

• ONAP Component API and data security conformance 
  • Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurations
    • Does the component have AAF dependencies? If so, describe the current dependencies and a migration plan to remove the dependancies
    • How does the component support authentication and authorization of its clients (Humans, other applications)?
  • Describe the component data protection
    
    • Data storage location/mechanism 
    • Data protection plan, such as data at rest, data-level access control, data in transit, others
    • User sensitive data handling (e.g., password)
• Describe the component / container hardening
  • The component must run as non-root-based users. Does the component use non-root-access only? Otherwise, describe the reasons and non-root-access support plans
  • Does the component container require privilege access/right? If so, describe the reasons and migration plans
  • Is the component image signed digitally for integrity? (TBD)
  • Does the component use the basic image to conform to the global requirement REQ-1073 - Getting issue details... STATUS
  • Does the component follow the K8s hardening guide? e.g., from NSA, https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF 
• Describe the component logging conformance
  • Does the component conform to the Log field standards best practice, REQ-1072 - Getting issue details... STATUS ? If not, please describe the reasons and support plans.
  • Does the component exclude user sensitive data (e.g., password, private key, other credentials) from logging? If not, please describe the reasons and support plans.
  • Does the component support the Logging destination STDOUT / STDERR conformance? If not, please describe the reasons and support plans.
• Documentation for the component security
  • Describe the component security architecture and conformance in the document.

• The project should fill out a ONAP Security Review Questionnaire Template and review it with SECCOM.

7. Document Changes

8. References

to any supporting docs that are not referenced in other templates