The pen test finding 3.1 identifies 60 ONAP interfaces in which HTTPS has not been enabled. All projects must enable HTTPS on all interfaces in the Dublin release. Secure communication on all ONAP interfaces has been an ONAP requirement since the Beijing release.

1. Jim Baker zwarico will post the table in 3.1 on the wiki and notify the PTLs (Casablanca HTTP Interfaces: https://wiki.onap.org/display/SV/Casablanca+HTTP+Interfaces)
2. This finding will be presented at the 3/18 PTL call (Jim)
3. PTLs must open Jira tickets to enable encryption on their unprotected interfaces
4. Testing that all interfaces are exposed over HTTPS will be performed in integration testing
   • Krzysztof to inform Integration team of tool used to test
   • SECCOM will ensure that the Integration team plans for the test