-
Bug
-
Resolution: Done
-
Medium
-
Casablanca Release
-
VNFRQTS Sprint 7
El Alto Release
Current Requirement: The VNF SHOULD provide the capability for the Operator to run security vulnerability scans of the operating system and all application layers. Scans include, but are not limited to, tests of operating system configurations and versions of installed software.
Proposed Requirement: The VNF SHOULD provide the capability to run security vulnerability scans of the operating system and application to identify all software components with known vulnerabilities (CVEs).
Casablanca Release
Current Requirement: The VNF SHOULD be scanned using both network scanning and application scanning security tools on all code, including underlying OS and related configuration. Scan reports shall be provided. Remediation roadmaps shall be made available for any findings.
Proposed Requirement: It SHOULD be possible to run security vulnerability scans of the operating system and application layers of the VNF.
Rationale: The original language is too prescriptive.
- relates to
-
VNFRQTS-456 Security Requirement for VNF Hardening and Monitoring Functionality
- In Progress