Proposed Requirement: Security groups created by VNF heat templates to be used to protect VNF interfaces MUST be restricted to only the IP addresses and/or Ports necessary to implement the VNF functionality.

REVISED Proposed Requirement: Security groups created by VNF heat templates to be used to protect VNF interfaces MUST be restricted to only the IP addresses and/or Ports necessary to implement the VNF functionality, and for tools/management.

REVISED Proposed Requirement: The VNF MUST include a configuration, e.g., a heat template or CSAR package, specifying the limited set of ports over which the VNF will communicate (including internal, external and management communication).

 REVISED Proposed Requirement: The VNF MUST include a configuration, e.g., a heat template or CSAR package, that specifies the targetted parameters, e.g. a limited set of ports, over which the VNF will communicate (including internal, external and management communication).

Section: General Requirements

ID: R-842258