| VNF Security Ref | Description | Notes |
| CNTT Relevant | Exists | CNTT Ref# | Current Description, if exists | Recommended Description (may be a modification of existing) |
---|
1 | R-04492 | The VNF MUST generate security audit logs that can be sent to Security Analytics Tools for analysis. |
|
|
|
|
|
|
|
2 | R-04982 | The VNF MUST NOT include an authentication credential, e.g., password, in the security audit logs, even if encrypted. |
|
|
|
|
|
|
|
3 | R-06413 | The VNF MUST log the field “service or program used for access” in the security audit logs. |
|
|
|
|
|
|
|
4 | R-07617 | The VNF MUST log success and unsuccessful creation, removal, or change to the inherent privilege level of users. |
|
|
|
|
|
|
|
5 | R-13344 | The VNF MUST log starting and stopping of security logging. |
|
|
|
|
|
|
|
6 | R-13627 | The VNF MUST monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. |
|
|
|
|
|
|
|
7 | R-15325 | The VNF MUST log the field “success/failure” in the security audit logs. |
|
|
|
|
|
|
|
8 | R-15884 | The VNF MUST include the field “date” in the Security alarms (where applicable and technically feasible). |
|
|
|
|
|
|
|
9 | R-22367 | The VNF MUST support detection of malformed packets due to software misconfiguration or software vulnerability, and generate an error to the syslog console facility. |
|
|
|
|
|
|
|
10 | R-23957 | The VNF MUST include the field “time” in the Security alarms (where applicable and technically feasible). |
|
|
|
|
|
|
|
11 | R-25547 | The VNF MUST log the field “protocol” in the security audit logs. |
|
|
|
|
|
|
|
12 | R-29705 | The VNF MUST restrict changing the criticality level of a system security alarm to users with administrative privileges. |
|
|
|
|
|
|
|
13 | R-303569 | The VNF MUST log the Source IP address in the security audit logs. |
|
|
|
|
|
|
|
14 | R-30932 | The VNF MUST log successful and unsuccessful access to VNF resources, including data. |
|
|
|
|
|
|
|
15 | R-31614 | The VNF MUST log the field “event type” in the security audit logs. |
|
|
|
|
|
|
|
16 | R-32636 | The VNF MUST support API-based monitoring to take care of the scenarios where the control interfaces are not exposed, or are optimized and proprietary in nature. |
|
|
|
|
|
|
|
17 | R-33488 | The VNF MUST protect against all denial of service attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools. |
|
|
|
|
|
|
|
18 | R-34552 | The VNF MUST be implemented so that it is not vulnerable to OWASP Top 10 web application security risks. |
|
|
|
|
|
|
|
19 | R-41252 | The VNF MUST support the capability of online storage of security audit logs. |
|
|
|
|
|
|
|
20 | R-41825 | The VNF MUST activate security alarms automatically when a configurable number of consecutive unsuccessful login attempts is reached. |
|
|
|
|
|
|
|
21 | R-43332 | The VNF MUST activate security alarms automatically when it detects the successful modification of a critical system or application file. |
|
|
|
|
|
|
|
22 | R-465236 | The VNF SHOULD provide the capability of maintaining the integrity of its static files using a cryptographic method. |
|
|
|
|
|
|
|
23 | R-48470 | The VNF MUST support Real-time detection and notification of security events. |
|
|
|
|
|
|
|
24 | R-54520 | The VNF MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege. |
|
|
|
|
|
|
|
25 | R-54816 | The VNF MUST support the storage of security audit logs for a configurable period of time. |
|
|
|
|
|
|
|
26 | R-55478 | The VNF MUST log logoffs. |
|
|
|
|
|
|
|
27 | R-56920 | The VNF MUST protect all security audit logs (including API, OS and application-generated logs), security audit software, data, and associated documentation from modification, or unauthorized viewing, by standard OS access control mechanisms, by sending to a remote system, or by encryption. |
|
|
|
|
|
|
|
28 | R-57617 | The VNF MUST include the field “success/failure” in the Security alarms (where applicable and technically feasible). |
|
|
|
|
|
|
|
29 | R-58370 | The VNF SHOULD operate with anti-virus software which produces alarms every time a virus is detected. |
|
|
|
|
|
|
|
30 | R-629534 | The VNF MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible, so as to eliminate ambiguity owing to daylight savings time. |
|
|
|
|
|
|
|
31 | R-63330 | The VNF MUST detect when its security audit log storage medium is approaching capacity (configurable) and issue an alarm. |
|
|
|
|
|
|
|
32 | R-703767 | The VNF MUST have the capability to securely transmit the security logs and security events to a remote system before they are purged from the system. |
|
|
|
|
|
|
|
33 | R-71842 | The VNF MUST include the field “service or program used for access” in the Security alarms (where applicable and technically feasible). |
|
|
|
|
|
|
|
34 | R-73223 | The VNF MUST support proactive monitoring to detect and report the attacks on resources so that the VNFs and associated VMs can be isolated, such as detection techniques for resource exhaustion, namely OS resource attacks, CPU attacks, consumption of kernel memory, local storage attacks. |
|
|
|
|
|
|
|
35 | R-74958 | The VNF MUST activate security alarms automatically when it detects an unsuccessful attempt to gain permissions or assume the identity of another user. |
|
|
|
|
|
|
|
36 | R-84160 | The VNF MUST have security logging for VNFs and their OSs be active from initialization. Audit logging includes automatic routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. |
|
|
|
|
|
|
|
37 | R-859208 | The VNF MUST log automated remote activities performed with elevated privileges |
|
|
|
|
|
|
|
38 | R-89474 | The VNF MUST log the field “Login ID” in the security audit logs. |
|
|
|
|
|
|
|
39 | R-94525 | The VNF MUST log connections to the network listeners of the resource. |
|
|
|
|
|
|
|
40 | R-97445 | The VNF MUST log the field “date/time” in the security audit logs. |
|
|
|
|
|
|
|
41 | R-99730 | The VNF MUST include the field “Login ID” in the Security alarms (where applicable and technically feasible). |
|
|
|
|
|
|
|