1 Requirements references related to OPNFV Audit
7 http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf
8 http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf
10 * ETSI GS NFV-SEC 003 V1.1.1 (2014-12)
12 - Network Functions Virtualisation NFV);
13 - NFV Security; Security and Trust Guidance
17 .. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
19 * ETSI GS NFV 004 V1.1.1 (2013-10)
21 - Network Functions Virtualisation (NFV);
22 - Virtualisation Requirements
25 .. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf
27 Requirements on Auditing framework
28 ----------------------------------
30 Audit records shall be maintained within protected binary logs so that the record of
31 malicious actions cannot be deleted from the logs.
33 Necessary auditable events
34 --------------------------
36 * access control management
38 - Adding a user account
39 - Modifying user account
40 - Deleting a user account
43 - IP whitelisting update
44 - IP blacklisting update
48 - The instantiation of a newly-defined VNFC
49 - The instantiation of a VNFC with pre-configured state
50 - The cloning of an existing VNFC
54 - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images)
58 - patching e.g. opreating system, drivers, VM components
59 - dynamic updates to the configuration e.g. DNS, DHCP
60 - application software updates
61 - software component updates
65 - Root level access to NFVI file system
66 - User level access to NFVI file system
67 - Secured wipe, disk and memory
68 - Verified destruction
69 - Certificate revocation
73 - VNFC original host identity
74 - VNFC target host identity
77 - data-in-motion changes
79 * Other VNFC Operational State Changes
81 - Hibernation, sleep, resumption, abort, restore, suspension
82 - Power-on and power-off (either physical or virtual)
83 - Integrity verification failure, crash and OS compromise
85 * VNFC Topology Changes
87 - Network IP address and VLAN updates
89 - Failover and disaster recovery
93 - enabling virtual port mirroring
94 - enabling hypervisor introspection
95 - enabling in-line traffic inspection
96 - application insertion
98 * initial provisioning of a public/private key pair
100 - Self-generation of key pairs for later validation by an external party:
102 - Certificate Authority
105 - Provision by trusted party
110 - Injection by hypervisor