1 Requirements references related to OPNFV Audit
7 http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf
8 http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf
10 * ETSI GS NFV-SEC 003 V1.1.1 (2014-12)
12 - Network Functions Virtualisation NFV);
13 - NFV Security; Security and Trust Guidance
17 .. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
18 * ETSI GS NFV 004 V1.1.1 (2013-10)
20 - Network Functions Virtualisation (NFV);
21 - Virtualisation Requirements
24 .. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf
26 Requirements on Auditing framework
27 ----------------------------------
29 Audit records shall be maintained within protected binary logs so that the record of
30 malicious actions cannot be deleted from the logs.
32 Necessary auditable events
33 --------------------------
35 * access control management
37 - Adding a user account
38 - Modifying user account
39 - Deleting a user account
42 - IP whitelisting update
43 - IP blacklisting update
47 - The instantiation of a newly-defined VNFC
48 - The instantiation of a VNFC with pre-configured state
49 - The cloning of an existing VNFC
53 - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images)
57 - patching e.g. opreating system, drivers, VM components
58 - dynamic updates to the configuration e.g. DNS, DHCP
59 - application software updates
60 - software component updates
64 - Root level access to NFVI file system
65 - User level access to NFVI file system
66 - Secured wipe, disk and memory
67 - Verified destruction
68 - Certificate revocation
72 - VNFC original host identity
73 - VNFC target host identity
76 - data-in-motion changes
78 * Other VNFC Operational State Changes
80 - Hibernation, sleep, resumption, abort, restore, suspension
81 - Power-on and power-off (either physical or virtual)
82 - Integrity verification failure, crash and OS compromise
84 * VNFC Topology Changes
86 - Network IP address and VLAN updates
88 - Failover and disaster recovery
92 - enabling virtual port mirroring
93 - enabling hypervisor introspection
94 - enabling in-line traffic inspection
95 - application insertion
97 * initial provisioning of a public/private key pair
99 - Self-generation of key pairs for later validation by an external party:
101 - Certificate Authority
104 - Provision by trusted party
109 - Injection by hypervisor