--- /dev/null
+Requirements references related to OPNFV Audit
+
+------------------
+Source information
+------------------
+
+http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf
+http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf
+
+* ETSI GS NFV-SEC 003 V1.1.1 (2014-12)
+
+ - Network Functions Virtualisation NFV);
+ - NFV Security; Security and Trust Guidance
+ - NFV-SEC-003_.
+
+
+.. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
+* ETSI GS NFV 004 V1.1.1 (2013-10)
+
+ - Network Functions Virtualisation (NFV);
+ - Virtualisation Requirements
+ - NFV-SEC-004_.
+
+.. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf
+
+Requirements on Auditing framework
+----------------------------------
+
+Audit records shall be maintained within protected binary logs so that the record of
+malicious actions cannot be deleted from the logs.
+
+Necessary auditable events
+--------------------------
+
+* access control management
+
+ - Adding a user account
+ - Modifying user account
+ - Deleting a user account
+ - login event
+ - logout event
+ - IP whitelisting update
+ - IP blacklisting update
+
+* VNFC Creation
+
+ - The instantiation of a newly-defined VNFC
+ - The instantiation of a VNFC with pre-configured state
+ - The cloning of an existing VNFC
+
+* VNFC Deletion
+
+ - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images)
+
+* Software management
+
+ - patching e.g. opreating system, drivers, VM components
+ - dynamic updates to the configuration e.g. DNS, DHCP
+ - application software updates
+ - software component updates
+
+* Data management
+
+ - Root level access to NFVI file system
+ - User level access to NFVI file system
+ - Secured wipe, disk and memory
+ - Verified destruction
+ - Certificate revocation
+
+* VNFC Migration
+
+ - VNFC original host identity
+ - VNFC target host identity
+ - high availability
+ - recovery
+ - data-in-motion changes
+
+* Other VNFC Operational State Changes
+
+ - Hibernation, sleep, resumption, abort, restore, suspension
+ - Power-on and power-off (either physical or virtual)
+ - Integrity verification failure, crash and OS compromise
+
+* VNFC Topology Changes
+
+ - Network IP address and VLAN updates
+ - Service chaining
+ - Failover and disaster recovery
+
+* traffic inspection
+
+ - enabling virtual port mirroring
+ - enabling hypervisor introspection
+ - enabling in-line traffic inspection
+ - application insertion
+
+* initial provisioning of a public/private key pair
+
+ - Self-generation of key pairs for later validation by an external party:
+
+ - Certificate Authority
+ - VNFM
+
+ - Provision by trusted party
+
+ - network
+ - storage
+
+ - Injection by hypervisor
+