M3 Checklist Updates

Amy Zwarico

On the 2019-09-17 SECCOM call we discussed updates to the M3 checklist for CII badging requirements. Two other additions to the checklist were suggested.

·         Require projects to enable authentication on all interfaces

·         Require projects to implement hardening features – SECCOM will provide a list of the hardening requirements

I have added the three new questions to the M3 checklist on the ONAP security recommendation development page. The new entries are highlighted in blue.


Pawel Baniewski has agreed to provide a list of hardening features, and Jonathan Gathman sent out requirements for hardening access to databases.


Please provide feedback for the three new requirements.


​​​​​Amy Zwarico, LMTS

Chief Security Office / Emerging Services Security

AT&T Services

(205) 613-1667


"This e-mail and any files transmitted with it are the property of AT&T,  and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your electronic device. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."


Join onap-seccom@lists.onap.org to automatically receive all group messages.