I uploaded the Docker and Kubernetes CIS Benchmark documents to the Security Subcommittee Best Practices page on the wiki: https://wiki.onap.org/display/DW/Docker+and+Kubernetes+Security ​​​​​Amy Zwar

Canceling for ONS. Weekly meeting to work on revisions to the VNF security requirements.

Please provide all comments and votes by October 2.

Please review the following requirement and vote to accept or not. https://jira.onap.org/browse/VNFRQTS-457 https://jira.onap.org/browse/VNFRQTS-660 https://jira.onap.org/browse/VNFRQTS-661 https://ji

On the 2019-09-17 SECCOM call we discussed updates to the M3 checklist for CII badging requirements. Two other additions to the checklist were suggested. · Require projects to enable authentication on

We are cleaning up the SECCOM Jira. Please review the following tickets which have no owners and indicate whether you think that SECCOM should identify an owner to work on the ticket (+1) or close the

The VNF Security Requirements can be found in the ONAP readthedocs VNF Security Section. We have begun revising the VNF security requirements for logging, monitoring and alarming. The parent Jira for

Weekly meeting to work on revisions to the VNF security requirements. -- Do not delete or change any of the following text. -- Join Webex meeting Meeting number (access code): 730 447 021 Meeting pass

Please see the Recommended Versions deck at https://wiki.onap.org/download/attachments/48531500/2019-09-10%20ONAPSECCOM%20-%20RecommendedVersions.pptx?api=v2 for the non-vulnerable (or less vulnerable

+1

Linda Horn provided a status update for the VNF certificate requirements The review period is over Many have added +1 to the comments for VNFRQTS-687, VNFRQTS-688, VNFRQTS-689, VNFRQTS-690, VNFRQTS-69

oparent 2.1.0 is updated with the latest non-vulnerable versions of commonly used packages where such versions exist.

We spent most of the meeting discussing the requirements to allow an operator to harden the configuration of a VNF and to monitor (audit) that configuration. (VNFRTS-456). Three cases were enumerated.

Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the invitation to others in your organization who should participate.

We finished reviewing the CIS Docker Benchmark v1.2.0 and agreed to create VNF security requirements that point to the CIS Docker Benchmarks. I decided to create two requirements – one for the images

Minutes from the 8/8 meeting. Container Standards The new CIS Docker Benchmark (v1.2.0 - 07-29-2019) is posted on the SECCOM wiki: https://wiki.onap.org/display/DW/VNF+Security+Requirements+Update I s

I am cancelling because there is a holiday in several European countries. Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forw

-- Do not delete or change any of the following text. -- Join Webex meeting Meeting number (access code): 738 777 659 Meeting password: pNjiik@2 Join from a video system or application Dial 738777659@

I am cancelling today because I have mandatory all day training. Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the i

I am cancelling today because I have mandatory all day training. Scheduling a series of recurring meetings to refresh the VNF security requirements as part of the El Alto release. Please forward the i