You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
Approved Blueprints
| Project Name | Vuls Scan | Lynis Scan | Kube-Hunter Scan |
---|
1 | 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint |
|
|
|
2 | AI/ML and AR/VR applications at Edge |
|
|
|
3 | Connected Vehicle Blueprint |
|
|
|
4 | Edge Video Processing |
|
|
|
5 | ELIOT: Edge Lightweight and IoT Blueprint Family |
|
|
|
6 | |
|
|
|
7 | |
|
|
|
8 | |
| - Performing test ID AUTH-9229 (Check password hashing methods) ## Not possible, will impact SHA_MIN_CRYPT_ROUNDS test. Currently using maximum security hashing method SHA512
- Performing test ID USB-2000 (Check USB authorizations) ## N/A: Using cloud VMs, no baremetal involved.
- Performing test ID USB-3000 (Check for presence of USBGuard) ## N/A: Using cloud VMs, no baremetal involved.
- Test: Checking MaxSessions ## Max session set to 4, this is the bare minimum level that can be used.
- Test: Checking Port ## Can't change during testing, BluVal requires SSH to be tcp/22. This port should be changed after testing, but prior to production.
The following exceptions must be fixed prior to maturity review: - sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0
- sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16
- sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0
- sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1)
- sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0)
- sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0)
- sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1)
- sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
- sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
9 | Network Cloud and TF Integration Project |
|
|
|
10 | Integrated Cloud Native NFV/App stack family (Short term: ICN) |
|
|
|
11 | Integrated Edge Cloud (IEC) Blueprint Family |
|
|
|
12 | |
|
|
|
13 | |
|
|
|
14 | |
|
|
|
15 | |
|
|
|
16 | |
|
|
|
17 | Kubernetes-Native Infrastructure (KNI) Blueprint Family |
|
|
|
18 | Micro-MEC |
|
|
|
19 | The AI Edge: School/Education Video Security Monitoring |
|
|
|
20 | Network Cloud Blueprint Family |
|
|
|
21 | StarlingX Far Edge Distributed Cloud |
|
|
|
22 | Telco Appliance Blueprint Family |
|
|
|
23 | |
|
|
|
24 | |
|
|
|
25 | The AI Edge Blueprint Family |
|
|
|
26 | Time-Critical Edge Compute |
|
|
|
27 | Public Cloud Edge Interface |
|
|
|
28 | Enterprise Applications on Lightweight 5G Telco Edge |
|
|
|
29 |
|
|
|
|
30 |
|
|
|
|
Approved Feature Projects
If the program uses only one programming language, in the “Repository” column, just fill in the repo location.
If a project uses multiple programming languages, please list all of them, add a link in "Repository" column for each programming language to show the sample code.