Recommendation ITU-T X.1047 (10/2021) Security requirements and architecture for network slice management and orchestration
Summary
History
FOREWORD
Table of Contents
Introduction
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Introduction of network slice management and orchestration
7 Security requirements for network slice management and orchestration
     7.1 Security requirements for NS management and orchestration
          7.1.1 Security requirements for the creation of a network slice instance
          7.1.2 Security requirements for the operation of a network slice instance
     7.2 Security requirements for NSS management and orchestration
          7.2.1 Security requirements for the creation of a network slice subnet instance
          7.2.2 Security requirements for the operation of a network slice subnet instance
     7.3 Security requirements for service-based interfaces for the logical functions
     7.4 Security requirements for an interface between NSS management and orchestration and NFV-MANO/NFM/TNC
8 Security reference architecture for a network slice management and orchestration
     8.1 Security capabilities of a network slice (NS) management and orchestration
     8.2 Security capabilities of NSS management and orchestration
     8.3 Security capabilities of service-based interfaces for logical functions
     8.4 Security capabilities of an interface between NSS management and orchestration and NFV-MANO/NFM/TNC
9 Automation and assurance of end-to-end network slice with customized security capabilities
     9.1 End-to-end network slice isolated with fine-grained slice isolation policy
          9.1.1 Fine-grained end-to-end network slice isolation planned or orchestrated during network slice instance creation
          9.1.2 Fine-grained end-to-end network slice isolation monitored during network slice instance running
     9.2 End-to-end network slice with prevention from network attacks at the edge of NSS domains
          9.2.1 Network attacks prevention at the edge of NSS domains planned/orchestrated during the network slice instance creation
          9.2.2 Network attacks prevention at edge, enforced and monitored during network slice instance running
          9.2.3 Creating a separate security NSS instance at the edge of NSS domains
10 Tamper-proof and access-controlled network slice management data
     10.1 Tamper-proof network slice management data in transit
     10.2 Tamper-proof network slice management data at rest
     10.3 Access control for network slice management data in use
Annex A  Security threats to network slice management and orchestration
     A.1 Security threats to the logical functions of NS&NSS management and orchestration
     A.2 Security threats to service-based interfaces for the logical functions of NS&NSS management and orchestration
     A.3 Security threats to the interface between the NSS management and orchestration and the NFV-MANO/NFM/TNC
Annex B  Capabilities of logical functions at network function virtualization layer to support the network slice management and orchestration
     B.1 General capabilities of logical functions at the network function virtualization layer
     B.2 Security requirements for the logical functions at the network function virtualization layer
     B.3 Security capabilities of the logical functions at the network function virtualization layer
     B.4 Isolation capabilities of the logical functions at the network function virtualization layer
     B.5 Information element of a network service/PNF/VNF related to the network resource isolation policy
Annex C  Capabilities of logical functions at the transport network layer to support network slice management and orchestration
     C.1 Security capabilities of the logical functions at the transport network layer
     C.2 Isolation capabilities of the logical functions at the transport network layer
     C.3 Mapping between slice isolation policy in the TN NSS layer and data forward policy in the transport network layer
Annex D   DLT-based mechanisms on making network slice management data tamper-proof and traceable
     D.1 DLT-based data model for network slice management data
     D.2 DLT-based data storage for the attributes of the network slice management data
     D.3 DLT-based network slice management data storage and access
Bibliography
<\pre>