NVIDIA/ISV-NCP-Validation-Suite v0.7.0
NVIDIA/ISV-NCP-Validation-Suite
Captured source
source ↗published May 15, 2026seen 5dcaptured 8hhttp 200method plain
M5 Release
Repository: NVIDIA/ISV-NCP-Validation-Suite
Tag: v0.7.0
Published: 2026-05-15T19:32:20Z
Prerelease: yes
Release notes:
M5'26 - Q2'26
attestation
audit-logging
- Issue #299: SEC08-01: Perform a management API call; verify an audit log entry is generated with correct metadata
- Issue #300: SEC08-02: Verify audit logs are retained for at least 30 days
authentication
- Issue #293: SEC01-01: Verify user authentication via OIDC for platform services
- Issue #294: SEC02-01: Verify workloads and nodes receive short-lived credentials/tokens
- Issue #295: SEC03-01: Verify out-of-cluster service accounts can authenticate with long-lived credentials
- Issue #298: SEC07-01: Verify all administrative interfaces (UI, CLI, API) are protected by Multi-Factor Authentication
authorization
backend-switch-fabric-api
- Issue #278: NET01-01: Query the API for a compute node and verify it returns backend switch IDs (leaf, spine, core)
block-storage-services
Compute Services: BMaaS
- Issue #250: BMAAS-XX-07: Check for any per-host status log over time.
- Issue #258: CNP06-02: Verify that serial console output is logged and queryable for at least 1 month of history
Compute Services: VMaaS
- Issue #256: CNP01-16: Verify console access is restricted via RBAC
- Issue #257: CNP01-17: Verify USB, clipboard, and unnecessary virtual devices are disabled
hardware-security-compliance
- Issue #303: SEC09-03: Verify a centralized KMS is used for all encryption keys and secrets
- Issue #304: SEC09-04: Verify support for Customer Managed Keys (BYOK)
kubernetes-control-plane
- Issue #269: K8S06-01: Create a K8s node pool via API/CLI specifying node type (CPU or GPU instance type)
- Issue #270: K8S06-02: Update a K8s node pool (e.g., scale to a target count)
- Issue #271: K8S15-01: Verify the K8s API endpoint has network access controls (firewall/private link)
- Issue #273: K8S23-04: Verify CSI supports block, shared filesystem, and NFS storage
- Issue #274: K8S23-05: Verify CSI supports both static and dynamic provisioning via PVs and PVCs
- Issue #275: K8S23-06: Verify CSI credentials are tenant cluster scoped (no cross-cluster access)
- Issue #276: K8S23-07: Verify APIs to query storage usage against overall cluster quota with per-PVC/Volume breakdown
- Issue #301: SEC09-01: Verify certificates are rotated on a 60-day cycle
- Issue #302: SEC09-02: Verify support for both provider-managed and customer-managed keys
network-security
- Issue #260: CNP10-01: Verify IPMI is disabled; Redfish over TLS is used with AAA
- Issue #305: SEC11-01: Verify hard physical or logical isolation between tenants for network, data, compute, and storage resources
- Issue #306: SEC12-01: Verify BMC management is on a dedicated, restricted network (physically separate or VLAN/VRF-isolated)
- Issue #307: SEC12-02: Verify BMC interfaces are not reachable from tenant networks
- Issue #308: SEC12-03: Verify BMC is only accessible via a hardened bastion (jumphost) server; direct public/corporate network access is blocked
- Issue #311: SEC14-01: Verify no public internet access to API endpoints by default
nvlink-domain-api
sdn-controller
- Issue #281: SDN02-05: Verify security group rules can be scoped at workload level
- Issue #282: SDN02-06: Verify security group rules can be scoped at node level
- Issue #283: SDN02-07: Verify security group rules can be scoped at subnet/tenant level
- Issue #285: SDN02-09: Verify security group rules can be scoped at K8s API service level
- Issue #290: SDN09-01: Verify logging is available for network hardware faults
- Issue #291: [SDN09-02: Verify logging captures latency/performance…
Excerpt shown — open the source for the full document.
Notability
notability 3.0/10Routine release of niche validation tool by NVIDIA