From ec7fc279a5ccfaddd0bfe129e653d2d250c43de7 Mon Sep 17 00:00:00 2001
From: Julien Perrochet <julien.perrochet@orbitalize.com>
Date: Tue, 20 Feb 2024 14:40:12 +0100
Subject: [PATCH] DSS02120,A2-7-2,7

---
 monitoring/monitorlib/mutate/scd.py           |  53 +-
 monitoring/prober/infrastructure.py           |   2 +-
 .../astm/f3548/v21/subscription_params.py     |  28 +
 .../scenarios/astm/utm/dss/__init__.py        |   1 +
 .../astm/utm/dss/authentication_validation.md | 164 +++++
 .../astm/utm/dss/authentication_validation.py | 677 ++++++++++++++++++
 .../suites/astm/utm/dss_probing.md            |  22 +-
 .../suites/astm/utm/dss_probing.yaml          |   6 +
 .../uss_qualifier/suites/astm/utm/f3548_21.md |  13 +-
 .../suites/faa/uft/message_signing.md         |  13 +-
 .../suites/interuss/dss/all_tests.md          |  13 +-
 .../suites/uspace/flight_auth.md              |  13 +-
 .../suites/uspace/required_services.md        |  13 +-
 13 files changed, 976 insertions(+), 42 deletions(-)
 create mode 100644 monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.md
 create mode 100644 monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.py

diff --git a/monitoring/monitorlib/mutate/scd.py b/monitoring/monitorlib/mutate/scd.py
index 40c1e67eea..3543fe2c58 100644
--- a/monitoring/monitorlib/mutate/scd.py
+++ b/monitoring/monitorlib/mutate/scd.py
@@ -4,7 +4,12 @@
 import s2sphere
 import yaml
 from implicitdict import ImplicitDict
-from uas_standards.astm.f3548.v21.api import OPERATIONS, OperationID, Subscription
+from uas_standards.astm.f3548.v21.api import (
+    OPERATIONS,
+    OperationID,
+    Subscription,
+    PutSubscriptionParameters,
+)
 from yaml.representer import Representer
 
 from monitoring.monitorlib import fetch
@@ -74,18 +79,16 @@ def upsert_subscription(
         path = op.path.format(subscriptionid=subscription_id, version=version)
         query_type = QueryType.F3548v21DSSUpdateSubscription
 
-    body = {
-        "extents": Volume4D.from_values(
-            start_time,
-            end_time,
-            min_alt_m,
-            max_alt_m,
-            polygon=Polygon.from_latlng_rect(latlngrect=area),
-        ).to_f3548v21(),
-        "uss_base_url": base_url,
-        "notify_for_operational_intents": notify_for_op_intents,
-        "notify_for_constraints": notify_for_constraints,
-    }
+    body = build_upsert_subscription_params(
+        area_vertices=area,
+        start_time=start_time,
+        end_time=end_time,
+        base_url=base_url,
+        notify_for_op_intents=notify_for_op_intents,
+        notify_for_constraints=notify_for_constraints,
+        min_alt_m=min_alt_m,
+        max_alt_m=max_alt_m,
+    )
 
     result = MutatedSubscription(
         fetch.query_and_describe(
@@ -102,6 +105,30 @@ def upsert_subscription(
     return result
 
 
+def build_upsert_subscription_params(
+    area_vertices: s2sphere.LatLngRect,
+    start_time: datetime.datetime,
+    end_time: datetime.datetime,
+    base_url: str,
+    notify_for_op_intents: bool,
+    notify_for_constraints: bool,
+    min_alt_m: float,
+    max_alt_m: float,
+) -> PutSubscriptionParameters:
+    return PutSubscriptionParameters(
+        extents=Volume4D.from_values(
+            start_time,
+            end_time,
+            min_alt_m,
+            max_alt_m,
+            polygon=Polygon.from_latlng_rect(latlngrect=area_vertices),
+        ).to_f3548v21(),
+        uss_base_url=base_url,
+        notify_for_operational_intents=notify_for_op_intents,
+        notify_for_constraints=notify_for_constraints,
+    )
+
+
 def delete_subscription(
     utm_client: infrastructure.UTMClientSession,
     subscription_id: str,
diff --git a/monitoring/prober/infrastructure.py b/monitoring/prober/infrastructure.py
index 3feb7eac51..95e3aac299 100644
--- a/monitoring/prober/infrastructure.py
+++ b/monitoring/prober/infrastructure.py
@@ -100,7 +100,7 @@ def wrapper_default_scope(*args, **kwargs):
 resource_type_code_descriptions: Dict[ResourceType, str] = {}
 
 
-# Next code: 379
+# Next code: 381
 def register_resource_type(code: int, description: str) -> ResourceType:
     """Register that the specified code refers to the described resource.
 
diff --git a/monitoring/uss_qualifier/resources/astm/f3548/v21/subscription_params.py b/monitoring/uss_qualifier/resources/astm/f3548/v21/subscription_params.py
index b230563688..f02485d706 100644
--- a/monitoring/uss_qualifier/resources/astm/f3548/v21/subscription_params.py
+++ b/monitoring/uss_qualifier/resources/astm/f3548/v21/subscription_params.py
@@ -1,9 +1,12 @@
 import datetime
 from typing import List, Optional, Self
 
+import s2sphere
 from implicitdict import ImplicitDict
+from uas_standards.astm.f3548.v21.api import PutSubscriptionParameters
 
 from monitoring.monitorlib.geo import LatLngPoint
+from monitoring.monitorlib.mutate import scd as mutate
 
 
 class SubscriptionParams(ImplicitDict):
@@ -44,3 +47,28 @@ class SubscriptionParams(ImplicitDict):
 
     def copy(self) -> Self:
         return SubscriptionParams(super().copy())
+
+    def to_upsert_subscription_params(
+        self, area: s2sphere.LatLngRect
+    ) -> PutSubscriptionParameters:
+        """
+        Prepares the subscription parameters to be used in the body of an HTTP request
+        to create or update a subscription on the DSS in the SCD context.
+
+        Args:
+            area: area to include in the subscription parameters
+
+        Returns:
+            A dict to be passed as the request body when calling the subscription creation or update API.
+
+        """
+        return mutate.build_upsert_subscription_params(
+            area_vertices=area,
+            start_time=self.start_time,
+            end_time=self.end_time,
+            base_url=self.base_url,
+            notify_for_op_intents=self.notify_for_op_intents,
+            notify_for_constraints=self.notify_for_constraints,
+            min_alt_m=self.min_alt_m,
+            max_alt_m=self.max_alt_m,
+        )
diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/utm/dss/__init__.py
index 6246292e11..1426afb9e3 100644
--- a/monitoring/uss_qualifier/scenarios/astm/utm/dss/__init__.py
+++ b/monitoring/uss_qualifier/scenarios/astm/utm/dss/__init__.py
@@ -1,2 +1,3 @@
 from .subscription_validation import SubscriptionValidation
 from .subscription_simple import SubscriptionSimple
+from .authentication_validation import AuthenticationValidation
diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.md b/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.md
new file mode 100644
index 0000000000..079ae108ad
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.md
@@ -0,0 +1,164 @@
+# ASTM SCD DSS: Interfaces authentication test scenario
+
+## Overview
+
+Ensures that a DSS properly authenticates requests to all its endpoints.
+
+Note that this does not cover authorization.
+
+## Resources
+
+### dss
+
+[`DSSInstanceResource`](../../../../resources/astm/f3548/v21/dss.py) to be tested in this scenario.
+
+### id_generator
+
+[`IDGeneratorResource`](../../../../resources/interuss/id_generator.py) providing the Subscription ID for this scenario.
+
+### planning_area
+
+[`PlanningAreaResource`](../../../../resources/astm/f3548/v21/planning_area.py) describes the 3D volume in which entities will be created.
+
+## Setup test case
+
+### [Ensure clean workspace test step](clean_workspace.md)
+
+This step ensures that no entity with the known test IDs exists in the DSS.
+
+## Endpoint authorization test case
+
+This test case ensures that the DSS properly authenticates requests to all its endpoints.
+
+### Subscription endpoints authentication test step
+
+#### 🛑 Unauthorized requests return the proper error message body check
+
+If the DSS under test does not return a proper error message body when an unauthorized request is received, it fails to properly implement the OpenAPI specification that is part of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create subscription with missing credentials check
+
+If the DSS under test allows the creation of a subscription without any credentials being presented, it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create subscription with invalid credentials check
+
+If the DSS under test allows the creation of a subscription with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create subscription with missing scope check
+
+If the DSS under test allows the creation of a subscription with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create subscription with incorrect scope check
+
+If the DSS under test allows the creation of a subscription with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create subscription with valid credentials check
+
+If the DSS does not allow the creation of a subscription when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get subscription with missing credentials check
+
+If the DSS under test allows the fetching of a subscription without any credentials being presented, it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get subscription with invalid credentials check
+
+If the DSS under test allows the fetching of a subscription with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get subscription with missing scope check
+
+If the DSS under test allows the fetching of a subscription with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get subscription with incorrect scope check
+
+If the DSS under test allows the fetching of a subscription with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get subscription with valid credentials check
+
+If the DSS does not allow fetching a subscription when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate subscription with missing credentials check
+
+If the DSS under test allows the mutation of a subscription without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate subscription with invalid credentials check
+
+If the DSS under test allows the mutation of a subscription with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate subscription with missing scope check
+
+If the DSS under test allows the mutation of a subscription with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate subscription with incorrect scope check
+
+If the DSS under test allows the mutation of a subscription with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate subscription with valid credentials check
+
+If the DSS does not allow the mutation of a subscription when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete subscription with missing credentials check
+
+If the DSS under test allows the deletion of a subscription without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete subscription with invalid credentials check
+
+If the DSS under test allows the deletion of a subscription with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete subscription with missing scope check
+
+If the DSS under test allows the deletion of a subscription with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete subscription with incorrect scope check
+
+If the DSS under test allows the deletion of a subscription with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete subscription with valid credentials check
+
+If the DSS does not allow the deletion of a subscription when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search subscriptions with missing credentials check
+
+If the DSS under test allows searching for subscriptions without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search subscriptions with invalid credentials check
+
+If the DSS under test allows searching for subscriptions with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search subscriptions with missing scope check
+
+If the DSS under test allows searching for subscriptions with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search subscriptions with incorrect scope check
+
+If the DSS under test allows searching for subscriptions with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search subscriptions with valid credentials check
+
+If the DSS does not allow searching for subscriptions when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,5](../../../../requirements/astm/f3548/v21.md)**.
+
+## [Cleanup](./clean_workspace.md)
+
+The cleanup phase of this test scenario removes the subscription with the known test ID if it has not been removed before.
diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.py b/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.py
new file mode 100644
index 0000000000..fefd1c1d60
--- /dev/null
+++ b/monitoring/uss_qualifier/scenarios/astm/utm/dss/authentication_validation.py
@@ -0,0 +1,677 @@
+from datetime import datetime, timedelta
+
+from uas_standards.astm.f3548.v21.api import (
+    OPERATIONS,
+    OperationID,
+    QuerySubscriptionParameters,
+)
+from uas_standards.astm.f3548.v21.constants import (
+    Scope,
+)
+
+from monitoring.monitorlib import fetch
+from monitoring.monitorlib.auth import InvalidTokenSignatureAuth
+from monitoring.monitorlib.fetch import QueryType
+from monitoring.monitorlib.geotemporal import Volume4D
+from monitoring.monitorlib.infrastructure import UTMClientSession
+from monitoring.monitorlib.mutate import scd as mutate
+from monitoring.monitorlib.mutate.scd import MutatedSubscription
+from monitoring.prober.infrastructure import register_resource_type
+from monitoring.uss_qualifier.resources.astm.f3548.v21.dss import DSSInstanceResource
+from monitoring.uss_qualifier.resources.astm.f3548.v21.planning_area import (
+    PlanningAreaResource,
+    PlanningAreaSpecification,
+)
+from monitoring.uss_qualifier.resources.astm.f3548.v21.subscription_params import (
+    SubscriptionParams,
+)
+from monitoring.uss_qualifier.resources.interuss.id_generator import IDGeneratorResource
+from monitoring.uss_qualifier.scenarios.astm.utm.dss import test_step_fragments
+from monitoring.uss_qualifier.scenarios.scenario import (
+    TestScenario,
+    PendingCheck,
+)
+from monitoring.uss_qualifier.suites.suite import ExecutionContext
+
+TIME_TOLERANCE_SEC = 1
+
+
+class AuthenticationValidation(TestScenario):
+    """
+    A scenario that verifies that the DSS properly authenticates requests to all its endpoints.
+
+    This scenario does not (yet) cover anything related to authorization: this first version
+    is intended to cover DSS0210,A2-7-2,7
+    """
+
+    SUB_TYPE = register_resource_type(380, "Subscription")
+
+    _sub_id: str
+    """Base identifier for the subscriptions that will be created"""
+
+    _planning_area: PlanningAreaSpecification
+
+    _planning_area_volume4d: Volume4D
+
+    _sub_params: SubscriptionParams
+
+    def __init__(
+        self,
+        dss: DSSInstanceResource,
+        id_generator: IDGeneratorResource,
+        planning_area: PlanningAreaResource,
+    ):
+        """
+        Args:
+            dss: dss to test
+            id_generator: will let us generate specific identifiers
+            planning_area: An Area to use for the tests. It should be an area for which the DSS is responsible,
+                 but has no other requirements.
+        """
+        super().__init__()
+        scopes = {Scope.StrategicCoordination: "create and delete subscriptions"}
+        # This is an UTMClientSession
+        self._dss = dss.get_instance(scopes)
+        self._pid = [self._dss.participant_id]
+        self._sub_id = id_generator.id_factory.make_id(self.SUB_TYPE)
+        self._planning_area = planning_area.specification
+
+        # Build a ready-to-use 4D volume with no specified time for searching
+        # the currently active subscriptions
+        self._planning_area_volume4d = Volume4D(
+            volume=self._planning_area.volume,
+        )
+
+        self._sub_params = self._planning_area.get_new_subscription_params(
+            subscription_id=self._sub_id,  # subscription ID will need to be overwritten
+            # Set this slightly in the past: we will update the subscriptions
+            # to a later value that still needs to be roughly 'now' without getting into the future
+            start_time=datetime.now().astimezone() - timedelta(seconds=10),
+            duration=timedelta(minutes=20),
+            # This is a planning area without constraint processing
+            notify_for_op_intents=True,
+            notify_for_constraints=False,
+        )
+
+        # Session that won't provide a token at all
+        self._no_auth_session = UTMClientSession(self._dss.base_url, auth_adapter=None)
+
+        # Session that should provide a well-formed token with a wrong signature
+        self._invalid_token_session = UTMClientSession(
+            self._dss.base_url, auth_adapter=InvalidTokenSignatureAuth()
+        )
+
+    def run(self, context: ExecutionContext):
+        self.begin_test_scenario(context)
+        self._setup_case()
+        self.begin_test_case("Endpoint authorization")
+
+        self.begin_test_step("Subscription endpoints authentication")
+        self._verify_subscription_endpoints_authentication()
+        self.end_test_step()
+
+        # TODO consider adding test cases for:
+        #  - valid credentials without the required scopes
+        self.end_test_case()
+        self.end_test_scenario()
+
+    def _setup_case(self):
+        self.begin_test_case("Setup")
+
+        self._ensure_clean_workspace_step()
+
+        self.end_test_case()
+
+    def _ensure_clean_workspace_step(self):
+        self.begin_test_step("Ensure clean workspace")
+        # Start by dropping any active sub
+        self._ensure_no_active_subs_exist()
+        # Check for subscriptions that will collide with our IDs and drop them
+        self._ensure_test_sub_ids_do_not_exist()
+        self.end_test_step()
+
+    def _ensure_test_sub_ids_do_not_exist(self):
+        test_step_fragments.cleanup_sub(self, self._dss, self._sub_id)
+
+    def _ensure_no_active_subs_exist(self):
+        test_step_fragments.cleanup_active_subs(
+            self,
+            self._dss,
+            self._planning_area_volume4d,
+        )
+
+    def _verify_error_response(self, q: fetch.Query):
+        """Verifies that the passed query response's body is a valid ErrorResponse:
+        it is either empty or contains a single 'message' field, as per the OpenAPI spec.
+        """
+        with self.check(
+            "Unauthorized requests return the proper error message body"
+        ) as check:
+            if len(q.response.json) == 0:
+                return
+            elif len(q.response.json) == 1 and "message" in q.response.json:
+                return
+            else:
+                check.record_failed(
+                    summary="Unexpected error response body",
+                    details=f"Response body for {q.request.method} query to {q.request.url} should be empty or contain a single 'message' field. Was: {q.response.json}",
+                    query_timestamps=[q.request.timestamp],
+                )
+
+    def _verify_subscription_endpoints_authentication(self):
+        self._verify_sub_creation()
+        self._verify_sub_get()
+        self._verify_sub_mutation()
+        self._verify_sub_deletion()
+        self._verify_search()
+
+    def _verify_sub_creation(self):
+        # Subscription creation request:
+        sub_params = dict(**self._sub_params)
+        op = OPERATIONS[OperationID.CreateSubscription]
+        del sub_params["sub_id"]
+        query_kwargs = dict(
+            verb=op.verb,
+            url=op.path.format(subscriptionid=self._sub_params.sub_id),
+            json=mutate.build_upsert_subscription_params(**sub_params),
+            query_type=QueryType.F3548v21DSSCreateSubscription,
+            participant_id=self._dss.participant_id,
+        )
+
+        # No auth:
+        no_auth_q = fetch.query_and_describe(
+            client=self._no_auth_session, **query_kwargs
+        )
+        self.record_query(no_auth_q)
+
+        with self.check("Create subscription with missing credentials") as check:
+            if no_auth_q.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {no_auth_q.status_code}",
+                    query_timestamps=[no_auth_q.request.timestamp],
+                )
+
+            self._sanity_check_not_created(check, no_auth_q)
+
+        self._verify_error_response(no_auth_q)
+
+        # Bad token signature:
+        invalid_token_q = fetch.query_and_describe(
+            client=self._invalid_token_session,
+            scope=Scope.StrategicCoordination,
+            **query_kwargs,
+        )
+        self.record_query(invalid_token_q)
+
+        with self.check("Create subscription with invalid credentials") as check:
+            if invalid_token_q.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {invalid_token_q.status_code}",
+                    query_timestamps=[invalid_token_q.request.timestamp],
+                )
+
+            self._sanity_check_not_created(check, invalid_token_q)
+
+        self._verify_error_response(invalid_token_q)
+
+        # Valid credentials but missing scope:
+        no_scope_q = fetch.query_and_describe(
+            client=self._dss.client,
+            **query_kwargs,
+        )
+
+        with self.check("Create subscription with missing scope") as check:
+            if no_scope_q.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {no_scope_q.status_code}",
+                    query_timestamps=[no_scope_q.request.timestamp],
+                )
+
+            self._sanity_check_not_created(check, no_scope_q)
+
+        # Valid credentials but wrong scope:
+        wrong_scope_q = fetch.query_and_describe(
+            client=self._dss.client,
+            scope=Scope.AvailabilityArbitration,  # This scope should not be allowed to create subscriptions
+            **query_kwargs,
+        )
+
+        with self.check("Create subscription with incorrect scope") as check:
+            if wrong_scope_q.status_code != 403:
+                check.record_failed(
+                    summary=f"Expected 403, got {wrong_scope_q.status_code}",
+                    details="With an incorrect scope, the DSS should return a 403 without any data.",
+                    query_timestamps=[wrong_scope_q.request.timestamp],
+                )
+
+            self._sanity_check_not_created(check, wrong_scope_q)
+
+        # Correct token:
+        #  - confirms that the request would otherwise work
+        #  - makes a subscription available for read/mutation tests
+        create_ok_q = fetch.query_and_describe(
+            client=self._dss.client, scope=Scope.StrategicCoordination, **query_kwargs
+        )
+        self.record_query(create_ok_q)
+
+        with self.check("Create subscription with valid credentials") as check:
+            if create_ok_q.status_code != 200:
+                check.record_failed(
+                    summary=f"Expected 200, got {create_ok_q.status_code}",
+                    query_timestamps=[create_ok_q.request.timestamp],
+                )
+
+        # Store the subscription
+        self._current_sub = MutatedSubscription(create_ok_q).subscription
+
+    def _verify_sub_get(self):
+        op = OPERATIONS[OperationID.GetSubscription]
+
+        query_kwargs = dict(
+            verb=op.verb,
+            url=op.path.format(subscriptionid=self._sub_params.sub_id),
+            query_type=QueryType.F3548v21DSSGetSubscription,
+            participant_id=self._dss.participant_id,
+        )
+
+        query_no_auth = fetch.query_and_describe(
+            client=self._no_auth_session, **query_kwargs
+        )
+        self.record_query(query_no_auth)
+
+        with self.check("Get subscription with missing credentials") as check:
+            if query_no_auth.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_no_auth.status_code}",
+                    query_timestamps=[query_no_auth.request.timestamp],
+                )
+
+        self._verify_error_response(query_no_auth)
+
+        query_invalid_token = fetch.query_and_describe(
+            client=self._invalid_token_session,
+            scope=Scope.StrategicCoordination,
+            **query_kwargs,
+        )
+        self.record_query(query_invalid_token)
+
+        with self.check("Get subscription with invalid credentials") as check:
+            if query_invalid_token.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_invalid_token.status_code}",
+                    query_timestamps=[query_invalid_token.request.timestamp],
+                )
+
+        self._verify_error_response(query_invalid_token)
+
+        query_ok = fetch.query_and_describe(
+            client=self._dss.client, scope=Scope.StrategicCoordination, **query_kwargs
+        )
+        self.record_query(query_ok)
+
+        with self.check("Get subscription with valid credentials") as check:
+            if query_ok.status_code != 200:
+                check.record_failed(
+                    summary=f"Expected 200, got {query_ok.status_code}",
+                    query_timestamps=[query_ok.request.timestamp],
+                )
+
+    def _verify_sub_mutation(self):
+        # Subscription creation request:
+        new_params = self._sub_params.copy()
+        new_params.end_time = new_params.end_time - timedelta(seconds=10)
+        pld_params = dict(**new_params)
+        op = OPERATIONS[OperationID.UpdateSubscription]
+        del pld_params["sub_id"]
+
+        query_kwargs = dict(
+            verb=op.verb,
+            url=op.path.format(
+                subscriptionid=self._sub_params.sub_id,
+                version=self._current_sub.version,
+            ),
+            json=mutate.build_upsert_subscription_params(**pld_params),
+            query_type=QueryType.F3548v21DSSCreateSubscription,
+            participant_id=self._dss.participant_id,
+        )
+
+        no_auth_q = fetch.query_and_describe(
+            client=self._no_auth_session, **query_kwargs
+        )
+        self.record_query(no_auth_q)
+
+        with self.check("Mutate subscription with missing credentials") as check:
+            if no_auth_q.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {no_auth_q.status_code}",
+                    query_timestamps=[no_auth_q.request.timestamp],
+                )
+            # Sanity check: confirm the subscription was not mutated by the faulty call:
+            self._sanity_check_not_mutated(check, no_auth_q)
+
+        self._verify_error_response(no_auth_q)
+
+        invalid_token_q = fetch.query_and_describe(
+            client=self._invalid_token_session,
+            scope=Scope.StrategicCoordination,
+            **query_kwargs,
+        )
+        self.record_query(invalid_token_q)
+
+        with self.check("Mutate subscription with invalid credentials") as check:
+            if invalid_token_q.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {invalid_token_q.status_code}",
+                    query_timestamps=[invalid_token_q.request.timestamp],
+                )
+            # Sanity check: confirm the subscription was not mutated by the faulty call:
+            self._sanity_check_not_mutated(check, invalid_token_q)
+
+        self._verify_error_response(invalid_token_q)
+
+        query_missing_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            **query_kwargs,
+        )
+        self.record_query(query_missing_scope)
+
+        with self.check("Mutate subscription with missing scope") as check:
+            if query_missing_scope.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_missing_scope.status_code}",
+                    details="Without the proper scope, the DSS should return a 401 without any data.",
+                    query_timestamps=[query_missing_scope.request.timestamp],
+                )
+            # Sanity check: confirm the subscription was not mutated by the faulty call:
+            self._sanity_check_not_mutated(check, query_missing_scope)
+
+        self._verify_error_response(query_missing_scope)
+
+        query_wrong_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            scope=Scope.AvailabilityArbitration,
+            **query_kwargs,
+        )
+
+        with self.check("Mutate subscription with incorrect scope") as check:
+            if query_wrong_scope.status_code != 403:
+                check.record_failed(
+                    summary=f"Expected 403, got {query_wrong_scope.status_code}",
+                    details="With an incorrect scope, the DSS should return a 403 without any data.",
+                    query_timestamps=[query_wrong_scope.request.timestamp],
+                )
+            # Sanity check: confirm the subscription was not mutated by the faulty call:
+            self._sanity_check_not_mutated(check, query_wrong_scope)
+
+        mutate_ok_q = fetch.query_and_describe(
+            client=self._dss.client, scope=Scope.StrategicCoordination, **query_kwargs
+        )
+        self.record_query(mutate_ok_q)
+
+        with self.check("Mutate subscription with valid credentials") as check:
+            if mutate_ok_q.status_code != 200:
+                check.record_failed(
+                    summary=f"Expected 200, got {mutate_ok_q.status_code}",
+                    query_timestamps=[mutate_ok_q.request.timestamp],
+                )
+
+        self._current_sub = MutatedSubscription(mutate_ok_q).subscription
+
+    def _verify_sub_deletion(self):
+        op = OPERATIONS[OperationID.DeleteSubscription]
+
+        query_kwargs = dict(
+            verb=op.verb,
+            url=op.path.format(
+                subscriptionid=self._sub_params.sub_id,
+                version=self._current_sub.version,
+            ),
+            query_type=QueryType.F3548v21DSSDeleteSubscription,
+            participant_id=self._dss.participant_id,
+        )
+
+        query_no_auth = fetch.query_and_describe(
+            client=self._no_auth_session, **query_kwargs
+        )
+        self.record_query(query_no_auth)
+
+        with self.check("Delete subscription with missing credentials") as check:
+            if query_no_auth.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_no_auth.status_code}",
+                    query_timestamps=[query_no_auth.request.timestamp],
+                )
+            # Sanity check
+            self._sanity_check_not_deleted(check, query_no_auth)
+
+        self._verify_error_response(query_no_auth)
+
+        query_invalid_token = fetch.query_and_describe(
+            client=self._invalid_token_session,
+            scope=Scope.StrategicCoordination,
+            **query_kwargs,
+        )
+        self.record_query(query_invalid_token)
+
+        with self.check("Delete subscription with invalid credentials") as check:
+            if query_invalid_token.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_invalid_token.status_code}",
+                    query_timestamps=[query_invalid_token.request.timestamp],
+                )
+            # Sanity check
+            self._sanity_check_not_deleted(check, query_invalid_token)
+
+        self._verify_error_response(query_invalid_token)
+
+        query_missing_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            **query_kwargs,
+        )
+        self.record_query(query_missing_scope)
+
+        with self.check("Delete subscription with missing scope") as check:
+            if query_missing_scope.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_missing_scope.status_code}",
+                    details="Without the proper scope, the DSS should return a 401 without any data.",
+                    query_timestamps=[query_missing_scope.request.timestamp],
+                )
+            # Sanity check
+            self._sanity_check_not_deleted(check, query_missing_scope)
+
+        self._verify_error_response(query_missing_scope)
+
+        query_wrong_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            scope=Scope.AvailabilityArbitration,
+            **query_kwargs,
+        )
+        self.record_query(query_wrong_scope)
+
+        with self.check("Delete subscription with incorrect scope") as check:
+            if query_wrong_scope.status_code != 403:
+                check.record_failed(
+                    summary=f"Expected 403, got {query_wrong_scope.status_code}",
+                    details="With an incorrect scope, the DSS should return a 403 without any data.",
+                    query_timestamps=[query_wrong_scope.request.timestamp],
+                )
+            # Sanity check
+            self._sanity_check_not_deleted(check, query_wrong_scope)
+
+        self._verify_error_response(query_wrong_scope)
+
+        query_ok = fetch.query_and_describe(
+            client=self._dss.client, scope=Scope.StrategicCoordination, **query_kwargs
+        )
+        self.record_query(query_ok)
+
+        with self.check("Delete subscription with valid credentials") as check:
+            if query_ok.status_code != 200:
+                check.record_failed(
+                    summary=f"Expected 200, got {query_ok.status_code}",
+                    query_timestamps=[query_ok.request.timestamp],
+                )
+
+        # Confirm the subscription was deleted
+        not_found = self._dss.get_subscription(self._sub_params.sub_id)
+        with self.check("Delete subscription with valid credentials") as check:
+            if not_found.status_code != 404:
+                check.record_failed(
+                    summary=f"Expected 404, got {not_found.status_code}",
+                    details="The subscription should have been deleted, as the deletion attempt was appropriately authenticated.",
+                    query_timestamps=[
+                        query_ok.request.timestamp,
+                        not_found.request.timestamp,
+                    ],
+                )
+
+    def _verify_search(self):
+        op = OPERATIONS[OperationID.QuerySubscriptions]
+
+        query_kwargs = dict(
+            verb=op.verb,
+            url=op.path,
+            query_type=QueryType.F3548v21DSSQuerySubscriptions,
+            json=QuerySubscriptionParameters(
+                area_of_interest=self._planning_area_volume4d
+            ),
+            participant_id=self._dss.participant_id,
+        )
+
+        query_no_auth = fetch.query_and_describe(
+            client=self._no_auth_session, **query_kwargs
+        )
+        self.record_query(query_no_auth)
+
+        with self.check("Search subscriptions with missing credentials") as check:
+            if query_no_auth.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_no_auth.status_code}",
+                    details="Without valid credentials, the DSS should return a 401 without any data.",
+                    query_timestamps=[query_no_auth.request.timestamp],
+                )
+
+        self._verify_error_response(query_no_auth)
+
+        query_invalid_token = fetch.query_and_describe(
+            client=self._invalid_token_session,
+            scope=Scope.StrategicCoordination,
+            **query_kwargs,
+        )
+        self.record_query(query_invalid_token)
+
+        with self.check("Search subscriptions with invalid credentials") as check:
+            if query_invalid_token.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_invalid_token.status_code}",
+                    details="Without valid credentials, the DSS should return a 401 without any data.",
+                    query_timestamps=[query_invalid_token.request.timestamp],
+                )
+
+        self._verify_error_response(query_invalid_token)
+
+        query_missing_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            **query_kwargs,
+        )
+        self.record_query(query_missing_scope)
+
+        with self.check("Search subscriptions with missing scope") as check:
+            if query_missing_scope.status_code != 401:
+                check.record_failed(
+                    summary=f"Expected 401, got {query_missing_scope.status_code}",
+                    details="Without the proper scope, the DSS should return a 401 without any data.",
+                    query_timestamps=[query_missing_scope.request.timestamp],
+                )
+
+        self._verify_error_response(query_missing_scope)
+
+        query_wrong_scope = fetch.query_and_describe(
+            client=self._dss.client,
+            scope=Scope.AvailabilityArbitration,
+            **query_kwargs,
+        )
+        self.record_query(query_wrong_scope)
+
+        with self.check("Search subscriptions with incorrect scope") as check:
+            if query_wrong_scope.status_code != 403:
+                check.record_failed(
+                    summary=f"Expected 403, got {query_wrong_scope.status_code}",
+                    details="With an incorrect scope, the DSS should return a 403 without any data.",
+                    query_timestamps=[query_wrong_scope.request.timestamp],
+                )
+
+        self._verify_error_response(query_wrong_scope)
+
+        query_ok = fetch.query_and_describe(
+            client=self._dss.client, scope=Scope.StrategicCoordination, **query_kwargs
+        )
+        self.record_query(query_ok)
+
+        with self.check("Search subscriptions with valid credentials") as check:
+            if query_ok.status_code != 200:
+                check.record_failed(
+                    summary=f"Expected 200, got {query_ok.status_code}",
+                    query_timestamps=[query_ok.request.timestamp],
+                )
+
+    def _sanity_check_not_created(self, check: PendingCheck, creation_q: fetch.Query):
+        sanity_check = self._dss.get_subscription(self._sub_params.sub_id)
+        self.record_query(sanity_check)
+        if sanity_check.status_code != 404:
+            check.record_failed(
+                summary=f"Subscription was created by an unauthorized request.",
+                details="The subscription should not have been created, as the creation attempt was not authenticated.",
+                query_timestamps=[
+                    creation_q.request.timestamp,
+                    sanity_check.request.timestamp,
+                ],
+            )
+        self._verify_error_response(sanity_check)
+
+    def _sanity_check_not_mutated(self, check: PendingCheck, mutation_q: fetch.Query):
+        sanity_check = self._dss.get_subscription(self._sub_params.sub_id)
+        self.record_query(sanity_check)
+        if (
+            abs(
+                sanity_check.subscription.time_end.value.datetime
+                - self._current_sub.time_end.value.datetime
+            ).total_seconds()
+            > TIME_TOLERANCE_SEC
+        ):
+            check.record_failed(
+                summary=f"Subscription was mutated by an unauthorized query.",
+                details="The subscription should not have been mutated, as the mutation attempt was not appropriately authenticated.",
+                query_timestamps=[
+                    mutation_q.request.timestamp,
+                    sanity_check.request.timestamp,
+                ],
+            )
+
+    def _sanity_check_not_deleted(self, check: PendingCheck, deletion_q: fetch.Query):
+        sanity_check = self._dss.get_subscription(self._sub_params.sub_id)
+        self.record_query(sanity_check)
+        if sanity_check.status_code == 404:
+            check.record_failed(
+                summary=f"Unauthorized request could delete the subscription.",
+                details="The subscription should not have been deleted, as the deletion attempt was not authenticated.",
+                query_timestamps=[
+                    deletion_q.request.timestamp,
+                    sanity_check.request.timestamp,
+                ],
+            )
+        elif sanity_check.status_code != 200:
+            check.record_failed(
+                summary=f"Expected 200, got {sanity_check.status_code}",
+                details="The subscription should not have been deleted, as the deletion attempt was not appropriately authenticated.",
+                query_timestamps=[
+                    deletion_q.request.timestamp,
+                    sanity_check.request.timestamp,
+                ],
+            )
+
+    def cleanup(self):
+        self.begin_cleanup()
+        self._ensure_test_sub_ids_do_not_exist()
+        self.end_cleanup()
diff --git a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md
index 8be2073a07..1fd165d82c 100644
--- a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md
+++ b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md
@@ -4,10 +4,11 @@
 
 ## [Actions](../../README.md#actions)
 
-1. Scenario: [ASTM SCD DSS: Subscription Simple](../../../scenarios/astm/utm/dss/subscription_simple.md) ([`scenarios.astm.utm.dss.SubscriptionSimple`](../../../scenarios/astm/utm/dss/subscription_simple.py))
-2. Scenario: [ASTM SCD DSS: Subscription Validation](../../../scenarios/astm/utm/dss/subscription_validation.md) ([`scenarios.astm.utm.dss.SubscriptionValidation`](../../../scenarios/astm/utm/dss/subscription_validation.py))
-3. Scenario: [ASTM F3548-21 UTM DSS Operational Intent Reference Access Control](../../../scenarios/astm/utm/op_intent_ref_access_control.md) ([`scenarios.astm.utm.OpIntentReferenceAccessControl`](../../../scenarios/astm/utm/op_intent_ref_access_control.py))
-4. Scenario: [ASTM F3548-21 UTM DSS interoperability](../../../scenarios/astm/utm/dss_interoperability.md) ([`scenarios.astm.utm.DSSInteroperability`](../../../scenarios/astm/utm/dss_interoperability.py))
+1. Scenario: [ASTM SCD DSS: Interfaces authentication](../../../scenarios/astm/utm/dss/authentication_validation.md) ([`scenarios.astm.utm.dss.AuthenticationValidation`](../../../scenarios/astm/utm/dss/authentication_validation.py))
+2. Scenario: [ASTM SCD DSS: Subscription Simple](../../../scenarios/astm/utm/dss/subscription_simple.md) ([`scenarios.astm.utm.dss.SubscriptionSimple`](../../../scenarios/astm/utm/dss/subscription_simple.py))
+3. Scenario: [ASTM SCD DSS: Subscription Validation](../../../scenarios/astm/utm/dss/subscription_validation.md) ([`scenarios.astm.utm.dss.SubscriptionValidation`](../../../scenarios/astm/utm/dss/subscription_validation.py))
+4. Scenario: [ASTM F3548-21 UTM DSS Operational Intent Reference Access Control](../../../scenarios/astm/utm/op_intent_ref_access_control.md) ([`scenarios.astm.utm.OpIntentReferenceAccessControl`](../../../scenarios/astm/utm/op_intent_ref_access_control.py))
+5. Scenario: [ASTM F3548-21 UTM DSS interoperability](../../../scenarios/astm/utm/dss_interoperability.md) ([`scenarios.astm.utm.DSSInteroperability`](../../../scenarios/astm/utm/dss_interoperability.py))
 
 ## [Checked requirements](../../README.md#checked-requirements)
 
@@ -19,26 +20,31 @@
     <th><a href="../../README.md#checked-in">Checked in</a></th>
   </tr>
   <tr>
-    <td rowspan="6" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="7" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0015</a></td>
     <td>Implemented</td>
     <td><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
+  <tr>
+    <td><a href="../../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>
diff --git a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.yaml
index dcf5c76b95..29e75c822f 100644
--- a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.yaml
+++ b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.yaml
@@ -8,6 +8,12 @@ resources:
   planning_area: resources.astm.f3548.v21.PlanningAreaResource
   problematically_big_area: resources.VerticesResource
 actions:
+  - test_scenario:
+      scenario_type: scenarios.astm.utm.dss.AuthenticationValidation
+      resources:
+        dss: dss
+        id_generator: id_generator
+        planning_area: planning_area
   - test_scenario:
       scenario_type: scenarios.astm.utm.dss.SubscriptionSimple
       resources:
diff --git a/monitoring/uss_qualifier/suites/astm/utm/f3548_21.md b/monitoring/uss_qualifier/suites/astm/utm/f3548_21.md
index c22d904d04..40849fd2d4 100644
--- a/monitoring/uss_qualifier/suites/astm/utm/f3548_21.md
+++ b/monitoring/uss_qualifier/suites/astm/utm/f3548_21.md
@@ -32,20 +32,20 @@
     <th><a href="../../README.md#checked-in">Checked in</a></th>
   </tr>
   <tr>
-    <td rowspan="30" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="31" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
+    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
+    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0015</a></td>
@@ -57,6 +57,11 @@
     <td>Implemented</td>
     <td><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
+  <tr>
+    <td><a href="../../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>
diff --git a/monitoring/uss_qualifier/suites/faa/uft/message_signing.md b/monitoring/uss_qualifier/suites/faa/uft/message_signing.md
index 3899352ff7..a126cc6678 100644
--- a/monitoring/uss_qualifier/suites/faa/uft/message_signing.md
+++ b/monitoring/uss_qualifier/suites/faa/uft/message_signing.md
@@ -18,20 +18,20 @@
     <th><a href="../../README.md#checked-in">Checked in</a></th>
   </tr>
   <tr>
-    <td rowspan="30" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="31" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
+    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
+    <td><a href="../../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0015</a></td>
@@ -43,6 +43,11 @@
     <td>Implemented</td>
     <td><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
+  <tr>
+    <td><a href="../../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>
diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
index c5d3da4855..46407317e6 100644
--- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
+++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md
@@ -408,26 +408,31 @@
     <td><a href="../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md">ASTM NetRID DSS: Concurrent Requests</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md">ASTM NetRID DSS: ISA Expiry</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md">ASTM NetRID DSS: ISA Subscription Interactions</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/isa_simple.md">ASTM NetRID DSS: Simple ISA</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/isa_validation.md">ASTM NetRID DSS: Submitted ISA Validations</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md">ASTM NetRID DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md">ASTM NetRID DSS: Subscription Validation</a><br><a href="../../../scenarios/astm/netrid/v22a/dss/token_validation.md">ASTM NetRID DSS: Token Validation</a></td>
   </tr>
   <tr>
-    <td rowspan="6" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="7" style="vertical-align:top;"><a href="../../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0015</a></td>
     <td>Implemented</td>
     <td><a href="../../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
+  <tr>
+    <td><a href="../../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>
diff --git a/monitoring/uss_qualifier/suites/uspace/flight_auth.md b/monitoring/uss_qualifier/suites/uspace/flight_auth.md
index ae57d185f0..af365731ec 100644
--- a/monitoring/uss_qualifier/suites/uspace/flight_auth.md
+++ b/monitoring/uss_qualifier/suites/uspace/flight_auth.md
@@ -19,20 +19,20 @@
     <th><a href="../README.md#checked-in">Checked in</a></th>
   </tr>
   <tr>
-    <td rowspan="30" style="vertical-align:top;"><a href="../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="31" style="vertical-align:top;"><a href="../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
+    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
+    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0015</a></td>
@@ -44,6 +44,11 @@
     <td>Implemented</td>
     <td><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
+  <tr>
+    <td><a href="../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>
diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md
index 8fe4bd2d12..5c621a5f52 100644
--- a/monitoring/uss_qualifier/suites/uspace/required_services.md
+++ b/monitoring/uss_qualifier/suites/uspace/required_services.md
@@ -454,20 +454,20 @@
     <td><a href="../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md">ASTM NetRID DSS: Concurrent Requests</a><br><a href="../../scenarios/astm/netrid/v22a/dss/isa_expiry.md">ASTM NetRID DSS: ISA Expiry</a><br><a href="../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md">ASTM NetRID DSS: ISA Subscription Interactions</a><br><a href="../../scenarios/astm/netrid/v22a/dss/isa_simple.md">ASTM NetRID DSS: Simple ISA</a><br><a href="../../scenarios/astm/netrid/v22a/dss/isa_validation.md">ASTM NetRID DSS: Submitted ISA Validations</a><br><a href="../../scenarios/astm/netrid/v22a/dss/subscription_simple.md">ASTM NetRID DSS: Subscription Simple</a><br><a href="../../scenarios/astm/netrid/v22a/dss/subscription_validation.md">ASTM NetRID DSS: Subscription Validation</a><br><a href="../../scenarios/astm/netrid/v22a/dss/token_validation.md">ASTM NetRID DSS: Token Validation</a></td>
   </tr>
   <tr>
-    <td rowspan="30" style="vertical-align:top;"><a href="../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
+    <td rowspan="31" style="vertical-align:top;"><a href="../../requirements/astm/f3548/v21.md">astm<br>.f3548<br>.v21</a></td>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,1</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
+    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,2</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
+    <td><a href="../../scenarios/astm/utm/prep_planners.md">ASTM F3548 flight planners preparation</a><br><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a><br><a href="../../scenarios/astm/utm/data_exchange_validation/get_op_data_validation.md">Data Validation of GET operational intents by USS</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_higher_priority/conflict_higher_priority.md">Nominal planning: conflict with higher priority</a><br><a href="../../scenarios/astm/utm/nominal_planning/conflict_equal_priority_not_permitted/conflict_equal_priority_not_permitted.md">Nominal planning: not permitted conflict with equal priority</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a><br><a href="../../scenarios/astm/utm/flight_intent_validation/flight_intent_validation.md">Validation of operational intents</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0005,5</a></td>
     <td>Implemented</td>
-    <td><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
+    <td><a href="../../scenarios/astm/utm/op_intent_ref_access_control.md">ASTM F3548-21 UTM DSS Operational Intent Reference Access Control</a><br><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a><br><a href="../../scenarios/astm/utm/dss/subscription_simple.md">ASTM SCD DSS: Subscription Simple</a><br><a href="../../scenarios/astm/utm/dss/subscription_validation.md">ASTM SCD DSS: Subscription Validation</a></td>
   </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0015</a></td>
@@ -479,6 +479,11 @@
     <td>Implemented</td>
     <td><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss.md">Off-Nominal planning: down USS</a><br><a href="../../scenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md">Off-Nominal planning: down USS with equal priority conflicts not permitted</a></td>
   </tr>
+  <tr>
+    <td><a href="../../requirements/astm/f3548/v21.md">DSS0210,A2-7-2,7</a></td>
+    <td>Implemented</td>
+    <td><a href="../../scenarios/astm/utm/dss/authentication_validation.md">ASTM SCD DSS: Interfaces authentication</a></td>
+  </tr>
   <tr>
     <td><a href="../../requirements/astm/f3548/v21.md">DSS0300</a></td>
     <td>Implemented</td>