RSA Identity Governance and Lifecycle
|
|
- Juliana Roberts
- 6 years ago
- Views:
Transcription
1 RSA Identity Governance and Lifecycle Supplemental Administrative Guidance V7.0.1
2 Contents Introduction... 3 Intended Audience... 3 References... 3 Evaluated Configuration of the TOE... 4 Installation and Configuration... 5 Auditing... 7 ESM_EAU ESM_ICD ESM_ICT FAU_GEN FAU_STG_EXT FTA_SSL FTA_SSL FTA_SSL_EXT FTP_ITC FTP_TRP FTA_TAB FTA_SSL.3 & FTA_SSL_ESXT ESM_EAU.2 & ESM_EID FTM_MOF FMT_SMR FIA_USB Audit Locations Audit Events Monitoring Change Requests Access Certification Rule Remediation Server Side Logs... 23
3 Introduction RSA Identity Governance and Lifecycle provides organizations the ability to act with insight to reduce identity based risks and drive informed security decisions. RSA Identity Governance and Lifecycle simplifies how access is governed and streamlines access requests and fulfillment to deliver continuous assurance of compliance by automating the management of user entitlements throughout the user s lifecycle. With control and visibility into all user access privileges, you improve your ability to safeguard access to information assets by quickly identifying orphaned accounts, inappropriate user access and violations of policy, such as segregation of duties, that introduce risk to the business. Designed for ease of use, RSA Identity Governance and Lifecycle enables IAM teams to easily connect to target systems, administer and manage ongoing policy creation, certification campaigns and system maintenance without costly customized coding, resulting in greater self sufficiency and repeatable success as your IAM program expands. The configuration that was part of the target of evaluation (TOE) includes RSA Identity Governance and Lifecycle version with licenses for Governance and Lifecycle interacting with an Active Directory server and an Oracle database as example endpoints. Intended Audience This document is intended for administrators that are responsible for installing, configuring, and supporting RSA Identity Governance and Lifecycle. Guidance is provided in this document on how to configure and exercise the security functions that were claimed as part of the common criteria (CC) evaluation. The reader is expected to be familiar with the Security Target for RSA Identity Governance and Lifecycle version and the general CC terminology that is referenced in it. This document references the Security Functional Requirements (SFRs) that are defined in the Security Target document and provides instructions for how to perform the security functions that are defined by these SFRs. References The following guides are included as part of the documentation for RSA Identity Governance and Lifecycle: [1] RSA Identity Governance and Lifecycle Installation Guide V7.0.1 [2] RSA Identity Governance and Lifecycle Upgrade and Migration Guide V7.0.1 [3] RSA Identity Governance and Lifecycle Database Setup and Maintenance Guide V7.0.1 [4] RSA Identity Governance and Lifecycle Public Database Schema Reference V7.0.1 [5] RSA Identity Governance and Lifecycle: Data Access Governance Module with StealthAUDIT 7.1 Getting Started [6] RSA Identity Governance and Lifecycle Appliance Updater Guide
4 [7] RSA Identity Governance and Lifecycle Solution Integration Guide: Configuring WildFly Clustering [8] Online help (accessible from RSA Identity Governance and Lifecycle user interface) In addition, the following document was created in support of the CC evaluation of RSA Identity Governance and Lifecycle: [9] RSA Identity Governance and Lifecycle Common Criteria Security Target Evaluated Configuration of the TOE The target of evaluation included the following environment: Component RSA Identity Governance and Lifecycle version Application Server Server TLS Active Directory Details Installed on IBM WebSphere as a J2EE application. The TOE has the following components enabled: Access Certification Manager, Business Role Manager, Access Request Manager, Rules, Automated Fulfillment (AFX), and Password Management. The TOE also includes the GUI and Web Services API features. Collectors and connectors were configured to collect data into the product and push changes out. The Data Access Governance component was not a part of the CC evaluation, but may also be included in the configuration. IBM WebSphere application server is used to host RSA Identity Governance and Lifecycle. WebSphere can be configured to operate in FIPS mode. RSA Identity Governance and Lifecycle is configured to run with RSA BSAFE Crypto J which is FIPS validated, certificate#2468 A physical system comprised of SUSE Linux Enterprise Server 11 SP3 64 bit with latest LTSS patches, IBM WebSphere, and OpenJDK 1.7. In all cases for RSA Identity Governance and Lifecycle, the encryption is provided by the following FIPS certified cryptographic module: RSA BSAFE Crypto J JSAFE and JCE version 6.2.1, certificate#2468 Used for protected communication Used to store identity and access data for the test environment. This also is used as an
5 Oracle Database 12 (1) Oracle Database 12 (2) Identity and credential attributes authentication source. Used by RSA Identity Governance and Lifecycle as the data store for configuration, operational data, and audit data for the TOE. Used to store identity and access data that might supplement or is in addition to enterprise data stored in Active Directory. An administrator can configure the attributes available based on their business in RSA Identity Governance and Lifecycle. Please refer to the section Creating and Managing Attributes for RSA Identity Governance and Lifecycle Object found in the Online Help [8]. For the evaluation, credential lifetime, credential status (that is, Active Status (Active or terminated)), name (first and last), User ID, Title, Job Status, Supervisors, Department and Business Unit, First Seen On, Last Seen On, Is Deleted, Is Terminated, Termination Date, Unique Id, Account, Group, Role and Entitlement attributes were defined. Active Directory was configured as an authentication source. Note that the attribute storing the password is not managed by RSA Identity Governance and Lifecycle and only resides on the Active Directory endpoint. Installation and Configuration The RSA Identity Governance and Lifecycle Installation Guide [1] includes detailed step by step instructions on how to install and configure the product in numerous environments including the TOE. A key step in the configuration of the Encryption Key directory (see Confirm the Setting for the Encryption Key Directory section [1]). This directory is the file system location where a unique KEK is stored and is used for any cryptographic operations. The install guide includes specific sections for configuring SSL to ensure secure communications between RSA Identity Governance and Lifecycle components and similarly for external communications. Security The install guide includes a security best practices section that administrators should review to ensure the TLS settings are configured properly, secure cookies are enabled on the application server, and the security settings found on the Admin >System >Security tab of the RSA Identity Governance and Lifecycle user interface are locked down. The default settings comply with the security best practices.
6 The system defines several roles that can be granted to users to act as administrator and owners of operations. These roles as well as individual entitlements can be found under the Aveksa application. A request to grant the role or entitlement to a user is done like any other access request by creating a request and adding the application role from the Aveksa application to the appropriate user(s). A system installed and configured in a CC environment defines the following default roles to perform the necessary management functions: System Administrator Password Management role Role Administrator Access Request Administrator As part of following security best practice, RSA recommends the AveksaAdmin account is used just for setup and then disabled or password changed. Everyday system administrator rights should be granted to real users that can be properly audited. For testing of the TOE an authentication source against Active Directory was defined in RSA Identity Governance and Lifecycle so all authentication was done against the Active Directory endpoint. See more details in the Managing Log On Authentication Sources found in the online help [8].
7 Auditing In order to be compliant with Common Criteria, RSA Identity Governance and Lifecycle must audit the events listed below for the Protection Profile for Enterprise Security Management Identity and Credential Management, version 2.1 ( ccevs.org/profile/info.cfm?id=346 ). All management functions made will produce an audit event. Some activities may also produce some additional audit artifacts which are called out. Administrators can configure the events that are audited by the following steps: 1. Login as someone with the AuditLogManagement::Admin entitlement (by default AveksaAdmin) 2. Navigate to the Admin >System >Audit menu 3. This screen lists the available audit events and allows the administrator to enable/disable the audit events to log. This screen also provides settings to control if audit events are cleaned up automatically and how long audit events are retained. By default, all audit events are enabled. The column includes a list of audit information required to be provided in the event s audit record addition to: date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event. The Viewing Audit column provides details on the audit location(s) for the audit event. Lastly, the column shows an example of the audit event that RSA Identity Governance and Lifecycle produces. ESM_EAU.2 Any use of an authentication mechanism. Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. Unsuccessful Login Web GUI (Bad Credentials) 12/21/16 9:05 AM user LOGIN AuthSource ActiveDirectory FAIL 12/21/16 9:05 AM user LOGIN LoginFailureAttempt user1 FAIL 12/21/16 9:05 AM user LOGIN LoginSessionId HSHA007(c6698acbe64e2e14a58745d035cb80fee6cf6e a2a9e877c5c5af416761df47be) FAIL 12/21/16 9:05 AM user LOGIN LoginUserId user15 FAIL Unsuccessful Login Web Services (Bad Credentials) The audit records are the same except an additional audit is produced: 12/23/ : user
8 WEBSERVICES_COMMAND WebServiceCommandExecution The WebService command 'loginuser' execution is failed FAIL Successful Login Web GUI user1 User One 12/21/16 9:47 AM user LOGIN LoginSessionId HSHA007(db3f0d6237d6d ba fa9e98 ca93491e026d1f22fc27e2fae45) SUCCESS user1 User One 12/21/16 9:47 AM user LOGIN LoginUserId user1 SUCCESS user1 User One 12/21/16 9:47 AM user LOGIN AuthSource ActiveDirectory SUCCESS Successful Login Web Services (The audit records are the same except an additional audit is produced) 10: user WEBSERVICES_COMMAND WebServiceCommandExecution The WebService command 'loginuser' is executed successfully SUCCESS ESM_ICD.1 Creation or modification of identity and credential data. The attribute(s) modified Viewing Audit An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Password Reset User1 User One 9/28/16 9:07 AM user REQUEST_FORM Run Request Form The Request Form Default Reset Password Form is executed Request Submitted user1 User One 9/28/16 9:08 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Enrollment or modification of subject Viewing Audit The subject The user can use the Run ID in a Collection of Users from External Business Source
9 created or modified, the attribute(s) modified (if applicable) MONITORING_DATA_RUNS audit event and view more information on the Monitoring page (Admin >Monitoring >Data Runs). An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS AccountLoad Run id = 1082, Monitoring data run is in running state MODIFY User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS IdentityLoad Run id = 1081, Monitoring data run Completed, Run start time= :21:14, Run end time= :21:23, Elapsed run time=0: SUCCESS User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS EntitlementLoad Run id = 1069, Monitoring data run Completed, Run start time= :27:40, Run end time= :27:53, Elapsed run time=0: SUCCESS Modification of Subjects Status (Termination) User1 User One user1@aveksaus.com 9/26/16 10:41 AM user REQUEST_FORM Run Request Form The Request Form Default Termination Form is executed user1 User One user1@aveksaus.com 9/26/16 10:42 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Definition of identity and credential data that can be associated with users (activate, suspend, revoke credential, etc.) Viewing Audit An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Password Reset User1 User One user1@aveksaus.com 9/28/16 9:07 AM user REQUEST_FORM Run Request Form The Request Form Default Reset Password Form is executed user1 User One user1@aveksaus.com 9/28/16 9:08 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Management of credential status
10 Viewing Audit This action usually starts from the Terminate button found on a user s detail screens. An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Modification of Credential Status (Termination) User1 User One user1@aveksaus.com 9/26/16 10:41 AM user REQUEST_FORM Run Request Form The Request Form Default Termination Form is executed user1 User One user1@aveksaus.com 9/26/16 10:42 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Enrollment of users into repository Viewing Audit This action usually starts from a request button to register a user or a new user is collected. The user can use the Run ID in a MONITORING_DATA_RUNS audit event and view more information on the Monitoring page (Admin >Monitoring >Data Runs) for a collection. An audit is produced in the Audit report containing the change request id when registering a new user. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Collection of Users from External Business Source User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS AccountLoad Run id = 1082, Monitoring data run is in running state MODIFY User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS IdentityLoad Run id = 1081, Monitoring data run Completed, Run start time= :21:14, Run end time= :21:23, Elapsed run time=0: SUCCESS User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS EntitlementLoad Run id = 1069, Monitoring data run Completed, Run start time= :27:40, Run end time= :27:53, Elapsed run time=0: SUCCESS ESM_ICT.1 All attempts to transmit information
11 The destination to which the transmission was attempted Viewing Audit The user can use the Run ID in a MONITORING_DATA_RUNS audit event and view more information on the Monitoring page (Admin >Monitoring >Data Runs). An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Lastly, AFX logs are available for the endpoint where any requests are sent. Collector User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS AccountLoad Run id = 1082, Monitoring data run is in running state MODIFY User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS IdentityLoad Run id = 1081, Monitoring data run Completed, Run start time= :21:14, Run end time= :21:23, Elapsed run time=0: SUCCESS User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS EntitlementLoad Run id = 1069, Monitoring data run Completed, Run start time= :27:40, Run end time= :27:53, Elapsed run time=0: SUCCESS AFX Connector User1 User One user1@aveksaus.com 9/26/16 10:41 AM user REQUEST_FORM Run Request Form The Request Form Default Termination Form is executed user1 User One user1@aveksaus.com 9/26/16 10:42 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Configuration of circumstances in which transmission of identity and credential data is performed Viewing Audit The user can create, modify, or delete a connector or collector. All necessary details are captured in the audit events and can be viewed in the out of the box audit report. Create Collector User1 User One user1@aveksaus.com 1/30/2017 9: user ACCOUNT_COLLECTOR Create Account Collector Created Account Collector Active Directory 2 ADC CREATE User1 User One user1@aveksaus.com 1/30/2017 9: user IDENTITY_COLLECTOR Create Identity Collector Created Identity Collector Active Directory 2 IDC CREATE Modify Collector
12 User1 User One 1/30/2017 9: user ACCOUNT_COLLECTOR Modify Account Collector Modified Account Collector Active Directory 2 ADC MODIFY User1 User One user1@aveksaus.com 1/30/ : user IDENTITY_COLLECTOR Modify Identity Collector Modified Identity Collector Active Directory 2 IDC MODIFY Delete Collector User1 User One user1@aveksaus.com 1/30/ : user ACCOUNT_COLLECTOR Delete Account Collector Deleted Create Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Create Connector Created the connector Demo- Connector CREATE Modify Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Modify Connector Modified the connector Democonnector MODIFY Delete Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Delete Connector Deleted the connector Demo-Connector DELETE FAU_GEN.1 Start up of the audit functions Viewing Audit Shut down of the audit functions All necessary details are captured in the audit events and can be viewed in the out of the box audit report. user1 11/21/16 9:21 AM user AUDIT_SETTINGS AuditLoggingEnabled true MODIFY Viewing Audit All necessary details are captured in the audit events and can be viewed user1 11/21/16 9:20 AM user AUDIT_SETTINGS AuditLoggingEnabled
13 in the out of the box audit report. false MODIFY FAU_STG_EXT.1 Establishment of communications with audit server. Identification of audit server Viewing Audit Audit events show when the audit engine is started and stopped. Disestablishment of communications with audit server. Note: All events are logged to an internal source (database). The server must always be able to communicate with the database in order to operate. Therefore, this communication cannot be established/ disestablished through the application. Identification of audit server Viewing Audit Audit events show when the audit engine is started and stopped. Note: All events are logged to an internal source (database). The server must always be able to communicate with the database in order to operate. Therefore, this communication cannot be established/ disestablished through the application. FTA_SSL.3 All session termination events. Viewing Audit Audit events show when a session ends. Similar events can also be seen for system sessions. These are identified with attributes like LoginSystemId Server Log (termination due to timeouts): rsa INFO 1/11/17 7:57 AM Session timeout logging out user LoginID=user1 Audit Events: user1 User One user1@aveksaus.com 1/11/2017 7: user LOGOUT LogoutUserId 129 SUCCESS user1 User One user1@aveksaus.com 1/11/2017 7: user LOGOUT LogoutSessionId HSHA007(44db9ff07533deca73a18454f3de5aeb64c9f 02d45c5c4a347a3ded344e5ced1) SUCCESS FTA_SSL.4 All session termination events (from all sources).
14 Viewing Audit Audit events show when a session ends. Similar events can also be seen for system sessions. These are identified with attributes like LoginSystemId Logout Web GUI User1 User One user1@aveksaus.com 12/21/16 9:58 AM user LOGOUT LogoutUserId 129 SUCCESS User1 User One user1@aveksaus.com 12/21/16 9:58 AM user LOGOUT LogoutSessionId HSHA007(cece81ff3bbad3b7fe9b7de8a9507a8dcfdc5d fb197aa0f830c4c8ab7c354c2b) SUCCESS Logout Web Services The audit records are the same except an additional audit is produced: 10: user WEBSERVICES_COMMAND WebServiceCommandExecution The WebService command 'logoutuser' is executed successfully SUCCESS FTA_SSL_EXT.1 All session locking and unlocking events. Viewing Audit Audit events show when a session ends. Similar events can also be seen for system sessions. These are identified with attributes like LoginSystemId. Same as FTA_SSL.3 Server Log (termination due to timeouts): rsa INFO 1/11/17 7:57 AM Session timeout logging out user LoginID=user1 Audit Events: user1 User One user1@aveksaus.com 1/11/2017 7: user LOGOUT LogoutUserId 129 SUCCESS user1 User One user1@aveksaus.com 1/11/2017 7: user LOGOUT LogoutSessionId HSHA007(44db9ff07533deca73a18454f3de5aeb64c9f 02d45c5c4a347a3ded344e5ced1) SUCCESS FTP_ITC.1 All use of trusted channel functions
15 Identity of the initiator and target of the trusted channel Viewing Audit See ESM_ICD.1 The user can use the Run ID in a MONITORING_DATA_RUNS audit event and view more information on the Monitoring page (Admin >Monitoring >Data Runs). An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Collector User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS AccountLoad Run id = 1082, Monitoring data run is in running state MODIFY User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS IdentityLoad Run id = 1081, Monitoring data run Completed, Run start time= :21:14, Run end time= :21:23, Elapsed run time=0: SUCCESS User1 User One 12/21/16 9:21 AM user MONITORING_DATA_RUNS EntitlementLoad Run id = 1069, Monitoring data run Completed, Run start time= :27:40, Run end time= :27:53, Elapsed run time=0: SUCCESS AFX Connector User1 User One user1@aveksaus.com 9/26/16 10:41 AM user REQUEST_FORM Run Request Form The Request Form Default Termination Form is executed Configuration of actions that require trusted channel (if applicable) Viewing Audit These events occur when particular objects are created, modified, or deleted (collectors, connectors, authentication sources). All of these actions produce audit events. Create Collector User1 User One user1@aveksaus.com 1/30/2017 9: user ACCOUNT_COLLECTOR Create Account Collector Created Account Collector Active Directory 2 ADC CREATE User1 User One user1@aveksaus.com 1/30/2017 9: user IDENTITY_COLLECTOR Create Identity Collector Created Identity Collector Active Directory 2 IDC CREATE Modify Collector User1 User One user1@aveksaus.com 1/30/2017 9: user ACCOUNT_COLLECTOR Modify Account Collector Modified Account Collector Active Directory 2 ADC
16 MODIFY User1 User One 1/30/ : user IDENTITY_COLLECTOR Modify Identity Collector Modified Identity Collector Active Directory 2 IDC MODIFY Delete Collector User1 User One user1@aveksaus.com 1/30/ : user ACCOUNT_COLLECTOR Delete Account Collector Deleted Account Collector Active Directory 2 ADC DELETE User1 User One user1@aveksaus.com 1/30/ : user IDENTITY_COLLECTOR Delete Identity Collector Deleted Identity Collector Active Directory 2 IDC DELETE Create Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Create Connector Created the connector Demo- Connector CREATE Modify Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Modify Connector Modified the connector Democonnector MODIFY Delete Connector User1 User One user1@aveksaus.com 2/13/2017 3: user CONNECTOR Delete Connector Deleted the connector Demo-Connector DELETE Create Authentication Source 13: user AUTH_SOURCE CollectorId 49 CREATE 13: user AUTH_SOURCE CollectorType I CREATE 13: user AUTH_SOURCE ProviderType ActiveDirectoryCollector CREATE
17 13: user AUTH_SOURCE ProviderName ActiveDirectory2 CREATE Modify Authentication Source User1 User One 1/12/2017 9: user AUTH_SOURCE ProviderType ActiveDirectoryCollector MODIFY User1 User One 1/12/2017 9: user AUTH_SOURCE ProviderName ActiveDirectory2 MODIFY User1 User One 1/12/2017 9: user AUTH_SOURCE CollectorType I MODIFY Delete Authentication Source 13: user AUTH_SOURCE ProviderName ActiveDirectory2 DELETE FTP_TRP.1 All attempted uses of the trusted path functions Identification of user associated with all trusted path functions, if available Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. Web GUI user1 User One user1@aveksaus.com 12/21/16 9:47 AM user LOGIN LoginSessionId HSHA007(db3f0d6237d6d ba fa9e9 8ca93491e026d1f22fc27e2fae45) SUCCESS user1 User One user1@aveksaus.com 12/21/16 9:47 AM user LOGIN LoginUserId user1 SUCCESS user1 User One user1@aveksaus.com 12/21/16 9:47 AM user LOGIN AuthSource ActiveDirectory SUCCESS Web Services The audit records are the same except an additional audit is produced: 10: user WEBSERVICES_COMMAND WebServiceCommandExecution The WebService
18 command 'loginuser' is executed successfully SUCCESS Configuration of actions that require trusted path (if applicable). Identification of user associated with all trusted path functions, if available Viewing Audit The configuration of the Web GUI over TLS/HTTPS occurs during the installation process and therefor is not audited by the TOE. Enabling/disabling web services is recorded as an audit event. Enable Secure Web Services User1 11/21/16 1:35 PM User SECURITY_SETTINGS WebServicesRequireSecurity true MODIFY Disable Secure Web Services User1 11/21/16 1:37 PM User SECURITY_SETTINGS WebServicesRequireSecurity false MODIFY FTA_TAB.1 Maintenance of the banner Identification of user associated with all trusted path functions, if available Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. This event occurs when the banner is modified under Admin >System >Security User1 User One 12/23/16 7:52 AM user AUTH_SOURCE LoginPagePasswordText password MODIFY User1 User One 12/23/16 7:52 AM user AUTH_SOURCE LoginPageNameText UserName MODIFY User1 User One 12/23/16 7:51 AM user AUTH_SOURCE LoginPageMessage Warning! This device is for CC Authorized Users only! Test MODIFY FTA_SSL.3 & FTA_SSL_ESXT.1 Configuration of the inactivity period for session termination Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. This event occurs when the session timeout is modified under Admin >System >Security Web GUI User1 User One 12/21/16 11:37 AM user SYSTEM_SETTING SessionTimeoutWarning 60 MODIFY User1 User One 12/21/16 11:37 AM user SYSTEM_SETTING SessionTimeout 999 MODIFY
19 Web Services User1 User One 12/23/16 6:54 AM user SECURITY_SETTINGS TokenInactivityTimeout 5 MODIFY User1 User One 12/23/16 6:54 AM user SECURITY_SETTINGS TokenLifetimeTimeout 5 MODIFY ESM_EAU.2 & ESM_EID.2 Management of authentication data for both interactive users and authorized IT entities (if managed by the TSF) Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. These events occur when authentication sources are created, modified, or deleted from the Admin >System >Authentication screen. Create Authentication Source 13: user AUTH_SOURCE CollectorId 49 CREATE 13: user AUTH_SOURCE CollectorType I CREATE 13: user AUTH_SOURCE ProviderType ActiveDirectoryCollector CREATE 13: user AUTH_SOURCE ProviderName ActiveDirectory2 CREATE Modify Authentication Source User1 User One user1@aveksaus.com 1/12/2017 9: user AUTH_SOURCE ProviderType ActiveDirectoryCollector MODIFY User1 User One user1@aveksaus.com 1/12/2017 9: user AUTH_SOURCE ProviderName ActiveDirectory2 MODIFY User1 User One user1@aveksaus.com 1/12/2017 9: user AUTH_SOURCE CollectorType I MODIFY Delete Authentication Source 13: user AUTH_SOURCE ProviderName ActiveDirectory2 DELETE
20 FTM_MOF.1 Management of sets of users that can interact with security functions Viewing Audit An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Add User to Role user1 User One 1/30/17 11:20 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Remove User from Role user1 User One user1@aveksaus.com 1/30/17 11:32 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY FMT_SMR.1 Management of the users that belong to a particular role. Viewing Audit An audit is produced in the Audit report containing the change request id. The change request can be viewed within the user interface to see additional levels of detail (approvals and fulfillment history). Add User to Role user1 User One user1@aveksaus.com 1/30/17 11:20 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY Remove User from Role user1 User One user1@aveksaus.com 1/30/17 11:32 AM user REQUEST_FORM RequestWorkItem Action performed for CR succeeded : MODIFY FIA_USB.1 Definition of default subject security attributes, modification of subject security attributes Viewing Audit All necessary details are captured in the audit events and can be viewed in the out of the box audit report. See example audits from ESM_ICD.1 This is like the management
21 functions for ESM_ICD.1.
22 Audit Locations There are several locations in RSA Identity Governance and Lifecycle where audit information is captured: Audit events Monitoring information collections, reviews, rules Change requests Access Certification (reviews) Rule remediation Server side logs Audit Events Events that are captured as part of the audit component in RSA Identity Governance and Lifecycle are configured on the Admin >System >Audit screen. Audit events are persisted in the internal database that ships with the product. An out of the box report is provided to view the audit events for the last 30 days. Please refer to the Audit Events section and for Events found in the Online Help [8]. Monitoring In addition to capturing the audit event, administrators can view what collections, reviews, and rules have run in the system from the Admin >Monitoring >Data Runs. The details including steps and access to logs for each run can be found by clicking on the Run ID. Please refer to the Viewing Running and Completed Processing Runs section found in the Online Help [8]. Change Requests Audit events for submitted request forms show the id for the change request. In addition to this, any submitted request can be viewed from the Requests >Requests screen. An administrator can see details related to what was requested, who approved it, and what endpoints were involved in fulfilling the request. Any details related to delegation, escalations, or rejections to the request are also captured in these screens. Please refer to the section Working with Change Requests found in the Online Help [8]. Access Certification Access Certification (Reviews) is an important part of the governance lifecycle. Reviews are run based on the business requirements. Some businesses may run quarterly reviews to look at what access users have. Other businesses may run monthly reviews based on any access that is detected as violations by defined rules. Regardless of the frequency of the review, a review captures all the audit data about what was reviewed, who was responsible for reviewing, and any decisions made. Any actions to reassign work are also captured as review history. Please refer to the sections Performing Reviews and View and Enter Review Comments and View Review Item History found in the Online Help [8]. Out of the box report templates are also available to look at review related data. The templates can be found when creating a report under the Reports >Tabular screen.
23 Rule Remediation Businesses can define rules to detect conditions and react to them. In particular, user access rules are useful for detecting if users have access they shouldn t have. Similarly, unauthorized change detection rules are used to detect any access granted outside of RSA Identity Governance and Lifecycle. For more information on the types of rules available, please refer to Rule Types found in the Online Help [8]. When rules are evaluated, violations are created for any conditions found. Automatic actions like generating a change request or creating a review may occur or a remediator may be assigned to look closer at the violation. Like change requests, the violation history can be viewed along with actions taken like a decision made but a remediator. Please refer to the section Working with Rule Violations found in the Online Help [8] for more details. Server Side Logs logs can be seen for the server(s) from the Admin >System >Server Nodes screen. Administrators have access to the aveksaserver.log file among other files. Similarly, the logs for an AFX Server can be accessed from the AFX >Servers screen by clicking on the name of the server and going to the Logs tab. Individual connectors deployed on the AFX Server(s) also have log files that are viewable by navigating to AFX >Connectors and clicking on a connector name. The Logs tab shows the details for that connector.
RSA Identity Governance and Lifecycle v Security Target
RSA Identity Governance and Lifecycle v7.0.1 Security Target Version 1.0 April 11, 2017 Prepared for: RSA The Security Division of EMC 2 10700 Parkridge Blvd. Suite 600 Reston, VA 20191 Prepared by: Common
More informationAssurance Activity Report for Vormetric Data Security Manager Version 5.3
for Vormetric Data Security Manager Version 5.3 Version 1.4 March 28, 2016 Produced by: Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme The Developer
More informationSailPoint IdentityIQ Common Criteria Security Target. SailPoint
Common Criteria Security Target ST Version: 2.0 August 27, 2017 SailPoint 11305 Four Points Drive Building 2, Suite 100 Austin, TX 78726 Prepared By: Cyber Assurance Testing Laboratory 900 Elkridge Landing
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report. for
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme TM Validation Report for Report Number: CCEVS-VR-VID10769-2017 Dated: May 31, 2017 Version: 1.0 National Institute
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell EMC Elastic Cloud Storage v3.2 15 May 2018 383-4-439 V1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT HP Service Manager v9.41 Patch 3 383-4-395 17 February 2017 v1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,
More informationForeScout CounterACT
Assurance Activities Report For a Target of Evaluation ForeScout CounterACT Security Target (Version 1.0) Assurance Activities Report (AAR) Version 1.0 2/23/2018 Evaluated by: Booz Allen Hamilton Common
More informationCertification Report
Certification Report Curtiss-Wright Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationProtection Profile Summary
NIAP Protection Profile for Mobile Device Management (PP_MDM_v2.0) PP link: Summary author: https://www.niap-ccevs.org/pp/pp_mdm_v2.0/ lachlan.turner@arkinfosec.net Date: 26 March 2015 Overview The NIAP
More informationOracle HCM Cloud Common Release 12. What s New
Oracle HCM Cloud Common Release 12 What s New TABLE OF CONTENTS REVISION HISTORY... 4 OVERVIEW... 7 RELEASE FEATURE SUMMARY... 8 HCM COMMON FEATURES... 11 APPLICATIONS SECURITY... 11 User Account Management...
More informationRSA Identity Governance and Lifecycle Collector Data Sheet for IBM Notes
RSA Identity Governance and Lifecycle Collector Data Sheet for IBM Notes Version 1.3 Jan 2018 Contents Purpose... 4 Supported Software... 4 Prerequisites... 4 JBoss... 4 WildFly... 4 WebSphere... 5 WebLogic...
More informationCertification Report
Certification Report Lancope Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationNDcPP v1.0 Assurance Activity Report for Dell Networking Platforms
NDcPP v1.0 for Dell Networking Platforms Version v1.8 June 12, 2017 Produced by: Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme The Developer
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7525/7530/7535/7545/7556 with FIPS 140-2 Compliance over SNMPv3 25 July 2016 v1.0 383-4-371 Government of Canada. This document is the property of the Government
More informationRSA Archer GRC Application Guide
RSA Archer GRC Application Guide Version 1.2 vember 2017 Contact Information RSA Link at https://community.rsa.com contains a knowledgebase that answers common questions and provides solutions to known
More informationCertification Report
Certification Report McAfee Management for Optimized Virtual Environments Antivirus 3.0.0 with epolicy Orchestrator 5.1.1 Issued by: Communications Security Establishment Certification Body Canadian Common
More informationManage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, on page 1 Cisco ISE Administrators, on page 1 Cisco ISE Administrator Groups, on page 3 Administrative Access to Cisco ISE, on
More informationUnderstanding Admin Access and RBAC Policies on ISE
Understanding Admin Access and RBAC Policies on ISE Contents Introduction Prerequisites Requirements Components Used Configure Authentication Settings Configure Admin Groups Configure Admin Users Configure
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationCA GovernanceMinder. CA IdentityMinder Integration Guide
CA GovernanceMinder CA IdentityMinder Integration Guide 12.6.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationNIKSUN NetOmni Security Target (Version 1.0)
Assurance Activities Report For a Target of Evaluation NIKSUN NetOmni Security Target (Version 1.0) Assurance Activities Report (AAR) Version 1.0 10/27/2017 Evaluated by: Booz Allen Hamilton Common Criteria
More informationLieberman Software Rapid Enterprise Defense Identity Management Application Guide
Lieberman Software Rapid Enterprise Defense Identity Management Application Guide Contact Information RSA Link at https://community.rsa.com contains a knowledgebase that answers common questions and provides
More informationRSA Identity Governance and Lifecycle Collector Data Sheet for Zendesk
RSA Identity Governance and Lifecycle Collector Data Sheet for Zendesk Version 1.1 December 2017 Contents Purpose... 4 Supported Software... 4 Prerequisites... 4 Account Data Collector... 4 Configuration...
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationFireEye VX Series Appliances
FireEye VX Series Appliances FireEye, Inc. Common Criteria Guidance Addendum Prepared By: Acumen Security 18504 Office Park Dr Montgomery Village, MD 20886 www.acumensecurity.net 1 Table Of Contents 1
More informationManage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, on page 1 Cisco ISE Administrators, on page 1 Cisco ISE Administrator Groups, on page 3 Administrative Access to Cisco ISE, on
More informationNetIQ Identity Governance includes new features, improves usability, and resolves several previous issues.
NetIQ Identity Governance 3.0.1 Release Notes March 2018 NetIQ Identity Governance 3.0.1 includes new features, improves usability, and resolves several previous issues. Many of these improvements were
More informationCertification Report
Certification Report EAL 2+ Evaluation of Verdasys Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationOracle Risk Management Cloud
Oracle Risk Management Cloud Release 12 New Feature Summary December 2016 TABLE OF CONTENTS REVISION HISTORY... 3 COMMON TECHNOLOGIES... 4 APPLICATIONS SECURITY... 4 User Account Management... 5 Administrator
More informationTable of Contents Chapter 1: Migrating NIMS to OMS... 3 Index... 17
Migrating from NIMS to OMS 17.3.2.0 User Guide 7 Dec 2017 Table of Contents Chapter 1: Migrating NIMS to OMS... 3 Before migrating to OMS... 3 Purpose of this migration guide...3 Name changes from NIMS
More informationSOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK
RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility
More informationManage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, page 1 Cisco ISE Administrators, page 1 Cisco ISE Administrator Groups, page 3 Administrative Access to Cisco ISE, page 11 Role-Based
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationGoogle Sync Integration Guide. VMware Workspace ONE UEM 1902
Google Sync Integration Guide VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationWorkspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810
Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationCA Identity Governance
CA Identity Governance Configuration Guide 12.6.02a This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationCA CloudMinder. Administration Guide 1.52
CA CloudMinder Administration Guide 1.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational
More informationOracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service
http://docs.oracle.com Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service Configuration Guide 2018 Oracle Corporation. All rights reserved 07-Jun-2018 Contents 1 HIPAA 3 1.0.1 What is HIPAA?
More informationZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018
ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk November 2018 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,
More informationIntegration of Agilent UV-Visible ChemStation with OpenLAB ECM
Integration of Agilent UV-Visible ChemStation with OpenLAB ECM Compliance with Introduction in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting
More informationEkran System v.6.0 Privileged User Accounts and Sessions (PASM)
Ekran System v.6.0 Privileged User Accounts and Sessions (PASM) Table of Contents About... 3 Using Privileged User Accounts... 4 Password Vault Configuration... 5 Defining Domain Administrator Credentials...
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationCertification Report
Certification Report McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Issued by: Communications
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationOracle Database 12c: Administration Workshop Duration: 5 Days Method: Instructor-Led
Oracle Database 12c: Administration Workshop Duration: 5 Days Method: Instructor-Led Certification: Oracle Database 12c Administrator Certified Associate Exam: Oracle Database 12c: Installation and Administration
More informationProtection Profile for Virtualization Extended Package Client Virtualization. Version: National Information Assurance Partnership
Protection Profile for Virtualization Extended Package Client Virtualization Version: 1.0 2016-11-17 National Information Assurance Partnership 1 Revision History Version Date Comment v1.0 2016-11-17 Initial
More informationSailPoint IdentityIQ 6.4
RSA Ready Implementation Guide for Administrative Interoperability Partner Information Last Modified: May 13, 2015 Product Information Partner Name SailPoint Web Site www.sailpoint.com Product Name IdentityIQ
More informationCertification Report
Certification Report McAfee File and Removable Media Protection 4.3.1 and epolicy Orchestrator 5.1.2 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationHIPAA Compliance Assessment Module
Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationCA Identity Manager. Implementation Guide
CA Identity Manager Implementation Guide 12.6.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for
More informationMarkLogic Server. Common Criteria Evaluated Configuration Guide. MarkLogic 9 May, Copyright 2019 MarkLogic Corporation. All rights reserved.
Common Criteria Evaluated Configuration Guide 1 MarkLogic 9 May, 2017 Last Revised:9.0-3, September, 2017 Copyright 2019 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents
More informationRev.1 Solution Brief
FISMA-NIST SP 800-171 Rev.1 Solution Brief New York FISMA Cybersecurity NIST SP 800-171 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical
More informationVMware AirWatch Certificate Authentication for Cisco IPSec VPN
VMware AirWatch Certificate Authentication for Cisco IPSec VPN For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More information1 Hitachi ID Access Certifier. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 Hitachi ID Access Certifier Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Periodic review and cleanup of security entitlements. 2 Agenda Hitachi ID corporate overview.
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationPolicy Manager for IBM WebSphere DataPower 8.0: Installation Guide
Policy Manager for IBM WebSphere DataPower 8.0: Installation Guide Policy Manager for IBM WebSphere DataPower Install Guide AKANA_PMDP_Install_8.0 Copyright Copyright 2016 Akana, Inc. All rights reserved.
More informationPCI Compliance Assessment Module with Inspector
Quick Start Guide PCI Compliance Assessment Module with Inspector Instructions to Perform a PCI Compliance Assessment Performing a PCI Compliance Assessment (with Inspector) 2 PCI Compliance Assessment
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More information2018 GLOBALSCAPE TRAINING OVERVIEW
2018 GLOBALSCAPE TRAINING OVERVIEW TABLE OF CONTENTS COURSE... 3 EFT ESSENTIALS COURSE...4 EFT ADMINISTRATOR COURSE... 5 EFT ADMINISTRATOR COURSE (CONT.)... 6 EFT AUTOMATION COURSE... 7 EFT SECURITY COURSE...8
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access
SafeNet Authentication Manager Integration Guide Using SAM as an Identity Provider for SonicWALL Secure Remote Access Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright
More informationFireEye NX Series Appliances
FireEye NX Series Appliances FireEye, Inc. Common Criteria Guidance Addendum Prepared By: Acumen Security 18504 Office Park Dr Montgomery Village, MD 20886 www.acumensecurity.net 1 Table Of Contents 1
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT VMware Horizon 6 version 6.2.2 and Horizon Client 3.5.2 12 August 2016 v1.0 File Number 383-4-356 Government of Canada. This document is the property of the Government
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationPCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard
Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationForeScout Extended Module for Tenable Vulnerability Management
ForeScout Extended Module for Tenable Vulnerability Management Version 2.7.1 Table of Contents About Tenable Vulnerability Management Module... 4 Compatible Tenable Vulnerability Products... 4 About Support
More informationProtection Profile for Virtualization Extended Package Server Virtualization. Version: National Information Assurance Partnership
Protection Profile for Virtualization Extended Package Server Virtualization Version: 1.0 2016-11-17 National Information Assurance Partnership 1 Revision History Version Date Comment v1.0 2016-11-17 Initial
More informationMAGNUM-SDVN Security Administration Manual
MAGNUM-SDVN Security Administration Manual Revision 19: November 21, 2017 Contents Overview... 3 Administrative Access... 4 Logging Into Terminal Locally... 4 Logging Out Of Local Terminal... 4 Logging
More informationIBM Tivoli Identity Manager 5.0 Security Target BSI-DSZ-CC-0556
IBM Tivoli Identity Manager 5.0 Security Target BSI-DSZ-CC-0556 Version 1.14 June 9, 2009 Table of Contents 1. SECURITY TARGET (ST) INTRODUCTION... 6 1.1. ST IDENTIFICATION... 6 1.2. ST OVERVIEW... 6 1.3.
More informationSECURITY DOCUMENT. 550archi
SECURITY DOCUMENT 550archi Documentation for XTM Version 10.3 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of this publication may be reproduced or
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT CA Technologies CA API Gateway v9.2 10 October 2017 383-4-417 V 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationmaxecurity Product Suite
maxecurity Product Suite Domain Administrator s Manual Firmware v2.2 ii Table of Contents BASICS... 1 Understanding how maxecurity products work in your company... 1 Getting started as a Domain Administrator...
More informationCisco NAC Profiler UI User Administration
CHAPTER 14 Topics in this chapter include: Overview, page 14-1 Managing Cisco NAC Profiler Web User Accounts, page 14-2 Enabling RADIUS Authentication for Cisco NAC Profiler User Accounts, page 14-7 Changing
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7845/7845i/7855/7855i 2016 Xerox ConnectKey Technology 12 August 2016 v1.0 383-4-382 Government of Canada. This document is the property of the Government
More informationQuestion: 1 Which item must be enabled on the client side to allow users to complete certification in offline mode?
Volume: 81 Questions Question: 1 Which item must be enabled on the client side to allow users to complete certification in offline mode? A. In Microsoft Excel, navigate to Excel Options >Trust Center tab
More informationCertification Report
Certification Report Symantec Security Information Manager 4.8.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More informationCounterACT VMware vsphere Plugin
Configuration Guide Version 2.0.1 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin... 5 What to Do... 5 Requirements... 5 CounterACT
More informationForeScout Extended Module for VMware AirWatch MDM
ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5
More informationIBM Tivoli Identity Manager V5.1 Fundamentals
IBM Tivoli Identity Manager V5.1 Fundamentals Number: 000-038 Passing Score: 600 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ IBM 000-038 IBM Tivoli Identity Manager V5.1 Fundamentals
More informationEvaluation Guide Host Access Management and Security Server 12.4 SP1 ( )
Evaluation Guide Host Access Management and Security Server 12.4 SP1 (12.4.10) Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,
More informationOVERVIEW TIMING AND DEADLINES PERMISSIONS, LIMITS, AND APPROVALS PROCEDURES REPORTS STOP PAYMENTS PROCEDURES...
TABLE OF CONTENTS TABLE OF CONTENTS... 1 ACCESSING THE SYSTEM... 4 LOGGING IN... 4 FIRST TIME LOG-IN ONLY... 4 UPDATING USER PROFILE, USER PASSWORD, AND SECURITY QUESTIONS... 6 ESTABLISHING USER PREFERENCES...
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationIAM Project Overview & Milestones
IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationForescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2
Forescout Version 1.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationProcess Document. Scope
Process Document Subject: BCIT Access Management Process Process Number: I.0.02.00.01 Department Name: Information Technology Version: 1.4 Original Issue Date: Revision Date: 03/22/2010 Process Owner:
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationForeScout CounterACT. Plugin. Configuration Guide. Version 2.2.4
ForeScout CounterACT Core Extensions Module: Advanced Tools Plugin Version 2.2.4 Table of Contents About the CounterACT Advanced Tools Plugin... 4 What to Do... 5 Requirements... 5 Configure the Plugin...
More information