It can take a while depending on the size of the document..please wait
Discuto
0 days left (ends 12 Feb)
description
Further info
LATEST ACTIVITY
LEVEL OF AGREEMENT
MOST DISCUSSED PARAGRAPHS
LATEST COMMENTS
MOST ACTIVE USERS
4.1 The following authentication methods are used across the solution: N/A Resource is accessed Resource is accessed without authentication | |
(If Resource is accessed) User-to-Application: Username & password Public/private key (SSH/SFTP) Security token (smartcard / one-time-password / USB token) Software Digital Certificate | |
(If Resource is accessed) Application-to-Application: Public/private key (SSH/SFTP) SAML (web service) EJB domain trust (J2EE) Server-to-server two-way SSL Encrypted token |
4.2 Authentication credentials are stored: N/A Applicable | |
(If Applicable) Stored: TELUS AD/LDAP Proprietary app LDAP Database table Configuration file (OS) Application source code OS/app certificate store | |
(If Applicable) Credentials are protected by: Hash Encryption AES256 or 3DES162 Other encryption or hash (specify) Unencrypted or not-hashed |
4.3. Authentication credentials are transmitted: | |
(If Encrypted) Encrypted via: HTTPS (SSL) SSH LDAPS | |
(If Encrypted) Hashed via: Kerberos CRAM-MD5 Other (specify) |
4.5. Authorization rules (who has access to what) are stored in: N/A Applicable | |
TELUS Enterprise Integrated: RBAC/TMPROF AD/LDAP OS-Level Permissions | |
(If Applicable) Proprietary ie; not integrated: Configuration File Database LDAP/Other directory |
4.11. Application user management: N/A (No user management) Applicable | |
(If applicable) Proprietary | |
(If applicable) Account Management logs the following: ACTION: Create user ACTION: Change user ACTION: Delete user ACTION: Disable user DETAILS: User ID, performing action DETAILS: Real source IP address DETAILS: Timestamp DETAILS: Account ID affected DETAILS: Action on the account |
4.12. Application-level logrecords actions on data.The logcaptures the following actions: N/A Applicable | |
(If applicable) Application Logs the following: Read/View Data Create/Append Data Change Existing Data Delete Data User ID Real source IP address Timestamp Object/data record ID affected Action on the object |
4.13. Logs are retained: For detailed standard retention by type of log, check retention policy N/A Applicable | ||
(If applicable) Online logs retained: | (years/days) | |
(If applicable) Archived logs retained: | (years/days) | |
(If applicable) Confidential / Restricted data stored in logs: App-level record delete/overwrite OS-level file delete/overwrite Dedicated tool for data wiping | ||
(If applicable) Data is never deleted: | Yes |
P3
Non-repudiation associates actions to a individual users. Logs are useful in the event of malicious activity - the purpose being to determine who/what/when. If your logs do not have enough information to tie actions (viewing sensitive information,making changes)to individuals (user ID, IP address) at a specific time (timestamp), then they do not establish non-repudiation.
Add comment
N/A Yes No (Logs do not identify who/what/when)
Did you know you can vote on comments? You can also reply directly to people's comments.