Application Security Features and Functions
Application security refers to a layer of the TCP/IP model.
|
- Database-level security
- Program-level security
- Multilevel access passwords
- User authentication
- Digital signatures
- User, object, and method access control
- Encrypting or decrypting of messages
- Integrates security (log-on IDs and passwords) to the existing ctive directory and accommodates single user sign-on
- Integrates security with constituency management system
- Integrates security with identity management system
- Limits the types of transactions that a user can process
- Reports on unused or inactive user IDs
- Data import/export is subject to application security
- Suspends IP address after user-defined number of failed login attempts and requires administrator to reset password
- Automatic log-off (timeout) when system is left unused for a user-defined period of time
- Provides report of failed login attempts and unauthorized attempts
- Controls session management
- Application comes with out-of-box lock down until rights are given to users and roles
- Provides an automated audit trail of system transactions
- Record the following minimum data on all transactions: type of transaction, log on ID, terminal ID, IP address, effective data of change, data, time, old value/new value, transaction type, transaction ID
- Provides an option for audit logs through a method of self-truncating or archiving by time or size, as defined by the system administrator
- Queries transactions from an internal or external audit perspective for unusual activity
- Ensures that all data is archived before being purged
- Third party fraud detection software
|
|
Architecture Features and Functions
|