1) When I create Admin during setup and use my ActiveDirectory user name as the Admin, will it authenticate using ActiveDirectory?
With Go, you need to set an user as a "Go Administrator" for him to manage the Go setup. By default, on a new installation, the first user to login to Go automatically becomes a Go Administrator.
2) Are user IDs and/or passwords cached anywhere?
3) Is account lockout implemented as to limit repeated access attempts?
4) Idle sessions timeout
Session expires in 14 days
5) Is password required to reactivate idle sessions?
6) Does the application implement encryption of any data elements and files?
If YES, indicate encrypted data elements, encryption algorithms and key length
Go Configuration XML passwords are encrypted using DES. Go Agent - Go Server communication is over HTTPS.
7) Does the application implement hashing and/or digital signature methods? If YES, indicate integrity-critical data elements, hashing / dsig algorithms and parameters
MD5 checksum is provided for all artifacts generated by Go Agents
8) Does the application log user login attempts? –
9) Does the application log data access? –
10) Does the application log account administration operations? – Yes If YES, does it log add user / assigned role? – Yes If YES, does it log remove user / change role? – Yes If YES, does it log password reset / unlock user? – Yes If YES, does it log all privileged administrative changes? – Yes Indicate: log location and name (path, db:table, others) – mingle.log Indicate: log rotation (condition/trigger, number of logs prior to purging) – See above Indicate: log retention (number of days, on-line, off-line) – See above
11) Do the user access logs contain the following data elements?
|Date and Time of Event||No|
|Type of Event||No|
|Component Accessed (File, Database, Record)||No|
|Access type (READ, WRITE, CREATE, DELETE)||No|
|Application / Program / Utilities used||N/A|
|Terminal / desktop identification or other location identifier (IP||Yes via IP|
|Updates include both “old value” and “new value”||No|
|Report Name or database query command executed||No|
|Client Identifier (for shared client systems)||No|
|Sensitive Data Fields (PAN, passwords, pins, PII)||No|
|Unique session identifier||No|