Implement Strong Access Control Measures

• Omni-Gen operations interfaces, such as Omni-Gen Server Console and Deployment Console, utilize internal user authentication and should be made available only to a given operations user able to access the system-level information only.
• Omni-Gen developer tools, such as Omni Designer, should be granted access to developers only. The client is advised to utilize a source management system for user management.
• The Administrative users who are authorized to assign roles and manage user access should be given proper training on what components are required to be accessed by which role-based user. This information should be documented and referred to.

Recommendations and Information for Requirement 8.1

Omni-Gen does not provide an internal user management facility, but instead uses externalized systems, such as Source Management, for user access. The client is advised to refer to the available documentation for the user management aspect based on the utilized component.

Recommendations and Information for Requirement 8.2

Access to the user management systems themselves should be made available only to vetted administrators who are trusted to have access to such systems. The monitoring of any user administrative tasks, such as the addition of a user or the altering of user roles should be done based on client requirements.

Recommendations and Information for Requirement 8.7

Any access to the data sources, which may contain sensitive information, shall be managed and restricted by the client network and security policies in place outside of the Omni-Gen product.

Any direct access to the Omni-Gen database repositories shall be protected by the client's existing security model, ensuring that only approved users can get direct access. The physical systems where the data may rest in place, shall be protected by the network security model following the client requirements.

Requirements are not applicable to the Omni-Gen product line.