Topics: |
The following are recommendations and information for the Implement Strong Access Control Measures requirements.
Recommendations and Information for Requirement 8.1
Omni-Gen does not provide an internal user management facility, but instead uses externalized systems, such as Source Management, for user access. The client is advised to refer to the available documentation for the user management aspect based on the utilized component.
Recommendations and Information for Requirement 8.2
Access to the user management systems themselves should be made available only to vetted administrators who are trusted to have access to such systems. The monitoring of any user administrative tasks, such as the addition of a user or the altering of user roles should be done based on client requirements.
Recommendations and Information for Requirement 8.7
Any access to the data sources, which may contain sensitive information, shall be managed and restricted by the client network and security policies in place outside of the Omni-Gen product.
Any direct access to the Omni-Gen database repositories shall be protected by the client's existing security model, ensuring that only approved users can get direct access. The physical systems where the data may rest in place, shall be protected by the network security model following the client requirements.
Requirements are not applicable to the Omni-Gen product line.