Recommendations and Information for Requirement 6.1
- Ensure that the latest Omni-Gen service packs and patches are applied. For the latest service packs and patches, see http://techsupport.ibi.com.
- Third-party software provided by Omni-Gen, such as Tomcat, should be updated as recommended by those vendors.
- Third-party software which is not provided, but is required by Omni-Gen, such as Java, should be updated as recommended by those vendors.
Recommendations and Information for Requirement 6.3
- Adhere to the Internal Software Development Life Cycle (SDLC) recommendations for application development to ensure that
any customizations do not introduce new vulnerabilities.
- Remove any test accounts created during development prior to a production rollout.
- Remove any test jars or scripts used during the development life cycle.
- If any custom code is used, the client is responsible for reviewing the code for vulnerabilities.
Recommendations and Information for Requirement 6.4
- Create separate Omni-Gen environments for Development, Performance, Production, and any other use, to ensure separation and accessibility. Ensure
to use different repositories and authentication/authorization domains.
- Do not develop any components directly on the Performance or Production systems. The Production system should be a code-frozen
environment with the only exception where a debug component may need to be installed for issues which are encountered in production,
but are not able to be reproduced in any other non-production environment. Such debugging components would be provided by
Information Builders as part of the support for the Production Issues.
- It is recognized that for Master Data Management applications, the production data may need to be used in the Test and Performance
environments, in addition to the Production environment. In such cases, the client is advised to limit the access to the data
and such environments. The developers should not have access to the production data and should work only with non-production/simulated
- Remove all test accounts and test data from the Production environment.
- Establish a process of installing service packs and patches across environments, as well as the roll-back procedures, based
on the instructions provided in the Omni-Gen Installation manual and Omni-Gen Release Notes for the corresponding patch or service pack.
Recommendations and Information for Requirement 6.5 and 6.6
- Follow the best practices and guidelines provided by Information Builders for the development and maintenance of the applications.
- Any public-facing application, which exposes parts of the Omni-Gen data, should not be connecting to the live master data repository, but rather should be presenting the data off the generated
consumption view layer, thus minimizing the data access and cross contamination.
- Any customized applications, which are written utilizing the available RESTful APIs, are the responsibility of the client.
The client must perform regular web application vulnerability assessments and/or install external firewalls.
- The client is responsible for ensuring that any data access to the Mastered Data repository is under their full control and
no external application can access this data without proper authentication/authorization.