Topics: |
The following are recommendations and information for the Implement Strong Access Control Measures requirements.
Recommendations and Information for Requirement 8.1
Omni-Gen does not provide an internal user management facility, but instead uses externalized systems, such as AD/LDAP, WSO2, and Source Management, for user access. The client is advised to refer to the available documentation for the user management aspect based on the utilized component. Integration with the corporate level systems, such as Active Directory (AD), should ensure that user access is automatically synchronized across corporate access and Omni-Gen Governance access, eliminating the need for double maintenance.
Recommendations and Information for Requirement 8.2
Access to the user management systems themselves should be made available only to vetted administrators who are trusted to have access to such systems. The monitoring of any user administrative tasks, such as the addition of a user or the altering of user roles should be done based on client requirements.
Recommendations and Information for Requirement 8.7
Any access to the data sources, which may contain sensitive information, shall be managed and restricted by the client network and security policies in place outside of the Omni-Gen product.
Any direct access to the Omni-Gen database repositories shall be protected by the client's existing security model, ensuring that only approved users can get direct access. The physical systems where the data may rest in place, shall be protected by the network security model following the client requirements.
Any externalization of data to the outside non-Omni-Gen consumer, such as customized application and reports, should be done by creating a layer of abstraction-like Consumption Views to limit or filter authorized data to be exposed. The Omni-Gen Consumption View builder enables the client to generate a slice of data for a specific type of end user application, such ensuring that no sensitive data is included, unless the end user application is authorized to access it.
Requirements are not applicable to the Omni-Gen product line.