Question on SOX password compliance
We have reporting the following
Appworx 9.0 password policy exceptions as part of our 2016 baseline SOC 3
critical application password security review. Please advise as to
whether any of these can be modified/configured, or what specific plans
Automic has to address these vulnerabilities.
Password must contain a combination of numeric and alphabetic characters: NO
Password maximum age is set to 90 days: NO
Password reuse is set to 12 passwords: NO
Password is not the same as the user’s ID: NO
Application meets minimum security standards: NO
You can make changes to password requirements by editing the masters agent, and clicking on the Passwords sub tab. I have included the link to the document below.
http://docs.automic.com/documentation/AM/9.0/english/AM_WEBHELP/help_en.htm#AM_Administration_Guide/Setting_Password_Automation_Engine_Options.htm?Highlight=passwords
You can change the password Expire interval by editing the user. The link to the document is below.
http://docs.automic.com/documentation/AM/9.0/english/AM_WEBHELP/help_en.htm#AM_Administration_Guide/Defining_Users.htm?Highlight=usersIf you wish to increase user login security beyond these rules or want to implement rules like these, you can add additional password rules with user login password audits. The link to the document is below.
http://docs.automic.com/documentation/AM/9.0/english/AM_WEBHELP/help_en.htm#AM_Administration_Guide/Adding_User_Login_Password_Audits.htm?Highlight=changing%20passwordIf these options don't meet your requirements then you will need to fill out an enhancement request to get something added that is not currently provided in the product. below is the url to the Automic Product Enhancement site.
http://ideas.automic.com/