ࡱ> DFE \p aschwartz Ba==xxL;"8X@"16Arial16Arial16Arial16Arial16Arial16Arial16Arial1 6Arial1$6Arial16Arial"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)$[$-409]dddd\,\ mmmm\ dd\,\ yyyy[$-409]h:mm:ss\ AM/PM                + ) , *     @     x@ @ 8@ @ 8@ @ x@ @ !x@ @ x@ @  |@ @ |@ @ x@ @   @ x@ @  x@ @   x@ @  x@ @  (@ @  h@ @  |@ @  |@ @ < <  ` h3Harris FDsys RD Baseline!  ;8" 4.6.2.2.1.1 4.6.2.2.1.2 5.3.2.1.1 5.3.2.1.1.1.1 5.3.2.1.1.1.2 5.3.2.1.1.1.3 5.3.2.1.2 5.3.2.1.2.1 5.3.2.1.2.2 5.3.2.1.2.3 5.3.2.1.3 7.2.4.8.6eThe system shall provide the capability to use passwords to verify the identity of authorized users. lThe system shall provide the capability to use PKI certificates to verify the identity of authorized users. HThe system shall verify the identity and authority of authorized users. BValid proof of the user s identity shall be logged by the system. 5The system shall authenticate system administrators. 7The system shall authenticate security administrators. YThe system shall permit users to create a unique user identity for access to the system. kThe system shall enforce uniqueness of user identity so that no two users can use the exact same identity. The system shall be capable of Identity Management system functionality to facilitate provisioning of user identities for users and system administrators. The system shall be capable of Identity Management system functionality to provide users and system administrators with one single interface and control point for provisioning and managing user identities that will be used to support the system's access control decisions. The system shall deploy an initial Identity Management capability to provide users and system administrators with one single interface and control point for provisioning and managing user identities. [A user shall only be allowed to manage attributes associated with their own user identity. JThe system shall display a message to users if they fail to authenticate. sThe system shall provide the capability to collect proof of identity information from the user during registration.The system shall provide a default security GUI for authorized Systems Administrators / Operations Managers users that shall enable users them to, at a minimum: " Perform security administration. " Interact with the identity management system including managing user roles and user accounts in a role based security system. " View and manage system, application, audit, and security logs. " Monitor system security policy settings and policy enforcement. " Administer access rules.\The system shall have the capability to authenticate users based on a unique user identity. >The system shall support user ID and password authentication. The system shall support a configurable minimum password length parameter, settable by authorized system administrators. The minimum value allowable for this parameter is eight (8). The system shall permit stronger authentication techniques to be used for system and security administrators (such as longer and/or more complex passwords, public key certificate, and token based authentication). Identifier or Section NumberFDsys Requirements Text1 = Meets; 0 = Does Not Meet Product Name Meeting RequirementQuestions or Notes 5.3.2.5.1 5.3.2.5.1.2 5.3.2.6.4.1 5.3.2.6.4.2 5.3.2.6.4.3fThe system shall support the capability of maintaining confidentiality of user data (e.g., passwords).The system shall have the capability to provide confidentiality of user data, including confidentiality of user authentication data stored within the system (e.g., passwords).dThe system shall provide an administrative graphical user interface to perform user administration. kThe system shall have the capability for authorized security administrators to set system security policy. pThe system shall have the capability for authorized security administrators to maintain system security policy. WSystem security policy parameters shall include authorized user authentication methods.USystem security policy parameters shall include administrator authentication methods.JSystem security policy parameters shall include minimum passwords lengths.dThe system shall have the capability to enforce the separation of functions through assigned roles. The system shall provide the capability to partition security administration into logical elements such that security administrators can be assigned accordingly. rThe system shall provide the capability to limit security administrator s authority to assigned logical elements. 5.3.2.3.1.11 5.3.2.3.1.12 5.3.2.3.3 5.3.2.3.3.1WAudit logs shall contain logged events which each contain the date the event occurred. VAudit logs shall contain logged events which each contain the time the event occurred.Audit logs shall contain logged events which each contain the software module (source) that logged the event, which can be either an application name or a component of the system or of a large application, such as a service name.lAudit logs shall contain logged events which each contain a classification of the event by the event source.Audit logs shall contain logged events which each contain a classification of the event severity: Error, Information, or Warning in the system and application logs; Success Audit or Failure Audit in the security log.iAudit logs shall contain logged events which each contain a number identifying the particular event type.|Audit logs shall contain a description of the event containing the user name of the user on whose behalf the event occurred.Audit logs shall contain a description of the event containing the name (IP address and DNS name) of the system on which the event occurred.Audit logs shall contain a description of the event containing a description of any significant problems, such as a loss of data or loss of functions.Audit logs shall contain a description of the event containing information about infrequent significant events that describe successful operations of major server services.Audit logs shall contain a description of the event containing warnings, events that are not necessarily significant, but that indicate possible future problems.}Audit logs shall contain a description of the event containing an audit of the security access attempts that were successful.tAudit logs shall contain a description of the event containing an audit of the security access attempts that failed.]The system shall maintain a security log containing logon attempts (both valid and invalid). The system shall maintain a security log containing events related to resource use, such as creating, opening, or deleting files or other objects. KThe system shall keep an audit log of security administrator transactions. <The system shall keep an audit log of system access rights. EThe system shall keep an audit log of attempts to access the system. PThe system shall keep an audit log of any detected breaches of security policy. mThe system shall have the capability to arbitrate access based on a role-based access model driven by policy.UThe system shall permit authorized system administrators to create customized roles. UThe system shall permit authorized system administrators to assign customized roles. MThe system shall provide access control limitations to support data mining . |The system shall allow authorized system administrators to assign roles for access to system data objects and transactions. The system shall allow authorized system administrators to customize roles for access to system data objects and transactions. cThe system shall allow the use of standards based LDAP technology for the role based access model. 'The system shall manage user accounts. AThe system shall provide the capability to create u<ser accounts. The system shall provide the capability to create group accounts. This will allow individual users to log into the system but provide access to an entire group of users.AThe system shall provide the capability to access user accounts. AThe system shall provide the capability to delete user accounts. BThe system shall provide the capability to suspend user accounts. OThe system shall provide the capability to reactivate suspended user accounts. OThe system shall provide the capability for the renewal of user registrations. >The system shall have the capability to expire user accounts. LThe system shall provide the capability for users to cancel their accounts. WThe system shall provide the capability for users to update their account information. pThe system shall provide a means to ensure that users cannot view information of other users unless authorized. rThe system shall provide a means to ensure that users cannot modify information of other users unless authorized. VThe system shall securely store personal information (e.g. user names and passwords). jThe system shall provide the capability for authorized users to manage (add, modify, delete) information. 5.3.2.2.1 5.3.2.2.1.1.1 5.3.2.2.1.3 5.3.2.2.2 5.3.2.2.3 5.3.2.2.3.1 5.3.2.2.4 5.3.2.2.5 5.3.2.2.6 5.3.2.2.7 5.3.2.2.8 5.3.2.2.9 5.3.2.2.10 5.3.2.2.11 5.3.2.2.13 5.3.2.2.14Authentication of users=Administration of user attributes, credentials and privilegesAccess control enforcement Audit support!Security administration functions 4.6.2.1.1.0.1 4.6.2.1.1.0.25.3.2.1.2.2.1.2 5.3.2.2.1.1.2 5.3.2.2.1.2.1 5.3.2.2.1.2.25.3.2.1.2.2.1.1 5.3.2.2.12.1 5.3.2.3.1.1.1 5.3.2.3.1.1.2 5.3.2.3.1.1.3 5.3.2.3.1.1.4 5.3.2.3.1.1.5 5.3.2.3.1.1.6 5.3.2.3.1.2.1 5.3.2.3.1.2.2 5.3.2.3.1.2.3 5.3.2.3.1.2.4 5.3.2.3.1.2.5 5.3.2.3.1.2.6 5.3.2.3.1.2.7 5.3.2.3.1.5.1 5.3.2.3.1.5.2 5.3.2.6.1.1 5.3.2.6.2.0.1 7.7.2.4.8.1 5.3.2.6.2.1.1 5.3.2.6.2.1.2 5.3.2.6.2.1.3 5.3.2.6.2.2 5.3.2.2.12.2 Capability 1: Capability 2: Capability 3: Capability 4: Capability 5:TFDsys Identity & Access Management System Trade Study Requirements Vendor Self-Score - ~ [!rJ  <!%(_+..[.$Z/20_051b1.2[cc.  LU^aaab bbb#b+b3b;bCbKbSb[bcbkbsb{bbbbbbbbbbbb  dMbP?_*+%MN\\OPS-FILES\intprn237 - PMO arepC odLetterDINU"4<ۦK-<IUPH dLetter [none] [none]Arial4Pd?ASCHWARTZ<Automatic>0  600dpidType new Quick Set name here j.k k m m @EXCEL.EXE    "d??U} } I.} I }  } #Identifier or Section Numberrt,t   I@#     #  ,---- +  ! " # * $q """ v   w                              * &r %%%          x  '''   ''' !b L  !y M  !z O  !{ P   d R   e S   f T   g U   h V   i W   j X   k Y Dl F,,,,,,,,,,,,,,,,,,,,,,,,,,,,, !"#$%#&'()*+,-@./0*@12#3@45678+@9:;<=>? l Z  ! m ![ ! " n "\ " # p #` # $ $ $((( %* %&s %%%% &| & & ' a 'K ' ( b (N ( ) c )Q ) *!} *] * +! +^ + , o ,_ , -$ -) -((( .% .* .((( /& /1 /((( 0' 02 0((( 1( 13 1((( 2* 2&t 2%%% 3~ 38 3 4 49 4 5 5: 5 6 6; 6 7 7< 7 8 8= 8 9 9> 9((( : :? :((( ; ;@ ;((( < <A <((( = =B =((( > >C >((( ? ?D ?(((Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,@A9@BCDEF#GHIJKLM  @ @E @((( A AF A((( B4 BG B((( C5 CH C((( D6 DI D((( E7 EJ E((( F* F&u F))) G G+ G((( H H, H((( I I- I((( J J. J((( K K/ K((( L L0 L((( M M M((( ,,,,,,,,,,,,,(>@ ppp 7 Oh+'0HP\p . aschwartzMicrosoft Excel@k@9)@p՜.+,0 PXd lt| . Harris FDsys RD Baseline  Worksheets  !"#$%&'()*+,-./013456789;<=>?@ARoot Entry FWorkbookRcSummaryInformation(2DocumentSummaryInformation8:Root Entry FVqGWorkbookRcSummaryInformation(2DocumentSummaryInformation8L  !"#$%&'()*+,-./013456789՜.+,D՜.+, PXd lt| . Harris FDsys RD Baseline  Worksheets4 $,