Standards

508 Compliance

Cayosoft development best practices on accessible products and solutions allows us to support government entities in making accessible technology choices. We proactively educate our product teams about accessible design and the Section 508 Access Board standards. Click here to read more about Section 508 of the Rehabilitation Act.

Section 508 Voluntary Product Accessibility Template (VPAT) Cayosoft Administrator VPAT

HSPD-12

Homeland Security Presidential Directive 12 (HSPD 12), dated August 27, 2004, entitled “Policy for a Common Identification Standard for Federal Employees and Contractors,” directed the promulgation of a Federal standard for secure and reliable forms of identification for Federal employees and contractors. Learn more here.

OMB 11-11

OMB M-11-11 memorandum outlines a plan of action for agencies that will expedite full use of the credentials for access to federal facilities and information systems by the Executive Branch.

Learn more here.

FIPS Compliance

According to Microsoft: “FIPS 140 is a standard for US government, Canadian government and other prominent institutions, that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive but unclassified information. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC).”

Cayosoft Administrator uses the FIPS compliant cryptographic algorithms and modules provided by Microsoft and described my Microsoft here. For detailed information on correct configuration please contact Cayosoft Support here.

Auditing and Logging

• Execution History – Each rule that is executed by the service from the Console generates an entry in the Execution History log. This log shows the date/time/duration of the execution and will show any errors (if any) that may have occurred.

• Change History – Changes made by users in the Cayosoft Web Portal are logged into on-line change history. This change history shows displays the typical Who, What, When and Where details along with before and after values when appropriate.

• Changes by this User – Integrated with Change History is the Changes by this User option. With this option you can pick any account and see the tasks that were performed by that account against other objects.

• Dynamic Groups Logging – Dynamic Group Rules can be configured to update user change history when a user is added or removed from a group.

How Passwords are handled during Auditing and Logging

Passwords are not written to logs to maintain their integrity.

OWASP

The Open Web Application Security Project (OWASP) is a non-profit organization that provides unbiased information about threats to application security along with an OWASP Top Ten list of the most critical security flaws in web applications – the ones that are often the easiest for attackers to find and exploit.