User Account Policy

PIMS User account lockout policy, password policy and auditing

User Account and Password

• Default privileges for new accounts can be set to "none", and then privileges or access can be assigned after the account has been implemented.
• Individual user accounts can be linked to the individual's users in LDAP/ Active Directory, this will require that the web server and SQL server is joined to the Active Directory in the corporate network.
• PIMS can produce reports showing user activity, and inactivity, over specified periods of time. It can also show account privileges at the current point in time and historically.
• PIMS can apply the same complexity, expiration and length policies used in Windows Server 2003 or later to passwords used inside SQL Server.
• New users can be forced to change their passwords at first login, except where the user chooses their own password initially. PIMS can prohibit the use of blank passwords. This is done either by AD Group Policy or Local Group Policy.
• PIMS can be configured to either lock the account or suspend the accont for X minutes if a user tries X unsuccessful login attempts within XX hours. This is done either by AD Group Policy or Local Group Policy.
• PIMS can be configured so that passwords will expire periodically, for example every 120 days.
• All transmitted passwords (both for end users and for backend systems) is protected by encryption in transit using SSL encryption, so that passwords are never sent across the network in clear text.
• PIMS stores all passwords using a one-way encryption or hashing method by using SQL server or Active Directory.
• All data and system changes are tagged with login and date/time of the insert, update or
  delete operation. This includes changes to source code, database objects and tracking of
  published resources.
  In addition SQL server can be configured to enable Common Criteria compliance and C2
  audit tracing
• PIMS can suspend user sessions after xx minutes of inactivity, this is a configurable value.