| Security Controls | Currently Available in StingRay | Vendor | Vendor | |||||||||
| Audit security changes to user and group permissions. | ▲ | |||||||||||
| System and application controls MUST ensure that inputs are properly valued and completely recorded by system | ▲ | |||||||||||
| Provide security to limit the ability to create, maintain, view or delete information to only those areas that have responsibility for that information - down to the field level | ▲ | |||||||||||
| Security at field level | ▲ | |||||||||||
| Security at database object level | ▲ | |||||||||||
| Security at menu and sub-menu level | ▲ | |||||||||||
| Requires users to log on the system, providing a unique user ID that is passed through to subsequent levels of the system | ▲ | |||||||||||
| Passwords NOT displayed on terminals or reports | ▲ | |||||||||||
| Encrypted passwords when stored in security database | ▲ | |||||||||||
| Maintainable passwords by the user | ▲ | |||||||||||
| Forced password change intervals | ▲ | |||||||||||
| History of previous used passwords to prevent reuse | ▲ | |||||||||||
| Requires a minimum user ID and password length - (six characters) | ▲ | |||||||||||
| Lock account after X invalid login attempts | ▲ | |||||||||||
| Ability for security administrator to disable or reset the log on ID for any user | ▲ | |||||||||||
| Ability for Help Desk personnel to reset the login ID for any user | ▲ | |||||||||||
| Security administrator should not be able to view password | ▲ | |||||||||||
| Define activities each user is authorized to access; indicate a start/end date and definable hours | ▲ | |||||||||||
| Ability to interface to single sign-on. (Must be LDAP compliant) | ▲ | |||||||||||
| Allow for alpha-numeric passwords | ▲ | |||||||||||
| Role-based security | ▲ | |||||||||||
| Security integrated among all modules (including reports, interfaces, import/export, etc) | ▲ | |||||||||||
| Ability to copy group or user rights to another group or user | ▲ | |||||||||||
| Ability to prevent deletion of key financial data for both active and inactive data | ▲ | |||||||||||
| Lock objects while they are being edited/changed or processed by other users in the system | ▲ | |||||||||||
| Reporting | ||||||||||||
| Provide the ability to report security violations including the date and time of attempted access, the user ID under the attempted access denied and the reason why denied | ▲ | |||||||||||
| Ability to provide user/group/command/transaction permission or authorization listings | ▲ | |||||||||||
| Ability to provide Statistical reports (i.e. login history) | ▲ | |||||||||||
| User/group inclusion/exclusion down to the field level | ▲ | |||||||||||
| Apply user-based security to ad-hoc reporting, including field restrictions | ▲ | |||||||||||
| Flexibility to define import/export groups | ▲ | |||||||||||
| Provide a report highlighting the user security setup parameters by module | ▲ | |||||||||||
| Account disabled on no activity in X days | ▲ | |||||||||||