Introduction to the EFT Security Modules
-
Both the Advanced Security module (ASM) in EFT Enterprise and the Express Security module (ESM) for EFT Express help achieve or exceed compliance requirements mandated by the most rigorous standards, including PCI DSS, FIPS 140-2 Validation, HIPAA, HITECH, Sarbanes-Oxley, and many others.
-
The ASM includes the compliance requirements available in the ESM, and also enables organizations to centralize their user access controls, improve productivity, and increase adherence to security policies.
The features listed below are in the Express Security module and in the Advanced Security Module:
-
Privacy configuration, including GDPR-specific settings
-
Ability to enable HSTS (requires HTTPS module)
-
Managing multiple user accounts as batch
-
Specify personal data and privacy settings on a Site and per user
-
Generate GDPR DPIA report
-
Enables auditing of administrator changes (PCI DSS 102.2.2)
-
Automatically redirects HTTP to HTTPS (PCI DSS 2.2.3)
-
Forces password reset on initial use (PCI DSS 8.2.6)
-
Expires user passwords and/or administrator passwords after 90 days (PCI DSS 8.2.4)
-
Enables password expiration reminders (email, banner)
-
Removes old data automatically Data sanitization/wiping (PCI DSS 9)
-
Removes inactive accounts after 90 days (PCI DSS 8.1.4)
-
Hides or disables non-allowed cipher or SSL versions, key lengths <128 bits, anonymous account type, and warns when importing certificates with weak keys (PCI DSS 4.1)
-
Warns if password complexity is disabled (PCI DSS 8.2.3)
-
Warns if insecure protocols are in use (PCI DSS 2.2.2)
-
Warns if user disk quota is not set (PCI DSS 3.1)
-
Warns if secure remote administration not set (PCI DSS 2.3)
-
Warns if Encrypting File System (EFS) in use (PCI DSS 3.4.1)
-
Warns if weak SSL versions and ciphers are in use (PCI DSS 4.1)
-
Warns if DoS and flood settings are too low (PCI DSS 2.2.4)
-
Warns if vendor defaults remain unchanged (PCI DSS 2.1)
-
Warns if expired keys present (PCI DSS 3.6.5)
-
Warns if multiple administrator roles present (PCI DSS 7.1)
-
Warns if anonymous account type in use (PCI DSS 8.5)
-
Causes idle sessions to automatically timeout (PCI DSS 8.1.8)
-
Limits repeated invalid login attempts (PCI DSS 8.1.6)
-
Provides a configuration wizard for creating PCI DSS compliant Sites
-
Monitors and reports on configuration changes that result in PCI DSS violations (PCI DSS 12)
-
Produces automatic daily PCI DSS Compliance reports (PCI DSS 12)
-
Enables Active Directory and Local Windows accounts for EFT administrator authentication (default administrator accounts are maintained by EFT).
-
Refer to EFT Enterprise Advanced Security for a list of additional features in the ASM.