Logging Details
|
|
1
|
167
|
7 July 2022
|
What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment?
|
|
1
|
70
|
10 August 2023
|
How do you monitor external software or 3rd party libraries security advisories and apply any security fixes promptly?
|
|
1
|
70
|
10 August 2023
|
How do you manage risk of internal and third-party software libraries used in code?
|
|
1
|
95
|
10 August 2023
|
What logging/auditing is available?
|
|
1
|
209
|
30 July 2021
|
What is Yotta's approach to remediating vulnerabilities?
|
|
1
|
126
|
11 April 2022
|
Do you have SIEM (Security Information & Event Management) integration?
|
|
1
|
127
|
30 July 2021
|
Does audit data such as verbose logs contain any sensitive information?
|
|
1
|
138
|
30 July 2021
|
Can the log files of your solution/system be exported?
|
|
1
|
124
|
30 July 2021
|
What audit information can be extracted in relation to login attempts?
|
|
1
|
131
|
30 July 2021
|
Do you communicate security issues/incidents with subcontracted services to customers?
|
|
1
|
123
|
30 July 2021
|
Do you have a process for actual or suspected cyber security incidents or breaches being reported to the customer?
|
|
1
|
83
|
30 July 2021
|
What additional security testing have you completed?
|
|
1
|
115
|
30 July 2021
|
If you use AWS, do you use Amazon GuardDuty Threat Detection?
|
|
1
|
105
|
30 July 2021
|
If you use AWS, do you use Amazon Shield?
|
|
1
|
92
|
30 July 2021
|
How is the data protected in transit?
|
|
1
|
133
|
30 July 2021
|
Have you implemented DKIM, DMARC and SPF on your email service?
|
|
1
|
135
|
30 July 2021
|
Where is Alloy Data Stored?
|
|
1
|
187
|
30 July 2021
|
Will remote access be required?
|
|
1
|
167
|
30 July 2021
|
Which Certification Authority do you use?
|
|
1
|
130
|
30 July 2021
|
Does the solution use Client Certificates for authentication or S/MIME?
|
|
1
|
116
|
30 July 2021
|
Does the solution use Client Certificates for signing to provide non-repudiation?
|
|
1
|
115
|
30 July 2021
|
Are Self Signed Digital Certificates used?
|
|
1
|
146
|
30 July 2021
|
Is there a lockout process for user accounts?
|
|
1
|
145
|
30 July 2021
|
Does the solution use Role Based permissions/authorisation?
|
|
1
|
153
|
30 July 2021
|
How is the communication between the Client/Mobile and the Service encrypted?
|
|
1
|
129
|
30 July 2021
|
What additional controls are in place to support the unauthorised access of data?
|
|
1
|
122
|
30 July 2021
|
Are users shown that a failed login was a username or password that was incorrect?
|
|
1
|
120
|
30 July 2021
|
Is the password policy configurable?
|
|
1
|
142
|
30 July 2021
|
OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
141
|
30 July 2021
|