Logging Details
|
|
1
|
49
|
7 July 2022
|
What is Yotta's approach to remediating vulnerabilities?
|
|
1
|
34
|
11 April 2022
|
Do you have SIEM (Security Information & Event Management) integration?
|
|
1
|
44
|
30 July 2021
|
Does audit data such as verbose logs contain any sensitive information?
|
|
1
|
35
|
30 July 2021
|
Can the log files of your solution/system be exported?
|
|
1
|
36
|
30 July 2021
|
What audit information can be extracted in relation to login attempts?
|
|
1
|
51
|
30 July 2021
|
What logging/auditing is available?
|
|
1
|
43
|
30 July 2021
|
Do you communicate security issues/incidents with subcontracted services to customers?
|
|
1
|
41
|
30 July 2021
|
Do you have a process for actual or suspected cyber security incidents or breaches being reported to the customer?
|
|
1
|
33
|
30 July 2021
|
What additional security testing have you completed?
|
|
1
|
40
|
30 July 2021
|
If you use AWS, do you use Amazon GuardDuty Threat Detection?
|
|
1
|
41
|
30 July 2021
|
If you use AWS, do you use Amazon Shield?
|
|
1
|
35
|
30 July 2021
|
How is the data protected in transit?
|
|
1
|
34
|
30 July 2021
|
Have you implemented DKIM, DMARC and SPF on your email service?
|
|
1
|
39
|
30 July 2021
|
Where is Alloy Data Stored?
|
|
1
|
36
|
30 July 2021
|
Will remote access be required?
|
|
1
|
33
|
30 July 2021
|
Which Certification Authority do you use?
|
|
1
|
35
|
30 July 2021
|
Does the solution use Client Certificates for authentication or S/MIME?
|
|
1
|
32
|
30 July 2021
|
Does the solution use Client Certificates for signing to provide non-repudiation?
|
|
1
|
31
|
30 July 2021
|
Are Self Signed Digital Certificates used?
|
|
1
|
45
|
30 July 2021
|
Is there a lockout process for user accounts?
|
|
1
|
43
|
30 July 2021
|
Does the solution use Role Based permissions/authorisation?
|
|
1
|
38
|
30 July 2021
|
How is the communication between the Client/Mobile and the Service encrypted?
|
|
1
|
43
|
30 July 2021
|
What additional controls are in place to support the unauthorised access of data?
|
|
1
|
46
|
30 July 2021
|
Are users shown that a failed login was a username or password that was incorrect?
|
|
1
|
33
|
30 July 2021
|
Is the password policy configurable?
|
|
1
|
37
|
30 July 2021
|
OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
43
|
30 July 2021
|
Does the solution require an EV certificate?
|
|
1
|
34
|
30 July 2021
|
Are any Trusted Root Certificates included in the standard build
|
|
1
|
32
|
30 July 2021
|
Can you limit user access to Alloy to specific IP ranges
|
|
1
|
34
|
30 July 2021
|