Does the solution require an EV certificate?
|
|
1
|
91
|
30 July 2021
|
Are any Trusted Root Certificates included in the standard build
|
|
1
|
75
|
30 July 2021
|
Can you limit user access to Alloy to specific IP ranges
|
|
1
|
109
|
30 July 2021
|
Does the solution require special IPS/IDS exceptions?
|
|
1
|
205
|
30 July 2021
|
Is a remote desktop connection (e.g. Webex), a thin-client (Citrix) or direct access required?
|
|
1
|
65
|
30 July 2021
|
Will remote access to the system be required?
|
|
1
|
59
|
30 July 2021
|
Is there any additional encryption key use. i.e. SSL /TLS?
|
|
1
|
52
|
30 July 2021
|
How are communications between endpoints secured? VPN, TLS
|
|
1
|
49
|
30 July 2021
|
Does the solution require access to the customers Internal Network?
|
|
1
|
46
|
30 July 2021
|
Does the solution require access to the customers DMZ?
|
|
1
|
89
|
30 July 2021
|
Does the solution require PSN/N3/PNN/ESN Access?
|
|
1
|
65
|
30 July 2021
|
Is data storage used in Alloy audited?
|
|
1
|
86
|
30 July 2021
|
What process do you use for cleaning data from reusable drives?
|
|
1
|
69
|
30 July 2021
|
Do you provide statements/certificates to demonstrate media destruction?
|
|
1
|
62
|
30 July 2021
|
Do you have a Media Destruction policy?
|
|
1
|
62
|
30 July 2021
|
Is TLS opportunistic or enforced on your mail gateway?
|
|
1
|
73
|
30 July 2021
|
How is the data stored at Rest? If it is encrypted, please specify?
|
|
1
|
54
|
30 July 2021
|
How often do you review the security of your suppliers in relation to subcontracted services?
|
|
1
|
46
|
30 July 2021
|
Do you perform security related due diligence against your own suppliers?
|
|
1
|
49
|
30 July 2021
|
Does the organisation hold any Cyber or Information Security insurance?
|
|
1
|
61
|
30 July 2021
|
Are Information Security responsibilities written into your staff employment contracts?
|
|
1
|
40
|
30 July 2021
|
Does Yotta have a dedicated resource/team responsible for Information Security?
|
|
1
|
47
|
30 July 2021
|
In the event of a security incident/hotfix, what information can be shared?
|
|
1
|
42
|
30 July 2021
|
In Alloy who has access to the data?
|
|
1
|
97
|
30 July 2021
|
How do we organise a pen test against Alloy? (Penetrations Test)
|
|
1
|
54
|
30 July 2021
|
Would you be willing to share the results of pen tests performed on Alloy?
|
|
1
|
62
|
30 July 2021
|
Has your Alloy ever been pen tested? If Yes, how often is it tested?
|
|
1
|
82
|
30 July 2021
|
Is TLS enforced for all API calls?
|
|
1
|
39
|
30 July 2021
|
Have Alloy's API’s been Penetration Tested by a CHECK or TIGER accredited company?
|
|
1
|
83
|
30 July 2021
|
How are potential new threats, vulnerabilities or exploitation techniques assessed?
|
|
1
|
64
|
30 July 2021
|