What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment?
|
|
1
|
46
|
10 August 2023
|
How do you monitor external software or 3rd party libraries security advisories and apply any security fixes promptly?
|
|
1
|
45
|
10 August 2023
|
How do you manage risk of internal and third-party software libraries used in code?
|
|
1
|
56
|
10 August 2023
|
What logging/auditing is available?
|
|
1
|
145
|
30 July 2021
|
Logging Details
|
|
1
|
112
|
7 July 2022
|
What is Yotta's approach to remediating vulnerabilities?
|
|
1
|
106
|
11 April 2022
|
Do you have SIEM (Security Information & Event Management) integration?
|
|
1
|
106
|
30 July 2021
|
Does audit data such as verbose logs contain any sensitive information?
|
|
1
|
94
|
30 July 2021
|
Can the log files of your solution/system be exported?
|
|
1
|
97
|
30 July 2021
|
What audit information can be extracted in relation to login attempts?
|
|
1
|
109
|
30 July 2021
|
Do you communicate security issues/incidents with subcontracted services to customers?
|
|
1
|
87
|
30 July 2021
|
Do you have a process for actual or suspected cyber security incidents or breaches being reported to the customer?
|
|
1
|
65
|
30 July 2021
|
What additional security testing have you completed?
|
|
1
|
94
|
30 July 2021
|
If you use AWS, do you use Amazon GuardDuty Threat Detection?
|
|
1
|
89
|
30 July 2021
|
If you use AWS, do you use Amazon Shield?
|
|
1
|
73
|
30 July 2021
|
How is the data protected in transit?
|
|
1
|
88
|
30 July 2021
|
Have you implemented DKIM, DMARC and SPF on your email service?
|
|
1
|
106
|
30 July 2021
|
Where is Alloy Data Stored?
|
|
1
|
111
|
30 July 2021
|
Will remote access be required?
|
|
1
|
89
|
30 July 2021
|
Which Certification Authority do you use?
|
|
1
|
93
|
30 July 2021
|
Does the solution use Client Certificates for authentication or S/MIME?
|
|
1
|
91
|
30 July 2021
|
Does the solution use Client Certificates for signing to provide non-repudiation?
|
|
1
|
72
|
30 July 2021
|
Are Self Signed Digital Certificates used?
|
|
1
|
104
|
30 July 2021
|
Is there a lockout process for user accounts?
|
|
1
|
84
|
30 July 2021
|
Does the solution use Role Based permissions/authorisation?
|
|
1
|
95
|
30 July 2021
|
How is the communication between the Client/Mobile and the Service encrypted?
|
|
1
|
106
|
30 July 2021
|
What additional controls are in place to support the unauthorised access of data?
|
|
1
|
87
|
30 July 2021
|
Are users shown that a failed login was a username or password that was incorrect?
|
|
1
|
75
|
30 July 2021
|
Is the password policy configurable?
|
|
1
|
81
|
30 July 2021
|
OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
90
|
30 July 2021
|