Within the Case Management System (CMS) ecosystem, the Enterprise Security component implements global security capabilities across the enterprise while each separate component implements baseline component-level security capabilities. The following provides guidance on the types of solutions available for implementing the Enterprise Security component to complement component-level security capabilities.
- Single Sign-On: Provide system single sign-on capability. Enables users to reset credentials.
- Encrypted Privacy Data: Store designated privacy data with encryption.
- Security Controls: Maintain security controls implemented within the system/application, such as through internal or third-party audits, vulnerability assessments, penetration testing, etc.
- Security Logging: Log all login attempts including date/time, IP address, status (success or failure).
- Soft Delete User but Retain History: Provide administrative functions allowing authorized users to soft delete a user but retain all history associated with the user's activity.
- Lock User Out of System/Unlock: Provide administrative functions allowing authorized users to lock a user out of the system or unlock a user to allow them to regain access.
- Timing of Security Changes: Allow security changes made by security administrators to take effect immediately or at a specified time.
- Distributed Security Administration: Allow security to be managed by multiple administrators so each administrator can manage their own court/office if needed.
- Password Changes: Require passwords to be changed at defined intervals and allow password reset times to be different based on user security roles.
- Identify and Remediate Vulnerabilities: Mechanisms and processes to minimize invasion of viruses and identify and remediate vulnerabilities in the component throughout the product release cycle and lifecycle.
- Protect Documents: Mechanisms to ensure documents are authentic and unaltered from what was originally submitted.
- Designate Administrators: Designate users as administrators and change those who have that designation by a super administrator.
- Administrative Functions: Provide administrative functions allowing authorized users to manage users' access rights, including grant/revoke security roles to/from a user, view granted roles, and search user by predefined search criteria.
- Assign Users to Roles and Groups: Provide administrative functions allowing authorized users to manage security roles/groups, modifying existing roles (groups and associated access rights), and to creating a new role/group (view users with the role, grant/revoke access rights to/from a role).
- Inherit Properties from Other Roles: Support role definitions that can inherit properties from other roles.
- User with Multiple Roles/Groups: Assign a user to multiple roles/groups.
- Configurable Time-Out: Configure the component time-out feature based on court policy.
- Access Data Using Application Services: Prevent domain or local administrative user from accessing data when not using application services.
- Terminate User's Session: Enable security administrators to terminate a user's session immediately.