EM uses industry-standard system security and encoding protocols to protect against unauthorized access to data and control systems, including the following security features:
- All EM components (UI, API) use HTTPS, HTTP Strict Transport Security, and SSL.
-
Certificates to prevent unauthorized access to secure, encrypted communication.
- Supported services use self-signed certificates that are installed on supported products with the option of configuring trusted certificates.
- EM enables different users to hold various roles with particular configurable rights, and data is available based on these specific roles.
- EM uses an Enterprise Identity Management System (EIMS). The EIMS has a logon workflow to ensure the authentication process is secure through issuing temporary authorization codes in exchange for a secret access code. As the access token is never visible to the user, this is the most secure way to pass the token back to the application, reducing the risk of the token leaking, and the risk of an attacker intercepting the authorization code.
- EM also offers additional password security features that ensure unauthorized
users cannot access the application:
- Multifactor authentication: If a user forgets a password, the user has to validate a one-time password sent through email to enable password recovery.
- Password expiry policy: Requires the user to change their password every 60 days.
- Password history checking: Users cannot re-use any of their past 10 passwords when they reset their password.
- Password lockout: EM application locks out a password after multiple retries.
- Credentials on two screens: User ID and passwords are typed on two different screens.