The following article describes security practices implemented within the Sysview solution, during the development process of the Sysview solution and the Sysview infrastructure.
Application Layer Security
All communications use HTTPS between the browser and client devices (if they support it) - see [xxx] for further details.
Sysview user accounts are protected by a secure login, see below for password policy.
Users can only be added to the platform by Users with Administrator level access.
Users can only be removed from the platform by Users with Administrator level access.
Requests to Sysview applications and APIs require users to be authenticated.
Requests are subject to the following validation checks:
The token is valid and not expired
The user is active and not disabled
The user has access to the network they are requesting data for/trying to update
The user has the appropriate privilege for the operation they are performing.
The request is not a Cross Site request
Password Policy
User passwords are encrypted in transit and at rest and not available to Sysview employees.
Sysview has a secure password policy, which is continually reviewed to ensure it meets current industry best practice. The current password policy can be reviewed