Versions Compared

Old Version 12

changes.mady.by.user Lee Anjella Macabuhay

Saved on

compared with

New Version 13

changes.mady.by.user Tony Hansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Your Answer-Please DescribeSECCOM Feedback / Recommendations

None available

CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable

Please add a statement about this to the end of your architecture document (or in another wiki page), with a heading such as "CPS Security Requirements."

Assurance Case

Does your project actually meet its documented security requirements?

...

Your Answer-Please DescribeSECCOM Feedback / Recommendations

None available

CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable

Please add a statement about this to the end of your security requirements section/document. At a minimum, it should indicate how you protect your username and password configurations. (See other questions on hashing of secrets and use of crypto.)

Vulnerability Mitigation

Vulnerabilities Critical Fixed

...

Your Answer-Please ExplainSECCOM Feedback / Recommendations

CPS does not have a UI and does not use javascript

The application uses Swagger for RESTful API, wherein it is set that Authorization headers are required for accessing API documentation. 

You should mention use of HTTPS behind mesh.



Cryptographic-specific Software Questions

...

Your Answer-Please ExplainSECCOM Feedback / Recommendations
N/Ahow about storage of passwords?

Crypto Working

Does your software depend on any cryptographic algorithms that are known to be broken?

...

Your Answer-Please ExplainSECCOM Feedback / Recommendations
Nohow about storage of passwords?

Crypto Keylength

Does your software generate any keys? If so, do they use any default key-lengths that are considered insecure?

...

Your Answers-Please ExplainSECCOM Feedback / Recommendations
This does not apply how about storage of passwords?

Crypto Certificate Verification

...

Your Answers-Please ExplainSECCOM Feedback / Recommendations
CPS does not store or save authentication credentials, the only information saved by CPS is data and models either via client's input or initial input from the application start up.how about storage of usernames and passwords for REST access?

Crypto TLS1.2

Does your software support HTTPS? If so, is the minimum version allowed TLS1.2?

...