...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
None available CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable | [TH] Please add a statement about this to the end of your architecture document (or in another wiki page), with a heading such as "CPS Security Requirements." |
...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
None available CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable | [TH] Please add a statement about this to the end of your security requirements section/document. At a minimum, it should indicate how you protect your username and password configurations. (See other questions on hashing of secrets and use of crypto.) |
...
| Your Answer-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
CPS does not have a UI and does not use javascript The application uses Swagger for RESTful API, wherein it is set that Authorization headers are required for accessing API documentation. | [TH] You should mention use of HTTPS behind mesh. |
...
| Your Answer-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
| No | [TH] how about storage of usernames & passwords? |
Crypto Keylength
...
| Your Answers-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
| CPS does not store or save authentication credentials, the only information saved by CPS is data and models either via client's input or initial input from the application start up. | [TH] how about storage of usernames and passwords for REST access? |
...