On Demand SaaS Security Access Management Policy

Document ID : KB000056411
Last Modified Date : 04/06/2018
Show Technical Document Details
Introduction:

When working with CA Technical Support, there may be times when a CA PPM account is requested for further troubleshooting.  This document explains the policy for ensuring confidentiality is preserved.

Instructions:

Confidentiality Preservation

User IDs or User Names and Passwords are considered to be unique and confidential information and sharing is thereby strictly prohibited.

Application interface user IDs fall under the scope of this policy.

Transmission of authentication credentials must occur over encrypted channels. 

Unencrypted storage or communication of authentication credentials is strictly prohibited.   

In application support scenarios where external entities (non-CA, such as customers or vendors) communicate authentication credentials:

Communication of authentication credentials should occur via dual-band methods, e.g. send username via email and password via phone.  Do not post credentials directly in a support case activity notes.

   If credentials are sent in the clear:

They will be immediately removed

Negative confirmation will be sent to the sender including CA Policy citing

 

User Accounts

Unique User ID or User Name MUST be created for each individual.  User ID or User Name sharing is strictly prohibited.  Any exceptions require a Technical and Business justification. For system user ID’s password knowledge must be limited to a restricted set of authorized users.

 

Password Parameters

8 character long (minimum)

Combination of letters & numbers

Must have at least one Upper case letter

Must have at least one numeric character

Must have one special character

Passwords expire every 90 days

Account not used for 90 days will be disabled

Account will be disabled after 10 retries and will require approved ticket to reactivat