VisionCore
Home Search Support Forum Knowledge Base Print

User Management Security for Administrator Users

The following will explain in detail the improvements in VisionCore Security to conform to the PCI Compliance Checklist. There are requirements in this section that Administrator users should setup, although VisionCore has put default settings, it is recommended that it must be checked and set to at least the default settings as shown in the screenshot below or better.  These are all required when TranSentry Integration option is enabled in the Company Preference form.

 

The following setup can be accessed from System menu > Security Policy.

pci_admin1

 

When editing any of the options in the Security Policy (by clicking the ellipse button), a separate form will open as shown below to edit the value. 

pci_admin2
 

Policy Group: Password Policy

Passwords must be changed at least every 90 days – Not more than 90 days but less is ok.

pci_admin3

 

If 90 days is set as maximum password age, then when password’s age reaches 91 days, from the time the password was changed, then the Password expired message will be shown.

 

Example:  Jan. 1, 2010 was the last time user’s password was changed, on the 91st day, i.e. April 1, 2010 (counting starts from the day the password was changed), the Password expired message will be shown.

pci_admin4

 

Passwords must be at least seven characters – Not less than 7 characters but more is ok.

Passwords must contain at least one numeric character, one special character, one upper case letter and one lower case letter - All options must be enabled.

pci_admin5

 

Passwords to be accepted must comply with the above requirements.  If it fails, the invalid password message will be shown.

pci_admin6

 

Passwords must not be the same as the last four used – Not less than 4 passwords remembered but more is ok.

pci_admin7

 

A history of user’s password is being tracked by VisionCore.  In this security policy, if Enforce password history is set to 4, then it will not allow you to submit a new password that is the same as any of the last 4 passwords.  Say you have entered a new password the same as any of the last 4 passwords, this message will be shown.

pci_admin8

 

Policy Group: Account Lockout Policy

Account lockout Duration – Not less than 30 minutes but more is ok.

Account lockout threshold – Not more than 6 but less is ok.

pci_admin9

 

Maximum login attempt is up to 6 times, however VisionCore defaults it to 3.  If 3 is set in the Account lockout threshold and 30 minutes is set in the Account lockout duration, then failure to login three times in a row will result in the account being locked out for 30 minutes or until unlocked by another administrator.

 

This message will be shown when you failed to login three times in a row.  And the 30 minutes locked out is based on the default setting in Security Policy form > Account Lockout duration.

pci_admin10

 

When you tried to login using the same user within 30 minutes, this message will be shown letting you know the actual remaining time of locked out.

pci_admin11

 

The administrator though has the ability to unlock the said user from being locked out.  Here is how to do it.

 

Administrator must login and uncheck the User is Disabled option in the User Security form of the said user.

pci_admin12

 

Require login if user account is idle – Not more than 15 minutes but less is ok.

pci_admin13

 

If 15 minutes is set in Require login if user account is idle field, after a user idle time of 15 minutes, the password must be re-entered.

 

VisionCore login form will prompt once the user becomes idle for a period of time.

pci_admin14