User authentication based on multi-factor authentication
Accurate authentication of actual users based on multi-factor authentication methods such as PKI, biometrics (fingerprint/iris, etc.), OTP(One Time Password), smartcards, ARS, etc.
Consolidated account management
Account management optimized with account life-cycle Support for certificate-based workflow
RBAC-based account management (RBAC : Role-based Access Control)
- Automated creation and revocation of accounts based on roles assigned to users
- Automated creation and revocation of accounts according to change in personnel data
Efficient account management based on account types
- Grouping account types into system/application/user categories - Configuring account-type-specific password format(combination of character/number/special character), dictionary, history, interval for changing passwords - Access management of : the number of account-type-specific concurrent access, the number of login attempt, login expiry date, and automatic access termination time
Management of accounts and passwords
Management of user account / login / passwords through management console
Support for multiple password rules
- Password complexity requirement(to disallow easy password) / freeze on recently used passwords by using history feature / password aging rule / password dictionary, etc.
Control over exploitable commands
Command control over a kind of exploitable commands, which should be prohibited to be used
The control is to be enforced in such a way that only authorized users through application/approval processes can be permitted to use exploitable commands
Real-time request for approval at the time of executing exploitable commands is prerequisite for command-execution control
Privilege management(control over access to resources)
The control is to be enforced in such a way that only authorized users through application/approval processes should be permitted to access important data
Audit trail
Logging of all the input and output of actual users