NFR attribute

Target value

Authorization and authentication

Ability to apply access controls and privileges based access to specific areas

Authentication for internal systems should be against the internal LDAP database

Every authentication attempt must be logged

Encryption

All private or sensitive information is transmitted using strong encryption and authentication

128 bit or better encryption for SSL/https

3-DES or better encryption for VPN connections

No private data stored on Internet accessible machines

Access and control

Authorization for internal systems should be centralised into an LDAP database

Auditing

Include all authentication and authorization events will have detailed audit logs

The transaction will have a detailed audit log

Inquiries will have a detailed audit log