Please check the following table on security for more details:
NFR attribute |
Target value |
Authorization and authentication |
Ability to apply access controls and privileges based access to specific areas Authentication for internal systems should be against the internal LDAP database Every authentication attempt must be logged |
Encryption |
All private or sensitive information is transmitted using strong encryption and authentication 128 bit or better encryption for SSL/https 3-DES or better encryption for VPN connections No private data stored on Internet accessible machines |
Access and control |
Authorization for internal systems should be centralised into an LDAP database |
Auditing |
Include all authentication and authorization events will have detailed audit logs The transaction will have a detailed audit log Inquiries will have a detailed audit log |