Customs Declaration Processing System Detailed User and ...

More documents

Recommendations

Info

DETAILED USER & TECHNICAL REQUIREMENTS FOR CDPS AND USE-CASE MODELS Ref: PHASE V 5.2.5.1.3Authentication and Digital Certificates As explained above, user authentication can be done with (i) username and password, and (ii) digital certificates. For the external domain it is strongly recommended that digital certificates are used for user authentication. Users from the external domain can use the same digital certificates for digital signatures too. Digital signatures prove the origin and integrity of data, and also provide non-repudiation security service. According to the Macedonian law [R18], digital signatures have the same validity as handwritten signatures. Digital certificates need to be issued by a certified Certificates Issuing Authority, such as Komercijalna Banka AD Skopje, KIBS AD Skopje, AD Makedonski Telekomunikacii, GlobalSign, Verisign. Each user must sign a document which contains the public key from his/her digital certificate. Prior to any data exchange between CDPS and any application from the External Domain it is necessary that MCA and the partners from the External Domain exchange the public key from their digital certificates. The digital certificate must be stored on a tamper-proof security device from which it cannot be copied. 5.2.5.2 Requirements This section highlights the security requirements for CDPS.. Number SR-0010 SR-0020 SR-0030 Description MCA must provide and guarantee the security of each CDSP module, e.g. by deploying firewalls. CDPS has to take the following security policies into account: • The IT and non-IT CDPS resources and assets must be protected from unauthorised access. • Precautions must be taken to ensure that confidential information is erased from CDPS applications and tools as soon as it is no longer required. • Controls should be implemented to ensure that information supplied to CDSP systems and tools is accurate and consistent with other information stored elsewhere in CDPS; • Data that is passed between two processing stages, does so without alteration, loss, or addition; • The CDPS architecture must be designed and managed so as to ensure continuity of service; • Controls must exist to limit the impact of a Denial of Service attack mounted against any CDPS resources; • Transit information should be exchanged only between entities that have been mutually authenticated; • Information that is exchanged should be protected from unauthorised disclosure, loss, or alteration. The requirements of particular importance concern (a) maintaining the confidentiality of confidential information regarding Trader and Guarantor relationships, (b) user identification and authentication information, and (c) information which may facilitate fraud. The following security policies, deduced from the [A07], are relevant: • All IT users must be uniquely identifiable; Page 140/276
DETAILED USER & TECHNICAL REQUIREMENTS FOR CDPS AND USE-CASE MODELS Ref: PHASE V Number SR-0045 SR-0050 SR-0060 SR-0070 Description • When challenged to do so by CDPS, IT users must confirm their identity; • Each CDPS workstation within a country should have a unique identity. This identity should be authenticated before an IT user is invited to complete the user authentication process; • Traders who use a DTI interface must first identify and authenticate themselves to CDOS just as Customs Officers do. Any new declarations they present or changes they make to existing ones must be attributable to them; • Precautions must be taken to ensure that it is not possible to eavesdrop on the user authentication dialogue between a workstation and the server such that an adversary could use the information to masquerade as an IT user; • Precautions should be taken to restrict the use of a Direct Trader Input (DTI) or CDPS workstation to only the person who has logged on; • Logical access controls should exist to ensure that Traders using DTI workstations can only access information related to them or their Principals; • IT users must have completed appropriate training before they are granted access to any CDPS resource. • The system should be able to restrict the visibility of registered customs declarations. The declarations should be visible only to the customs offices to which they refer. A customs officer can see only the declarations that are assigned to him/her. • There should be at least one user in every customs office which has the right to see all the declarations concerning the office and assign them to the other customs officers in his/her location. • If necessary a customs office may send a request to see a declaration which is not originally assigned to that office. The request is sent to the office where the declaration was originally lodged and it contains the MRN (Movement Reference Number) of the declaration. The declaration will become visible to the requesting customs office only if the request is approved by a user with special privileges (coordinator) in the addressed office (office of lodgment). • An external user can preview, modify, and cancel the declarations that are lodged from his user account only, or from users that represent the same operator (juridical person). If DTI facility is implemented, logical Access Control must be set up so that Customs Officers can logon from a DTI Trader Workstation but with restricted functionality only. Access Control Lists must be implemented up to application level in order to provide to Customs Officers read-access to any movement and full access to those movements and reference information in accordance with the MCA access policy for which they are authorised. The use of magnetic or optic media should be controlled or prevented e.g. by storing the users’ credentials, and by checking them online when such media are used. Page 141/276
Page 1 and 2:
DETAILED USER & TECHNICAL REQUIREME
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90: DETAILED USER & TECHNICAL REQUIREME
Page 139: DETAILED USER & TECHNICAL REQUIREME
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Annex 6 NCTS - Reference Data Annex
Page 243 and 244:
Annex 6 NCTS - Reference Data AGREE
Page 245 and 246:
Annex 6 NCTS - Reference Data 4 = O
Page 247 and 248:
Annex 6 NCTS - Reference Data G09 =
Page 249 and 250:
Annex 6 NCTS - Reference Data REC =
Page 251 and 252:
Annex 6 NCTS - Reference Data C06 C
Page 253 and 254:
Annex 7 AES - Reference Data Annex
Page 255 and 256:
Annex 7 AES - Reference Data - Comb
Page 257 and 258:
Annex 7 AES - Reference Data Common
Page 259 and 260:
Annex 7 AES - Reference Data METHOD
Page 261 and 262:
Annex 7 AES - Reference Data Road l
Page 263 and 264:
Annex 7 AES - Reference Data 31 40
Page 265 and 266:
Annex 7 AES - Reference Data STORIN
Page 267 and 268:
Annex 7 AES - Reference Data WAREHO
Page 269 and 270:
Annex 8 AIS - Reference Data NAME F
Page 271 and 272:
Annex 8 AIS - Reference Data X = Co
Page 273 and 274:
Annex 8 AIS - Reference Data B: Com
Page 275 and 276:
Annex 8 AIS - Reference Data UN DAN
show all

Customs Declaration Processing System Detailed User and ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?