Customs Declaration Processing System Detailed User and ...

More documents

Recommendations

Info

DETAILED USER & TECHNICAL REQUIREMENTS FOR CDPS AND USE-CASE MODELS Ref: PHASE V Number SR-0080 SR-0090 SR-0100 SR-0105 SR-0110 SR-0120 SR-0130 SR-0200 SR-0210 SR-0220 SR-0230 SR-0240 SR-0270 SR-0280 SR-0300 SR-0310 SR-0320 SR-0330 SR-0340 SR-0350 Description It must be possible for MCA to define User Access Policies according to functional rules. All security relevant events must be audited. The time standard used for auditing is Greenwich Mean Time. CDPS must address the requirements to maintain an audit trail of all changes to data based on user requests. Proper logs should be maintained in a secure manner for audit of transactions recorded, changes made to data and queries initiated against end-user request with timestamps to enable examination of the audit trail at a later date. In addition, CDPS must provide the functionality for secure management and access to log files maintained on-line and off-line. Workstations must be capable of being uniquely identified. A listing (report) must be maintained including all MCA Workstation IP addresses, their software revision and the group they belong to. A listing (report) should be maintained including all system users, their access profile, Workstation and Workstation group. A firewall should be put in place between the MCA and the public network (e.g. between the DTI Trader connections and the MCA Server). User identification, user authentication, Workstation identification and access control procedures should be implemented between the MCA server and the Workstation components. The NCA server should terminate the connection of a Workstation after a period of inactivity defined in a configuration parameter. It is recommended that only one login shall be necessary for a User to access the different CDPS applications when pertaining to the same access rights. IT Users must be identified (as a minimum) using user names and authenticated using passwords. The MCA Domain Administrator should be able to configure the events which need to be audited in the MCA server. Duplicate CDPS messages, including acknowledgements, should be logged, brought to the attention of the System Administrator and discarded. The files downloaded from Internet must be virus checked. CDPS must address the requirement for providing multiple levels of access to system functionality based on roles assigned to both the MCA IT staff and endusers at any point in time. In addition, CDPS must support the functionality to grant and revoke both permissions and authorizations to end-users in a secure traceable environment. CDPS must address the need for securing and safeguarding of data through logging of ALL modifications to sensitive data CDPS must provide the functionality for role-based security and access to data and system functionality as well as guard against unauthorized use, copying and transmission of data maintained in the database. Role-based security must be an integral part of CDPS and must include an administration component for updating and controlling access to individual subsystems and potentially to data within the database. By addressing the above requirements, CDPS must reduce to the absolute minimum the need by MCA IT staff to directly access the database tables using database utilities. Page 142/276
DETAILED USER & TECHNICAL REQUIREMENTS FOR CDPS AND USE-CASE MODELS Ref: PHASE V Number SR-0360 SR-0370 SR-0380 SR-0390 SR-0370 SR-0380 SR-0390 SR-0395 Description CDPS shall support the use of digital certificates for user authentication. CDPS shall keep a copy of the public keys of such digital certificates in its own repository. CDPS shall support the creation and verification of digital signatures based on the use of digital certificates. CDPS shall check the validity of digital certificates: • Check if the certificate is issued by an authorized Certificates Issuing Authority. • Check if the certificate has not expired. • Check if the certificate has not been revoked. CDPS shall keep a copy of public keys of expired digital certificates. This will allow for verification of digital signatures calculated in the past when the digital certificate was still valid. The system should lock a user account if 3 consecutive unsuccessful authentication attempts are made (wrong password was submitted for 3 consecutive times). The user should not be able to log in the system when its account is locked. The account should be locked for a given period (at least 30 minutes) of time and can be unlocked before this period only by user with special access rights (system administrator). There should be a possibility for configuring the locking period through a system configuration parameter. For security reasons user passwords should expire in a given period of time. The expiration period should be configured through a system configuration parameter. The user should not be able to log in the system if the password is expired. The system should prompt the user to change its password if it is expired. The system should not allow the user to reuse its previous passwords. User passwords shall satisfy minimum complexity requirements. For example, user passwords should be at least 6 characters long and should contain at least one digit or a non-alphanumeric character. CDPS must support single sign-on technology through LDAP (Lightweight Directory Access Protocol) communication with the Active Directory already implemented within MCA. Table 10: General security requirements 5.2.5.2.1Common Domain Specific Requirements This chapter provides the additional security requirements for CDPS related to Common Domain. These requirements will need to be satisfied prior to the accession of Macedonia to EU. Security requirements should be implemented as recommended in the [A07] Number Description SR-0400 The “Security Policy Document” [A07] principles must be implemented. SR-0410 If a National Host is connected to a public network, a firewall should be put in place. SR-0420 Strong authentication CSI service should be used for the connection between a National Host and the CCN/CSI Gateway if it occurs through a public network and no firewall is used. SR-0430 In compliance with the DDNA (i.e. DDCOM, DDNTA, DDNXA, and DDNIA) specifications, all Common Domain messages must be acknowledged by their corresponding answer message or by an acknowledgement message. SR-0440 The NDI-WS workstation (internet workstation) must be physically Page 143/276
Page 1 and 2:
DETAILED USER & TECHNICAL REQUIREME
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92: DETAILED USER & TECHNICAL REQUIREME
Page 141: DETAILED USER & TECHNICAL REQUIREME
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Annex 6 NCTS - Reference Data Annex
Page 243 and 244:
Annex 6 NCTS - Reference Data AGREE
Page 245 and 246:
Annex 6 NCTS - Reference Data 4 = O
Page 247 and 248:
Annex 6 NCTS - Reference Data G09 =
Page 249 and 250:
Annex 6 NCTS - Reference Data REC =
Page 251 and 252:
Annex 6 NCTS - Reference Data C06 C
Page 253 and 254:
Annex 7 AES - Reference Data Annex
Page 255 and 256:
Annex 7 AES - Reference Data - Comb
Page 257 and 258:
Annex 7 AES - Reference Data Common
Page 259 and 260:
Annex 7 AES - Reference Data METHOD
Page 261 and 262:
Annex 7 AES - Reference Data Road l
Page 263 and 264:
Annex 7 AES - Reference Data 31 40
Page 265 and 266:
Annex 7 AES - Reference Data STORIN
Page 267 and 268:
Annex 7 AES - Reference Data WAREHO
Page 269 and 270:
Annex 8 AIS - Reference Data NAME F
Page 271 and 272:
Annex 8 AIS - Reference Data X = Co
Page 273 and 274:
Annex 8 AIS - Reference Data B: Com
Page 275 and 276:
Annex 8 AIS - Reference Data UN DAN
show all

Customs Declaration Processing System Detailed User and ...

Create successful ePaper yourself

Delete template?

Save as template?