The OFS REG REP APME application pack components are developed on the OFSAA infrastructure and uses the OFS AAI secure configurations.
See the following sections to configure the security parameters in OFS AAI.
Configure a set of security parameters to have a secure environment for the OFSAA installation. The required configurations are presented in the following list. For more information about the configuration, see the OFS AAI Administration Guide and the OFSAA Security Guide.
· Input and Output Encoding: OFS REG REP APME is enabled with input validation and output encoding to protect from various types of security attacks.
· Transparent Data Encryption (TDE): Enable this option to secure the data at rest when stored in the Oracle database. To configure TDE during installation, see the Transparent Data Encryption (TDE) section in the OFSAAI Installation and Configuration Guide. If you want to configure after installation, see the Transparent Data Encryption (TDE) section in the OFSAAI Administration Guide.
· Oracle Data Redaction – This is an Oracle Database Advanced Security option to enable the protection of data. It is used to mask (redact) sensitive data shown to the user in real-time. To enable this option during installation, see the section Enabling Data Redaction in the OFSAAI Installation and Configuration Guide. To enable post-installation, see the section Data Redaction in the OFS AAI Administration Guide.
· CSRF Enabled - Enabling this option results in setting CSRF tokens in requests. OFSAAI System Configuration UI provides the option to enable or disable CSRF. For more information on enabling CSRF, see the section Update General Details in the OFSAAI User Guide.
· Key Management - The OFSAA configuration schema (CONFIG) is the repository to store passwords for users and application database schemas centrally. These values are AES 128 bit encrypted using an encryption key uniquely generated for each OFSAA instance during the installation process. The OFSAA platform provides a utility (EncryptC.sh) to rotate/generate a new encryption key, if needed.
The Key Management section in the OFS AAI Administration Guide explains how to generate and store this key in a Java Key Store.
NOTE:
Integration with any other Key management solution is out of scope in this release.
· File Encryption – OFSAA supports file encryption using AES 256 Bit format. For more information, see the section File Encryption in the OFS AAI Administration Guide.
NOTE:
For detailed information about the data protection implementation in OFSAA, see Oracle Financial Services Data Foundation Application Pack Data Protection Implementation Guide.
· Database Password Reset: Change the database password for the Config schema and Atomic schema periodically. For more information, see the Database Password Reset/ Change section in the OFS AAI Administration Guide.
· Password Reset: Reset passwords for users, if required. For more information, see the Database Password Reset/ Change section in the OFS AAI Administration Guide.
· Enable and Disable Users: For more information, see the Enable and Disable Users section in the OFS AAI Administration Guide
· SSO Authentication (SAML) Configuration: For more information, see the SSO Authentication (SAML) Configuration section in the OFS AAI Administration Guide.
· Public Key Authentication: Configure the Public Key Authentication on UNIX. For more information, see the Setting Up Public Key Authentication on Client-Server section in the OFS AAI Administration Guide.
· Data Security and Data Privacy: Configure to protect data against unauthorized access and data theft. For more information, see the Data Security and Data Privacy section in the OFS AAI Administration Guide.
· Input and Output Encoding: OFSAAI is enabled with input validation and output encoding to protect from various types of security attacks.
· Password rotation every 30 days: For more information, see the Changing Password section in the relevant version of the OFSAAI User Guide.
· Additional Cross-Origin Resource Sharing (CORS): Configure CORS. For more information, see the Knowing Additional Cross-Origin Resource Sharing (CORS) section in the OFS AAI Administration Guide.
· System Configuration and Identity Management: Configure the following parameters from the information in the System Configuration and Identity Management section in the relevant version of the OFSAAI User Guide:
§ Set session timeout
§ Enable CSRF
§ Set frequency of password change
§ Configure password restriction details
§ Configure password history
§ Configure security questions for a password reset
§ Configure the activation period by setting Dormant Days, Inactive Days, and Working Hours
For detailed information about data security implemented in OFSDF, see the Oracle Financial Services Data Foundation Data Protection Implementation Guide Release 8.1.x.