Contents

Security overview Application security overview General security principles Require complex and secure passwords Change passwords periodically Keep passwords private and secure Configure your browser so that it doesn't remember or automatically fill passwords Require secure session practices Lock computers to protect data Provide only the necessary rights to perform an operation web.config settings to secure InForm .NET projects Secure installation and configuration Installation overview Transport Layer Security (TLS) Secure cookies Add HTTP Strict-Transport-Security (HSTS) headers Signing authorizations Use digital certificates issued by Certificate Authorities Install only the InForm features needed About entering passwords Configure strong administrator passwords Close all unused ports Disable all unused services Post-installation configuration Restrict access to InForm server machines Configure strong user passwords Configure rights and rights groups Review administrative configurations periodically Configure the pfreportinguser account Change the pfuser password as required Run pfadmin Update IIS with the new pfuser password Update COM+ applications with the new password Change the PFCapAdmin password as required Security features User security features Password configuration for user security Passwords for new users Login security No data loss after a session transaction Automatically inactivated user accounts Restricted access to the application Application security features Users assigned to user types Rights assigned to rights groups Users assigned to rights groups Users assigned to groups Users assigned to sites Display overrides Changed Cognos user groups Data security features Restricted viewing of Protected Health Information Audit trails for data security Freezing and locking data Considerations for using email Considerations for configuring email notifications Considerations for using automated emails for gathering subject data Considerations for sending reports by email from the Cognos software Accessing Cognos and saving standard reports Access Cognos Save reports to the Team content folder sparingly Options for saving reports to the Team content folder Revision history