What You Should Follow

Windows Operating System

  • Configure the Windows Regional Format to US/UK and set the language to English for all machines installed with SPMS applications to ensure expected SPMS functionality.

  • For better security,

    • Turn on Data Execution Prevention (DEP) security features.

    • Turn off Autoplay and Windows Remote Assistance feature.

    • See Microsoft product documentation library at https://technet.microsoft.com/en-us/ for more information and instructions.

Database Configuration

  • The Database character set can be set to Western or Unicode. However, you must ensure that SPMS and FMS Database character set are configured the same to avoid data discrepancy. For example, if the character set in SPMS Database is UTF8, then it has to be the same in FMS Database.

  • Similarly, the Database table column type must be configured the same in both the SPMS and FMS. For example, if the type NVARCHAR is used, then both the table column type in SPMS Database and FMS Database must be the same.

  • Additionally, the data type and length of Database table columns for data transfer from/to must be the same between FMS and SPMS.

SPMS Installation

  • If a problem occurs during the SPMS application installation, you cannot repair or modify SPMS installation features. You must reinstall SPMS.

  • If you are performing an SPMS database upgrade to this version from SPMS 7.30 or later database, you must perform a database verification and backup tasks for the database before the upgrade process.

  • Before you install SPMS software or upgrade the SPMS database, ensure that all other programs and applications on the target machine are closed. If an active program or process is detected, a prompt will notify you to close the active process before it can proceed.

  • During the SPMS database upgrade or SPMS installation, follow the instructions carefully on the prompts and do as instructed. If the process is force canceled or closed using methods not as instructed on the prompts, the results can be unpredictable.

Securing SPMS

Update Operating System and Software

  • It is extremely important to fully understand and follow closely the guidelines provided in the SPMS Security Guide. We strongly recommend that you read and understand the Security Overview in Section 1 of the SPMS Security Guide for your release, available on the Oracle Help Center under Cruise Shipboard Property Management System

  • Security patches and quarterly patch releases are common. Therefore, it is the user’s responsibility to ensure that the systems used by SPMS are still supported and updated to the latest patch. Always apply security patches on time to prevent and reduce the risk of security vulnerabilities. Check regularly for:

    1. Critical Security Patch of the Operating System.

    2. Critical Security Patch of the Database Management System.

Use of TLS Digital Certificates

  • The use of digital certificates is common in today’s service-oriented architecture. A digital certificate is especially important in the identification of a system. It is similar to using a government issued identification document to identify an individual. From the SPMS context, the digital certificate is needed to identify the SPMS web services. This is to prevent an unscrupulous party from impersonating SPMS web services and stealing sensitive information from SPMS. It is recommended that the Digital Certificate used to identify SPMS web services is acquired from a recognized and valid Certification Authority.

  • You must install the Secure Sockets Layer (SSL) digital certificate as this is required either on a load balancer or on an IIS Web Server for HTTPS communication to web services. Secure Sockets Layer (SSL) usage on SPMS Security Server is mandatory. Self-signed certificates should be used only if the customer fails to provide a certificate from a Certificate Authority (CA). Refer to the Microsoft product documentation library at https://support.microsoft.com/en-sg/help/324069/how-to-set-up-an-https-service-in-iis for information about the installation of secure certificates.

  • The responsibility of acquiring a valid Digital Certificate lies solely with the user. The process does not differ much between different Certification Authorities.

    1. You will need to identify the trusted Certification Authority (CA) that you intend to buy the Digital Certificate from.

    2. Through the CA online purchase portal, you can easily provide the information such as the URL, the purpose of the certificate, and other necessary information to acquire a Digital Certificate.

    3. Alternatively, you can generate a Certificate Signing Request and send it to the CA to be signed.

    4. Regardless of the differences, the purpose remains the same, which is to acquire a Secure Sockets Layer (SSL) compliant digital certificate for the SPMS web services from a recognized and valid Certification Authority.

  • The act of generating a self-signed Digital Certificate to identify the SPMS web services is not recommended for the production environment. It increases the risk of an unscrupulous party impersonating the SPMS web services to steal sensitive information. However, it is still possible for SPMS web services to use a self-signed certificate despite the increased security risk, which means you would have to agree to bear the consequences.

Follow Strict Password Policy

  • Adhere to the following rules of the system enforced password policy, or whichever is deemed safer when dealing with passwords, regardless of the Database user password, OS user password, or SPMS user password. The Password must be:

    1. At least ten (10) characters long.

    2. A combination of uppercase and lowercase letters, numeric characters, and special characters.

    3. Must NOT be one of the last three passwords used.

  • As for the SPMS user passwords, they are configured in the SPMS User Security module. Administrators should adopt a strong password policy after the initial installation of the application and review the policy periodically. Ensure the password adheres to the following strength requirements:

    1. The password must be at least ten (10) characters long.

    2. The password must contain letters, special characters and numbers.

    3. Must not select a password equal to the last three (3) passwords used.

    4. Password change every 90 days.

    5. Password Lockout Minutes is 30 minutes.

    6. Maximum Incorrect Login before lockout is 6.

    7. Idle Minutes before logged out is 15.

    8. Idle Minutes before logged out on Launch Panel is 15.

  • When logging in for the first time, you are required to change the user password in SPMS, using the above guidelines.

Adopt Least Privilege Security

  • When setting up users for the SPMS application, ensure that they are assigned with the minimum privilege level required to perform their job functions.