Hyland Connect

javydreamercsw · ‎11-01-2006

I know that Alfresco is hopefully getting the DOD certification. But going thru the spec I didn't saw reference to some FDA 21 CFR requirements that are not clearly stated in the Alfresco ducumentation I've read so far. I'll appreciate if someone can answer these questions:

1. Full audit trail includes account information? (i.e. password changes, info changes, etc)

2. Does the password comply with the aging and automatic lock of accounts after 3 consecutive fails?

I'm going to implement ALfresco shortly but I want to make sure I assumed correctly.

Thanks in advance!

andy · ‎11-20-2006

Hi

1) Yes. You can audit calls made to any public service. See http://wiki.alfresco.com/wiki/Audit.

2) It depends ….. Not in the default implementation. We/you can provide an authentication component and linked DAO to support this, as the implementation is pluggable. It may be that this requirement is enforcd externally - e.g. if you have configured this in your ldap server …or SSO layer etc…..or back end JAAS authentication ……and you are not using the inbuilt alfresco authentication.

Is this required of the inbuilt authentication component?
Where do the 3 logins count - all applications using the account or just Alfresco?

Regards

Andy

javydreamercsw · ‎11-21-2006

The 3 logins are in a per application basis. I've been trying to make the authentication work with active directory but no luck so far. Waiting for more detailed info from IT to check if the info I provide to the bean is incorrect.

Hyland Connect

Regulation Requirements