You can strengthen the security of your installation by
customizing security settings and setting up user access controls.
Make sure that you know about any security limitations that you might
encounter with this application.
Enabling security during
the installation process
The
IBM® Engineering Requirements
Management DOORS®
(
DOORS)
security model provides a secure connection with certificates and client side authorization and
authentication. When enabled, server security replicates a set of security checks on the server. To
enable server security, you must install and configure the
IBM
Engineering Requirements Management DOORS - Web
Access
(
DWA)
server and the server security version of the
DOORS
client and database server.
To protect against cross-site request forgery (CSRF) security attacks, administrators can set a
property in the DOORS
festival.xml file. See Modifying the core configuration file.
Enabling secure communication
between multiple applications
Security for integrations that use Open
Services for Lifecycle Collaboration (OSLC) is provided by OAuth 1.0a,
which is an open protocol that provides secure API authorization.
Ports, protocols, and
services
You can configure
DWA to
use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for HTTPS security protocol. You
can also configure
DWA so
that users can access it by using smart cards instead of logging in with a user name and a password.
You can configure
DOORS so
that users can log on only by using smart cards or certificates.
Your team can use electronic signatures
with module baselines to provide a secure way to review and sign information
at various stages of the development process.
Security standard compliance
DOORS
offers compliance with US encryption standards Federal Information Processing Standards (FIPS)
publication 140-2, NIST Special Publication (SP) 800-131A, and National Security Agency (NSA) Suite
B. To comply with these standards, you can specify a TLS version for encrypted communication with
DWA and
the
DOORS
database server. If you specify TLS 1.2 protocol, refer to vendor documentation to determine whether
your browser supports that version.
See also the technote Configuring the
DOORS
database server and client for compliance with NIST SP 800-131A.
Setting up user roles
and access
You can set the login policy that controls the level of security for the
DOORS database.
You can create users and user groups and configure password rules for maintaining user security.
You can enable system user names to log in to the
DOORS
database. System user names are the names that individuals use to log in to their computers, for
example their Windows user names. The
DOORS
database server can keep a record of every failed login and every successful login.
You can configure access rights for each item of data in your DOORS
database. DOORS
provides five access rights for user groups: read, modify, create, delete, and administrative
control.
Privacy policy considerations
Depending on the configurations that are deployed, this software offering might use cookies that
can help enable you to collect personally identifiable information. For information about this
offering's use of cookies see "Privacy policy considerations" section in Documentation notices for DOORS.