Difference between revisions of "Template:LIMSpec/Configuration management"

   | style="background-color:white;" |'''32.17''' The system should allow workflow events and status changes to trigger one or more user-defined actions.

   | style="background-color:white;" |'''32.17''' The system should allow workflow events and status changes to trigger one or more user-defined actions.

  |-  

  |-  

   | style="background-color:white;" |'''32.18''' The system should provide an interface for administrative access that permits approved users to configure the system without extra programming or manipulation of data storage systems.

   | style="background-color:white;" |'''32.18''' The system should provide an interface for administrative access that permits approved users to configure the system without extra programming or manipulation of data storage systems.

  |-  

  |-  

   | style="background-color:white;" |'''32.20''' The system should provide a multiuser interface that can be configured to local user needs, including display language, character sets, and time zones.

   | style="background-color:white;" |'''32.20''' The system should provide a multiuser interface that can be configured to local user needs, including display language, character sets, and time zones.

  |-  

  |-  

   | style="background-color:white;" |'''32.21''' The system should support rules governing electronic records and electronic signatures in regulated environments.

   | style="background-color:white;" |'''32.21''' The system should support rules governing electronic records and electronic signatures in regulated environments.

  |-  

  |-  

[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4 and 4.9.14]<br />

[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4 and 4.9.14]<br />

[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />

[https://www.iso.org/standard/66912.html ISO/IEC 17025:2017 7.11.3]<br />

[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br />

[https://www.ams.usda.gov/datasets/pdp/pdp-standard-operating-procedures USDA Administrative Procedures for the PDP 5.2.4]<br />

[https://extranet.who.int/prequal/content/who-technical-report-seriesWHO Technical Report Series, #986, Annex 2, 15.9]

[https://extranet.who.int/prequal/content/who-technical-report-seriesWHO Technical Report Series, #986, Annex 2, 15.9]

   | style="background-color:white;" |'''32.22''' The system shall provide a security interface usable across all modules of the system that secures data and operations and prevents unauthorized access to data and functions.

   | style="background-color:white;" |'''32.22''' The system shall provide a security interface usable across all modules of the system that secures data and operations and prevents unauthorized access to data and functions.

  |-  

  |-  

   | style="background-color:white;" |'''32.23''' The system shall be able to granularly define access control down to the object level, role level, physical location, logical location, network address, and chronometric restriction level for the protection of regulated, patented, confidential, and classified data, methods, or other types of information.

   | style="background-color:white;" |'''32.23''' The system shall be able to granularly define access control down to the object level, role level, physical location, logical location, network address, and chronometric restriction level for the protection of regulated, patented, confidential, and classified data, methods, or other types of information.

  |-  

  |-  

   | style="background-color:white;" |'''32.24''' The system should support single sign-on such that a user can log in once and access all permitted functions and data.

   | style="background-color:white;" |'''32.24''' The system should support single sign-on such that a user can log in once and access all permitted functions and data.

  |-  

  |-  

[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4]<br />

[https://www.epa.gov/sites/production/files/documents/erln_lab_requirements.pdf EPA ERLN Laboratory Requirements 4.9.4]<br />

[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />

[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />

[https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9]

[https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9]

   | style="background-color:white;" |'''32.25''' The system shall provide initial login access using at least two unique identification components, e.g., a user identifier and password, or biometric information linked to and used by the genuine user.

   | style="background-color:white;" |'''32.25''' The system shall provide initial login access using at least two unique identification components, e.g., a user identifier and password, or biometric information linked to and used by the genuine user.

[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />

[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. IV, Sec. 8.6]<br />

[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />

[https://nepis.epa.gov/Exe/ZyPDF.cgi?Dockey=30006MXP.PDF EPA 815-R-05-004 Chap. VI, Sec. 8.6]<br />

   | style="background-color:white;" |'''32.26''' The system shall prevent the same combination of identification components from being used across more than one account.

   | style="background-color:white;" |'''32.26''' The system shall prevent the same combination of identification components from being used across more than one account.

  |-  

  |-  

   | style="padding:5px; width:500px;" |

   | style="padding:5px; width:500px;" |

   | style="background-color:white;" |'''32.27''' The system shall allow the administrator to define a time period in days after which a user will be prompted to change their password.

   | style="background-color:white;" |'''32.27''' The system shall allow the administrator to define a time period in days after which a user will be prompted to change their password.

  |-  

  |-  

   | style="background-color:white;" |'''32.28''' The system shall allow the administrator to define a time period of inactivity for a user identifier, after which it will be disabled and archived.

   | style="background-color:white;" |'''32.28''' The system shall allow the administrator to define a time period of inactivity for a user identifier, after which it will be disabled and archived.

  |-  

  |-  

   | style="background-color:white;" |'''32.29''' The system shall allow the administrator or authorized personnel to configure the allowance or prevention of multiple concurrent active sessions for one unique user.

   | style="background-color:white;" |'''32.29''' The system shall allow the administrator or authorized personnel to configure the allowance or prevention of multiple concurrent active sessions for one unique user.

  |-  

  |-  

   | style="background-color:white;" |'''32.30''' The system shall allow the administrator or authorized personnel to configure approved system use (e.g., "you are accessing a restricted information system," "system use indicates consent to being monitored, recorded, and audited") and other types of notifications to appear before or after a user logs in to the system. These notifications should remain on the screen until acknowledged by the user.

   | style="background-color:white;" |'''32.30''' The system shall allow the administrator or authorized personnel to configure approved system use (e.g., "you are accessing a restricted information system," "system use indicates consent to being monitored, recorded, and audited") and other types of notifications to appear before or after a user logs in to the system. These notifications should remain on the screen until acknowledged by the user.

  |-  

  |-  

[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-1/dir_2003_94/dir_2003_94_en.pdf E.U. Commission Directive 2003/94/EC Article 9.2]<br />

[https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-1/dir_2003_94/dir_2003_94_en.pdf E.U. Commission Directive 2003/94/EC Article 9.2]<br />

[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />

[https://www.iso.org/standard/56115.html ISO 15189:2012 5.10.3]<br />

[https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9]

[https://extranet.who.int/prequal/content/who-technical-report-series WHO Technical Report Series, #986, Annex 2, 15.9]

   | style="background-color:white;" |'''32.31''' The system shall keep an accurate audit trail of login activities, including failed login attempts and electronic signings.

   | style="background-color:white;" |'''32.31''' The system shall keep an accurate audit trail of login activities, including failed login attempts and electronic signings.

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 E17-5 and S-3-1]<br />

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 E17-5 and S-3-1]<br />

[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.3]<br />

[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.3]<br />

   | style="background-color:white;" |'''32.32''' The system shall allow the administrator or authorized personnel to define the number of failed login attempts before the system locks the user out.

   | style="background-color:white;" |'''32.32''' The system shall allow the administrator or authorized personnel to define the number of failed login attempts before the system locks the user out.

  |-  

  |-  

[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />

[https://www.law.cornell.edu/cfr/text/42/73.11 42 CFR Part 73.11]<br />

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-1]<br />

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-3-1]<br />

   | style="background-color:white;" |'''32.34''' The vendor shall provide training materials emphasizing the importance of not sharing unique identification components with other individuals and promoting compliance review for ensuring such practices are followed.

   | style="background-color:white;" |'''32.34''' The vendor shall provide training materials emphasizing the importance of not sharing unique identification components with other individuals and promoting compliance review for ensuring such practices are followed.

  |-  

  |-  

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-25]<br />

[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-1-25]<br />

[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br />

[https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center CJIS Security Policy 5.5.1]<br />

   | style="background-color:white;" |'''32.35''' The system shall support the ability to initially assign new individual users to system groups, roles, or both.

   | style="background-color:white;" |'''32.35''' The system shall support the ability to initially assign new individual users to system groups, roles, or both.

  |-  

  |-