Chat now with support
Chat with Support

Quadrotech Nova Current - Core Security Guide

FIPS 140-2 compliance

Quadrotech Nova Core cryptographic usage is based on Azure FIPS 140-2 compliant cryptographic functions, except for certain legacy code specified in following paragraph. For more information, see: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations

 

Certain legacy part of user authentication code leverages BCrypt to store hash of users credentials. This flow is only accessible to users coming from old Radar application. Quest customers are forced to utilize QIB (Azure AD), hence this part of code is not in effect.

SDLC and SDL

The On Demand team follows a strict Quality Assurance cycle.

·Access to source control and build systems is protected by domain security, meaning that only employees on Quest’s corporate network have access to these systems. Therefore, should an On Demand developer leave the company, this individual will no longer be able to access On Demand systems.

·All code is versioned in source control.

·All product code is reviewed by another developer before check in.

In addition, the On Demand Development team follows a managed Security Development Lifecycle (SDL) which includes:

·MS-SDL best practices

·OWASP guidelines.

·Regularly scheduled static code analysis is performed on regular basis.

·Regularly scheduled vulnerability scanning is performed on regular basis.

·Segregated Development, QA, and Production environments. Customer data is not used in Development and QA environments.

On Demand developers go through the same set of hiring processes and background checks as other Quest employees.

Operational security

 

Access to data

Access to Quadrotech Nova Core data is restricted to:

·Quest Quadrotech Nova Core PM team members

·Particular Quest Support team members working closely with Quadrotech Nova Core product issues.

·The Quadrotech Nova Core development team to provide support for the product

Access to Quadrotech Nova Core data is restricted through the dedicated Quest Azure AD security groups. For different types of data (e.g., product logs, customer data, and sensitive data) different access levels and lists of allowed people are assigned.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating