The US Air Force granted certification in January 2018 for all xAssets Version 7.1-x products to be used on the two main
US air force networks - NIPRNET and SIPRNET. This means the product is written to the highest standards and specifications and
has passed stringent tests covering all aspects of software security in a web based environment.
Security in xAssets Applications falls into the following areas, User Security, Data Security, Audit Information and Application Security.
xAssets products have undergone rigorous testing and are certified for use by the US Air Force, and
covers SIPRNET and NIPRNET meaning that the products can be used in highly sensitive environments.
Since we started hosting in 2003 we have served solutions
to military forces and suppliers thereto in the USA and the UK,
and in that time we have never had a service outage of any kind.
This means that the products are safe to use in web environments and best practises have been deployed.
xAssets goes beyond these standards, so for example we never allow cookies, so data is never left behind
when a browser session is end-tasked by a hacker, and the product requires high encryption SSL to function
thus disallowing low security communication protocols. Despite this there is no compromise on the end user.
xAssets Applications are secured using a combination of Sql Server, IIS and NTFS security options.
Windows Authentication and Database Authentication are supported at the IIS and Sql Server level.
This enables full access to an entire domain for self service or granular access based on the Active
Directory Grouping of a User.
Security can also be an issue for Discovery processes. Hosted implementations (and Onsite Implementations)
can use one or more local Collection Servers, placed at strategic network points, to facilitate the discovery
of local assets using a specific set of credentials.
Browser security is maintained through the use of a sophisticated inter process communication mechanism,
enabling security information to be stored against a browser without requiring an encryption of the username
or password, since these items are only stored within the server domain or the sql server authentication
mechanism. So no passwords are stored in the database and passwords are only sent across the internet in the
case of hosted logons running under strong encryption with https/SSL.
Our cloud platform is highly secured to STIG requirements. See the Hosted Infrastructure page for details.
Data Security for hosted implementations is covered through a comprehensive Backup and Disaster Recovery Plan,
which includes backup to multiple geographically distinct sites. Server failover is implemented for all
Onsite implementations take care of their own backup and Disaster Recovery provisions. xAssets Engineers will
help guide customers through the implementation of an effective strategy as part of the deployment process.
All solutions have the option to restrict data for specific user groups. See below.
User Security is implemented through the user of User Groups. Each group has specific permissions, and can
have its own dashboards, menus, queries and reports. Each user group can also have restricted access to data.
A query can be imposed on top of any user profile, limiting each users access to data records to just the
results of that query, and that can include Sql "Where Clause" conditions.
This enables users to be restricted to just the data records they need.
Self Service profiles can also be implemented within xAssets Applications. This allows end users access to
request assets, create and manage their own help desk calls, and manage their own assets, tasks, purchase orders,
approvals, maintenance processes and other processes configured to the customers requirements.
The business rules within the xAssets application implement audit history recording as follows:
- Every change to an asset record is recorded in a history table
- Full asset history can be viewed from the Audit Information tab in the Asset Entry Screen
- History tables can be used in Historical Reporting such as the IMACS reports
- Changes to reference data records record data modified and user modified, on each database table
To learn more about the functions and features available to
IT Asset Management, Cloud Asset Management, Fixed Asset Management and Enterprise Asset Management customers, Click Here