Security

Institutions of higher education are acutely aware of their key roles in protecting sensitive information about students and staff members.

EMPOWER is at the top tier of secure higher education administration systems. To achieve this superior level of protection, EMPOWER has implemented the United States Department of Defense Security Technical Information Guidelines (STIGs) for sensitive information.  This is the protection standard required for sensitive United States military records.

Access Security:

  • Username
  • Password controls
    • Length
    • Composition (upper/lowercase, digits, special symbols)
    • Required password reset (variable)
    • Reuse (iteration and time limits)
    • Passwords transmitted in encrypted form
  • Filter process presents and protects subsets of users permitted for access, reports, etc. based on user identity and permissions
  • Security controls placed on system manager access
  • Logging of access attempts
  • Logging of all security actions
  • Denial of access after configurable number of attempts
  • LDAP (Lightweight Directory Access Protocol) for school-wide access control is supported

Encryption:

  • Over 75 fields containing personally identifiable data are encrypted directly into the Oracle database (e.g., SSN, government ID, driver’s license number, password information, passport information, etc.)
  • Information transferred via internal networking is encrypted (AES192)
  • All Web-based transactions are encrypted (HTTPS)

Audits and Logging:

  • Security audits are run automatically with results sent to the designated security officer
  • System automatically logs Data Definition Language (DDL) statements such as CREATE TABLE and GRANT PRIVILEGE
  • System automatically logs last user and last update for each row
  • Extensive user statistics and events are logged: sign-in times, duration, account name, IP address, error messages, and many more