Corporate governance requires IT security policies to be defined in accordance to a risk management plan. An important form of risk management is to prioritize security requirements and implement appropriate security policies company-wide.
With Caspio, you can define a Custom Security Policy for all users signing into your Caspio account. You can set the policy to align with the security requirements of your organization or those mandated by regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or the Federal Information Processing Standard Publication 140-2 (FIPS PUB 140-2).
Caspio’s Custom Security Policy feature enforces the following areas:
1. Password strength requirements
In general, any user with a weak password could put your data at risk. To eliminate this concern, you can protect your account by managing the strength of users’ passwords. You can set the length, complexity, and character requirements to prevent users from creating weak passwords.
2. Scheduled password expiration policy
The practice of requiring passwords to be changed periodically is a common security measure recommended by IT professionals. Using Caspio, you can ensure that user passwords automatically expire after a certain number of days.
3. Rules for reusing old passwords
For even greater security control, you can set how frequently passwords can be reused for a specified amount of time. You can also restrict users from reusing old passwords altogether.
4. Disabling and deleting inactive logins
You can automatically disable or remove account logins that have been inactive for a period that you specify. Once the user’s login has been deleted, they will no longer be able to access your Caspio account and cannot reactivate their access.
5. Rules for repetitive incorrect login attempts
Repetitive failed login attempts are generally an indicator of brute-force attacks. You can automatically block a user after a specified number of failed logins.
6. Session timeout requirements
Session timeout is an important security component. You can set a session timeout requirement to automatically expire a user session when there is no activity over certain time amount of time. Once the session expires, the user is prompted for their credentials and is required to sign in again.