Report on the Description of the National Settlement Depository Controls, Suitability of Controls Design and Operating Effectiveness,
12 October, 2015
32
Ref # Control procedure
Testing performed
Results of tests
7.5
Administrative accounts in Active Directory, applications and
databases are personalised and assigned to a limited number of
responsible employees within the IT Department in accordance
with their job responsibilities.
Inspected the administrative accounts in the systems
and ensured that all administrative accounts are
personalized and assigned to a limited number of
responsible employees within the IT Department.
Identified one unpersonalised
Administrator account in Active
Directory.
Only the head of one of the
departments can use this
account.
7.6
Password settings are set in applications and Active Directory in
accordance with Appendixes 1-2 for Company's Policy of
password security.
Inspected password settings in the systems and
ensured that settings were set in accordance with
Company's Policy of password security for most
systems.
Password settings for ASER (10
instead of 5 for number of
incorrect input), CFT (10 instead
of 5 for number of incorrect
input) and SWIFT (disabled for
complexity) were set with less
strict requirements.
