Voisus App Note

Q1 2020 IA Security Updates to the Voisus Web Interface (#128)

July 27, 2020

As part of our Risk Management Framework (RMF) accreditation effort, ASTi made some security updates to the Voisus web interface. We implemented new Security Technical Implementation Guides (STIGs) requirements starting with the Q1 2020 IA release:

• Passwords must be 15 characters long with a mix of upper and lowercase letters, numbers, and special characters.
• The web interface prompts you to rotate your password every 60 days.
• The web interface prevents you from reusing old passwords from the last five iterations.
• Idle sessions automatically log out after 10 minutes of inactivity.
• Accounts lock after three incorrect login attempts in 15 minutes.
• Accounts lock after 35 days of inactivity. To restore your account, go to “I can't log into my Voisus web interface account. How can I unlock my account or reset my password?” at support.asti-usa.com/faq/security/15.html.
• You may only access the web interface via eth0.

The Voisus web interface now displays information on your current session. To view session information, log into the Voisus web interface, and go to Help > Audit Log. This page shows web session history and documents account activity, including user creation and removal, password changes, and privileged events (e.g., network changes, backup/restore).

As a best practice, make a plan to periodically review Audit Log, and take actions based on that review as directed by your local security officer.

For common security questions (e.g., restoring system access, resetting accounts), go to “Security FAQs” at support.asti-usa.com/faq/security/index.html. For additional questions or support, contact ASTi at support@asti-usa.com or (703) 471-2104.