 |
| |
|
|
| |
- If a visitor is attempting to log in with an invalid username/password, the browser session and/or Admin Account will be locked after multiple failed attempts to log in.
- Super Admin & MonsterCommerce users have the ability to unlock an admin user account.
|
- Passwords must be ‘complex’. Complex passwords adhere to the standards as outlined within the CISP requirements.
- Usernames must adhere to new best practices.
- Admin Users are required to change their password every 90 days.
- Display to the Admin User currently logged in the number of days remaining before the password for that account must be changed (if 10 or less days remain).
- Admin account Passwords cannot be changed within a 24-hour period.
- Admin Users cannot repeat any of the last four passwords used for the account.
|
- Remove the display of passwords from the Admin Editor, Customer Profile, and Online Payment Gateway settings.
|
- Require https access to admin panel for all sites, SSL is either MC shared or their own.
- Display the Company Name value within the Admin Panel Title.
- Display the Company Name value within the Admin Panel Homepage.
- Update File Manager to remove secure/non-secure alert when accessed over https.
- Update Un-Secure path field label within Site Security page to “Domain Name”
- Update the SEO Catalog creation process to use the site Un-Secure Path (Domain Name) for links.
- Update “Go to Store Mode View” button when Admin Access option is Shared SSL so Admin browses storefront within shared ssl path, allowing storefront Edit actions to work.
- Cart generated links within the storefront will be Relative links
- Security option for Admin Panel access must match the option selected for Checkout Security
|
- Set all sites with No SSL to use shared SSL.
- Enable the option “Force site to use "www" prefix:” for sites that use the shared SSL.
- Add display of Domain Name (Un-Secure Path) value and the enabled Checkout SSL option within Admin Panel homepage.
- Added NoIndex, NoFollow robots tag to storefront pages when the URL includes either the shared SSL or id.monstercommercesites.com path, addressing possible duplicate content issues.
|
- Require https access to admin panel for all sites, SSL is either MC shared or their own
- Display the secure path for the DataPort connection within the Admin Panel Homepage.
|
- Require https access to admin panel for all sites, SSL is either MC shared or their own
- Display the secure path for the DataPort connection within the Admin Panel Homepage.
|
- Validate Checkout Question “question” field content to not save addition/changes if content entered matches an item on the exclude list.
- Add message to Checkout Question page noting that CVV-type data cannot be collected within these fields.
- Add message to Custom Payment Manager page noting that CVV-type data cannot be collected within these fields.
|
- Mask the credit card number within the Order Editor, Print Invoice, New Order Alert/Order Confirmation emails, Warehouse and Manufacturer emails when payment method is Online Payment Gateway.
|
- Require all existing users to agree to the TOS again at first login after release.
|
- Add upload mechanism within Linkpoint API gateway settings to enable the admin user to upload the PEM file to the appropriate location.
- Add upload mechanism within the CyberSource gateway settings to enable the admin user to upload the security file to the appropriate location.
|
|
|
|
|