WARRANT

Literary Warrant for Functional Requirement #8b

This requirement derives from the law, customs, standards and professional best practices accepted by society and codified in the literature of different professions concerned with records and recordkeeping. The warrant is as follows:

Citation Electronic Industry Data Exchange. ASC 12 Convention : Version 3 : Electronic Industry Data Guidelines. Washington Publishing Co., 1994.
Pages 9
Extract Once the user codes are agreed to, they should be mechanically compared to a list of val ID codes before transactions are accepted.

Citation American Institute of Certified Public Accountants. Statements on Auditing Standards 55. Consideration of the Internal Control Structure in a Financial Statement Audit. Appendix D
Pages .3
Extract The objectives of safeguarding assets requires that access to assets be limited to authorized personnel. In this context, access to assets includes both direct physical access and indirect access through the preparation or processing of documents that authorize the use or disposition of assets.

Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module 6, Business Systems, 1991
Pages 6-31
Extract Logical views and other controls must be implemented to restrict user access. Without strong access controls, the confidentiality and reliability of system information may be at risk.

Citation Ian B. Gilhooley Information Systems Management, Control and Audit (Altamonte Springs, Fla.: The Institute of Internal Auditors 1991)
Pages 94
Extract Data should be available only to those who are authorized to receive and use the data.

Citation "SQL Environments," Federal Information Processing Standards Publication 193 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 3 February 1995)
Pages 23
Extract Schema Definition Rules The SQL/ERI Read-Only Server profile assumes that all schema objects are owned by a user different from the user accessing the repository through this profile, and that appropriate privileges have been granted to all accessing users.

Citation "Guidelines for the Use of Advanced Authentication Technology Alternatives," Category: Computer Security; Subcategory: Access Control. Federal Information Processing Standards Publication 190 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 3 February 1995)
Pages 5
Extract As the trend toward networking continues, the ability to verify the identity of system users with a high degree of accuracy becomes more important. Systems which cannot differentiate between requests for service by legitimate users and unauthorized access attempts are vulnerable to a variety of attacks.

Citation "Guidelines for the Use of Advanced Authentication Technology Alternatives," Category: Computer Security; Subcategory: Access Control. Federal Information Processing Standards Publication 190 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 3 February 1995)
Pages 5
Extract Reliable authentication mechanism are critical to the security of any automated information system.

Citation "Guideline for the Analysis of Local Area Network Security" Category: Computer Security; Subcategory: Risk Analysis and Contingency Planning. Federal Information Processing Standards Publication 191 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 9 November 1994)
Pages 8
Extract Remote computing must be controlled so that only authorized users may access remote components and remote applications. Servers must be able to authenticate remote users who request services or applications. These requests may also call for the local and remote servers to authenticate to each other. The inability to authenticate can lead to unauthorized users being granted access to remote servers and applications. There must be some level of assurance regarding the integrity of applications utilized by many users over a LAN.

Citation "Guideline for the Analysis of Local Area Network Security" Category: Computer Security; Subcategory: Risk Analysis and Contingency Planning. Federal Information Processing Standards Publication 191 (U.S. Department of Commerce/Technology Administration and National Institute of Standards and Technology, 9 November 1994)
Pages 12
Extract To prevent compromising the security of the resource (i.e. corrupting the resource, or lessening the availability of the resource), only those who require the use of the resource should be permitted to utilize that resource. Unauthorized access occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use.

Citation United States. General Services Administration. Information Resources Management Service. Electronic forms systems analysis and design. 1993.
Pages 16
Extract Safeguards must be installed ... to assure that only authorized persons have access to the forms.