Implementing Low-Impact Security Controls
Apply NIST low-impact security controls to the JavaFX Login application.
* Use the attached file for this assignment!
The following security controls need to be applied to the application (check the NIST Security Controls Database for details, description and guidance for each control:
• AC-7 – UNSUCCESSFUL LOGON ATTEMPTS
• AC-8 – SYSTEM USE NOTIFICATION
• AU-3 – CONTENT OF AUDIT RECORDS
• AU-8 – TIME STAMPS
• IA-2(1) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | NETWORK ACCESS TO PRIVILEGED ACCOUNTS (Note this is an enhancement of an existing low-impact security control)
• Select one additional low-impact security control and implement it. This can be an enhancement or a required low-impact security control. Selecting a control that provides documentation as opposed to code changes is also acceptable and encouraged.
Pointers:
a. Start with the baseline Login Application and add methods (or additional classes) as needed to comply with each of the security controls.
b. You will need to make some decisions for your implementation for the security audit/log files format.
c. For the multi-factor authentication, keep it simple. One approach is to send an email to the user with a security code. Then, have them check their email and enter the code. If the code matches, they are properly authenticated.
d. There are examples for using JavaMail and writing to files in the materials for this week. Be sure to use those as needed.
e. Pay attention to the details of the NIST database description and make sure all of the selected security controls for this project are fully implemented.
Deliverables:
Provide your security fixed Java source code along with a PDF document describing how you addressed each security control. For example, you should list the security control and the descriptions and show and describe the code that addresses the security control. You should also provide screen shots and descriptions of the successful executing the code and the resultant output as applied to each security control. Be sure to submit all of your Java source code if you used multiple classes.
Your code should be well-documented with comments, include header comments, use proper variable and naming conventions and properly formatted.
Answer not yet available
To have this questions done by our pool of professional writers, kindly send us an email.
Email to support@yourhomeworksolutions.com