User's Manual

ManualsBrandsSTRATEC ManualsElectronicsIn-vitro diagnostic analyzer system

1-22 KleeYa - User Manual - Version 2

INTRODUCTION

CYBERSECURITY

Table 1-2: Type of threat source

1.7.5 UNAUTHORIZED LOCAL ACCESS

Usage of the KleeYa System is restricted to trained and authorized users, following

the intended use of the KleeYa System.

Unauthorized users could access or damage a computer system without the owner's

informed consent. Consequences can be software and deletion of data, corruption

or unauthorized distribution.

The following access control measures to ensure that only authenticated and

authorized users have access to the KleeYa System are implemented (A) and

recommended (B):

A) Features implemented

1. The KleeYa System can only be operated and accessed by entering a user

identifier (“user name” and “password”).

2. Each user name is unique.

3. The “password” must be at least seven (7) characters long (if password

policies are enabled).

4. All user accounts are generated with “strong passwords”, which force the user

to the following (if password policies are enabled):

• Usage of at least one upper case character

• Usage of at least one lower case character

• Usage of at least one none alpha numeric character

• Usage of at least one numeric character

5. The KleeYa System automatically disconnects the user after a predetermined

period of inactivity. This session expiration time can be defined in “settings”.

As a default value, five minutes are defined for the KleeYa System. It is not

recommended to set this time to more than five minutes.

6. End-users have no means to overcome the KleeYa software application, i.e.

they have only restricted access to the Operating System and specific

predefined applications, via the kiosk (desk shield) mode.

ENVIRONMENT

• Disaster (natural or

man-made)

Natural disasters and failures of

critical infrastructures on which the

organization depends, but which are

outside the control of the

organization.

Note: Natural and man-made

disasters can also be characterized

in terms of their severity and/or

duration.

However, because the threat source

and the threat event are strongly

identified, severity and duration can

be included in the description of the

threat event.

Type of threat source Description Examples