A cloud-based application security testing solution that supports risk management and compliance frameworks, enabling financial organizations to identify vulnerabilities in their applications quickly.
More about Micro Focus (OpenText)
Physical security devices such as biometric access controls, secure servers, and encrypted storage solutions to protect sensitive client and investment data.
More Data Privacy and Security Hardware
More Risk & Compliance ...
|
Role-Based Access Control (RBAC) Restricts system access to authorized users based on roles. |
Fortify on Demand enforces role-based access control to restrict user capabilities and separation of duties, as referenced in the official documentation and application security descriptions. | |
|
Multi-Factor Authentication (MFA) Requires multiple factors to verify user identity before granting access. |
Supports multi-factor authentication (MFA) as described in product datasheets and configuration guides to ensure only authorized access. | |
|
Granular Permission Levels Allows fine-tuned permission setting for different users and groups. |
Granular permission levels configurable for users and groups are documented in Fortify on Demand administration guides. | |
|
Session Timeout Automatic log-off after a period of inactivity to prevent unauthorized access. |
No information available | |
|
Single Sign-On (SSO) Integration Integration with SSO providers for unified authentication across platforms. |
Product supports SSO integration including SAML and OAuth identity providers, per product integration documentation. | |
|
Audit Logging of Access Attempts Logs every access attempt, successful or failed, for compliance purposes. |
Comprehensive access and activity audit logging is available for traceability and compliance, referenced in technical whitepapers. | |
|
Biometric Authentication Support Hardware supports fingerprint, facial, or iris scanning for authentication. |
No information available | |
|
Remote Lockout Capability Enables the system to remotely lock hardware in case of detected threat or unauthorized attempt. |
No information available | |
|
Onboarding Approval Workflows Requires multiple parties to approve new access requests or changes. |
No information available | |
|
Access Attempt Rate Limiting Limits the number of login attempts in a given time frame. |
No information available |
|
Data at Rest Encryption Encrypts stored data to protect against unauthorized access. |
Fortify on Demand encrypts data at rest in accordance with industry best practices, as specified in security and compliance documentation. | |
|
Data in Transit Encryption Encrypts all data moving between devices and networks using protocols like TLS. |
All communication with the platform is secured (TLS 1.2+), confirming data is encrypted in transit. | |
|
Hardware Security Module (HSM) Integration Integration or native support for HSMs for key management and secure cryptographic operations. |
No information available | |
|
End-to-End Encryption Capability Supports comprehensive encryption of data from source to destination. |
End-to-end encryption from client upload to analysis storage is regularly mentioned in datasheets, ensuring comprehensive data protection. | |
|
Automated Key Rotation Supports scheduled or event-driven cryptographic key rotation. |
No information available | |
|
Secure Key Storage Uses dedicated secure storage for cryptographic keys, isolated from general storage. |
No information available | |
|
Self-Encrypting Drives Uses storage devices that encrypt data automatically at the hardware level. |
No information available | |
|
Encryption Algorithm Configurability Ability to select from a range of modern encryption algorithms. |
No information available | |
|
Tamper-Proof Hardware Design Hardware physically prevents and/or logs attempts to access encrypted storage. |
No information available | |
|
Data Wiping and Sanitization Secure and verifiable erasure of hardware data prior to decommissioning. |
No information available |
|
Real-Time Activity Monitoring Continuously monitors all actions/transactions occurring on the hardware. |
Platform provides real-time dashboards and monitoring of all scan activities and user actions. | |
|
Comprehensive Audit Logs Maintains immutable logs of all actions related to data access and system configuration. |
Maintains audit logs of all platform and user activity; logs are immutable, based on compliance documentation. | |
|
Automated Alerting Sends automatic alerts based on defined security/risk thresholds. |
Supports automated alerting when scans identify severe vulnerabilities or policy violations, as outlined in feature descriptions. | |
|
Regulatory Compliance Reporting Generates reports conforming to specific regulations (e.g., GDPR, SEC). |
Provides built-in reports mapped to regulatory frameworks (e.g., PCI, GDPR, etc.), according to product marketing and compliance guides. | |
|
Anomaly Detection Detects and responds to abnormal activity using behavioral analytics. |
Applies machine learning and static analysis for anomaly detection on scan/report activity, mentioned in solution overviews. | |
|
SIEM Integration Interface for exporting logs and events to Security Information and Event Management systems. |
No information available | |
|
Chain of Custody Tracking Maintains complete tracking of data and hardware possession for forensic purposes. |
No information available | |
|
Customizable Reporting Frequency Allows administrators to define how often compliance and security reports are generated. |
No information available | |
|
Log Retention Period Configuration Configurable duration for which logs are securely retained. |
No information available | |
|
Immutable Log Storage Ensures that audit logs are tamper-evident or tamper-proof. |
Immutable logs as part of the compliance regime are documented; tampering is prevented and detected. |
|
Tamper-Evident Seals Seals which visibly indicate any attempt to open cases or enclosures. |
No information available | |
|
Physical Locks and Enclosures Locks/cages to prevent unauthorized removal or opening of hardware. |
No information available | |
|
Environmental Monitoring Sensors to detect changes in temperature, humidity, or presence of smoke/water near hardware. |
No information available | |
|
Hardware Intrusion Alarms Sensors and alarms to alert if hardware is accessed or moved without authorization. |
No information available | |
|
Visitor Access Control Records and restricts physical access of visitors to hardware environments. |
No information available | |
|
Video Surveillance Integration Supports connection to CCTV or other video surveillance systems. |
No information available | |
|
GPS Tracking Tracks hardware location, especially during transport or in mobile settings. |
No information available | |
|
Secure Hardware Disposal Processes ensuring hardware is securely destroyed or wiped after end of use. |
No information available | |
|
Physical Access Logging Maintains logs of all physical access events to hardware. |
No information available | |
|
Secure Installation Requirements Mandates installation in secure, access-controlled environments. |
No information available |
|
GDPR Compliance Meets General Data Protection Regulation standards for data privacy. |
Product is designed for GDPR readiness and financial services compliance, confirmed in compliance and solution literature. | |
|
SOC 2 Certification Certified for Service Organization Control 2 for security, availability, confidentiality, etc. |
Fortify on Demand by OpenText is a SOC 2 certified service as stated in official compliance statements. | |
|
ISO 27001 Certification Complies with global information security management standard. |
ISO 27001 compliance is cited as a foundational security certification for the hosting environment. | |
|
FIPS 140-2/FIPS 140-3 Validation Validates cryptographic security module per US government standards. |
No information available | |
|
PCI DSS Compliance Compliant with Payment Card Industry Data Security Standard if relevant. |
Follows PCI DSS standards for application scans and data storage, as evidenced by support documentation for regulated industries. | |
|
SEC/FINRA Compliance Support Supports reporting and compliance for US financial regulatory bodies. |
Provides support for SEC/FINRA reporting in relevant compliance report templates. | |
|
Customizable Compliance Policy Engine Ability to tailor controls/policies for diverse regulatory needs. |
Compliance policy engine allows customizable controls to tailor rules for different frameworks. | |
|
Automated Evidence Collection for Audits Automatically gathers and stores evidence needed for formal audits. |
Automates evidence collection for audit trails and regulatory requests, per audit-readiness feature sets. | |
|
Certification Expiry Notifications Notifies administration ahead of compliance/certification expiration. |
No information available | |
|
Audit Readiness Score Quantitative indicator of the product's current audit preparation. |
No information available |
|
System Uptime Guarantee Guaranteed minimum percentage of operational time. |
No information available | |
|
Mean Time Between Failures (MTBF) Predicts hardware reliability between failures. |
No information available | |
|
Self-Diagnostics Hardware runs continuous self-tests to detect faults. |
No information available | |
|
Redundant Power Supplies Multiple power supplies to reduce risk of downtime from power failure. |
No information available | |
|
Hot Swappable Components Permits parts to be changed without shutting down the system. |
No information available | |
|
Disaster Recovery Support Integrates with disaster recovery plans and external storage. |
No information available | |
|
Hardware Monitoring APIs Provides APIs to monitor hardware status and health remotely. |
No information available | |
|
Firmware Update Management Supports secure, remote updates to firmware for ongoing protection. |
No information available | |
|
Warranty Duration Duration hardware is covered under warranty. |
No information available | |
|
Rapid Spare Replacement Support Fast replacement service for failed hardware components. |
No information available |
|
API Support Available APIs for integration with other risk/compliance and management software. |
Multiple API integrations are available for DevSecOps and risk management workflows. | |
|
Standard Protocol Support Supports industry-standard protocols (e.g., SNMP, Syslog, LDAP). |
Supports industry standard protocols (REST API, SAML, LDAP for authentication) based on integration guides. | |
|
SIEM/SOAR Integration Connectivity with security orchestration and event management solutions. |
Integrates with SIEM/SOAR solutions such as Splunk and IBM QRadar for centralized incident and event management. | |
|
Direct Cloud Integration Ability to connect and synchronize with cloud compliance services. |
No information available | |
|
Custom Connector Capability Enables creation/adaptation of custom connectors for unique environments. |
Custom connectors for integration with CI/CD, ticketing, and reporting tools are referenced in extensibility documentation. | |
|
Multi-Vendor Hardware Support Operates alongside and interoperates with multiple hardware vendors. |
Operates in a vendor-neutral environment and integrates with multiple third-party tools per interoperability statements. | |
|
Bulk Data Export/Import Can transfer historical or large data sets in/out for analysis or migration. |
Bulk data import/export supported through APIs and platform interface for migration and analytics purposes. | |
|
Integration Setup Time Average time required to integrate with other core systems. |
No information available | |
|
REST/GraphQL Interface Availability Availability of REST or GraphQL interfaces. |
REST API interfaces are available for both user and scan management. | |
|
Plug-and-Play Compatibility Allows rapid deployment without custom engineering. |
Generally available as SaaS with rapid onboarding and minimal custom engineering, as indicated in deployment documentation. |
|
Unified Management Console Central console for managing configuration, monitoring, and compliance. |
Offers a unified management console for all security scans and compliance management tasks. | |
|
Multi-Language Support User interface and documentation available in multiple languages. |
No information available | |
|
Customizable Dashboards Tailor admin dashboards to key metrics relevant for risk/compliance. |
Dashboards in the web portal are customizable to display risk, scan results, and compliance metrics most relevant to admins. | |
|
Interactive Tutorials In-situ interactive training built into the console. |
No information available | |
|
Role-Based Views Displays different information depending on user role. |
Role-based views are provided (scan submitter, auditor, admin, etc.), enabling different information visibility. | |
|
Mobile Device Management (MDM) Interface Allows some management from mobile devices securely. |
No information available | |
|
Helpdesk Integration Built-in interface with support/helpdesk ticketing systems. |
Integrated with major helpdesk/ticketing platforms for support and workflow management. | |
|
Remote Management Tools Manage hardware from remote locations securely. |
Cloud-based platform allows secure remote management for admins anywhere. | |
|
User Activity Insights Analytics on hardware and platform user activity. |
Platform analytics provide insights into user activity including scan usage and administrative actions. | |
|
Training & Certification Tracking Tracks user/admin completion of training and ongoing certifications. |
No information available |
|
Automated Incident Response Playbooks Predefined, automated responses to specific threats or compliance breaches. |
No information available | |
|
Secure Evidence Collection Ensures forensic evidence (logs, snapshots) is automatically and securely collected. |
No information available | |
|
Chain of Custody Management Tracks custody of evidence from collection to presentation. |
No information available | |
|
Incident Impact Assessment Tools Tools to quantify the risk and impact of a security compliance incident. |
No information available | |
|
Automated Containment Mechanisms Isolate affected hardware or systems automatically upon incident detection. |
No information available | |
|
Integrated Case Management Links evidence, actions, and outcomes in case files. |
No information available | |
|
Forensic Snapshot Takes cryptographically accurate, timestamped snapshots of system state. |
No information available | |
|
Incident Response Readiness Assessment Quantitative readiness score for incident response. |
No information available | |
|
Automated Notification to Authorities Built-in workflows for reporting significant incidents to regulators or stakeholders. |
No information available | |
|
Remediation Guidance Library Detailed guidance for remediating detected compliance/security incidents. |
No information available |
|
Clustered/Distributed Deployment Support Hardware can be deployed as part of clusters or distributed geographically. |
As a cloud SaaS solution, Fortify on Demand runs in distributed and scalable deployments per OpenText hosting standards. | |
|
Modular Expansion Capability Enables incremental hardware upgrades without full replacement. |
No information available | |
|
Supported Maximum Concurrent Users Maximum number of users/devices hardware can support simultaneously. |
No information available | |
|
Automated Load Balancing Dynamically distributes system load to prevent bottlenecks. |
Platform auto-scales to balance scanning workloads, avoiding bottlenecks, as seen in deployment whitepapers. | |
|
Automated Deployment Tooling Tools/scripts for rapid and standardized deployment across environments. |
Deployment is automated and standardized, with rapid onboarding documented in user onboarding guides. | |
|
Zero-Touch Provisioning Hardware auto-configures with minimal manual intervention. |
Zero-touch provisioning is referenced for SaaS deployment—new users start using with minimal manual system configuration. | |
|
Resource Allocation Flexibility Assign and re-assign hardware resources to varying workloads. |
Resources are allocated flexibly per user/project through a multi-tenant SaaS design. | |
|
Multi-Tenancy Support Securely supports multiple organizational units or clients on a single hardware platform. |
Supports multiple tenants (clients/teams/projects) securely and concurrently from a single platform. | |
|
High Availability Clustering Ensures continuous operation with minimal failover time. |
High availability and minimal failover time ensured by enterprise-grade hosting as described in support and SLA literature. | |
|
Deployment Time Average time required for initial hardware deployment. |
No information available |
|
24/7 Support Availability Access to vendor support at any hour of the day/week. |
24/7 support is provided for enterprise clients, confirmed in product marketing and customer agreements. | |
|
Transparent Vulnerability Disclosure Policy Vendor offers a clear and prompt channel for security vulnerability disclosures. |
Vendor maintains responsible disclosure policy and publicizes vulnerability resolution timelines. | |
|
Regular Security Patch Releases Vendor provides ongoing security patching with a documented schedule. |
Security patches are released on a regular schedule, and communication protocol is published for critical vulnerabilities. | |
|
Service Level Agreement (SLA) Formal SLA outlining response and resolution times for issues. |
Service Level Agreements (SLA) are referenced and available as part of enterprise subscriptions. | |
|
Signed Commitment to Data Privacy Vendor contractually commits to data privacy in contracts. |
Data privacy contractual commitments are available and highlighted in master agreements. | |
|
Onsite Support Option Availability of support technicians to visit physical hardware locations. |
No information available | |
|
User Community Portal Has an open user/support community for shared knowledge and peer assistance. |
User community forums are provided as part of Fortify support ecosystem. | |
|
Transparency of Sub-Processors Vendor discloses all subcontractors and third parties involved. |
Sub-processor list is disclosed and updated in trust center and service agreements. | |
|
Proactive Risk Advisory Bulletins Vendor issues advisories for emerging risks before direct impact. |
No information available | |
|
Support Ticket Average Response Time Average time for first response on submitted support tickets. |
No information available |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.