TAXSAYA Online Version 1.5.0.12

 
PROJECT ID
C038
ASSURANCE LEVEL
EAL1
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
TAXSAYA Online Version 1.5.0.12
PRODUCT TYPE
Web based frontend to the Microsoft Certification Authority (CA) services
PRODUCT SPONSOR / DEVELOPER

EA Link System Sdn Bhd

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Trevor Keegan
B2-05, Block B, 2nd Floor,
SME Technopreneur Centre Cyberjaya,
2270 Jalan Usahawan 2,
6300 Cyberjaya, Selangor
MALAYSIA

URL: http://www.ealink.com/index.htm
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +603 8315 6020
Fax: +603 8315 6021

The Target of Evaluation (TOE), TAXSAYA Online Version 1.5.0.12 (hereafter referred as TAXSAYA) is a web application designed to assist tax payers to prepare and submit their tax returns. The TOE is hosted by Microsoft Azure servers and can be accessed via Internet Explorer or Firefox.

In order to restrict the access to the TOE, users are required to login using username and password. After successfully identified and authenticated, the users are prompted to provide necessary information in order to prepare their tax returns. TOE provides a tax wizard function to support users to fill all the required fields to complete the operation. A tax optimiser provides the Taxpayers with suggested tax savings. The final tax file can either be printed or automatically filed and upload to the Tax Department (E-Hasil).

In the context of the evaluation, the TOE provides the following major security features:

  • Audit Logs - the TOE generates audit logs for the auditable events listed in section 5.1.1 of the Security Target. These audit records can only be reviewed by TAXSAYA administrators. Audit review and actions taken according to the audit logs are outside the scope of the evaluation and certification.
  • Identification and Authentication – TOE identifies and authenticates its users before any action. All registered users have a Username and Password in order to complete the identification and authentication process.
  • Tax Data Export - TOE provides a secure data export to the e-Hasil site by using the security attributes of the users. Users can upload their tax data to the e-Hasil site in order to complete the tax claim process.
  • Management of Security Attributes - TOE support the management of security attributes belong to the users such as Username, Password and IC Number. The management functions include: i) Roles management, ii) Allow/deny access attempts, iii) Enforce access control policy, and iv) Manage user session.