Employee Express (EmplX) Security Module

 
PROJECT ID
C019
ASSURANCE LEVEL
EAL2
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
Employee Express (EmplX) Security Module
PRODUCT TYPE
Specialist software module designed to be used as a core security controlling module for a web-based application environment
PRODUCT SPONSOR / DEVELOPER

MYwave Sdn Bhd

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Yip Hon Choong

1-3-21, Krystal Point Corporate Park,
Jalan Tun Dr Awang,
11900 Bayan Lepas, Pulau Pinang MALAYSIA

URL: http://www.mywave.biz
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone:+ 604 6403 117

The Target of Evaluation (TOE), Employee Express (EmplX) Security Module v1.0 (Build SVR 2.0) is a PHP module of EmplX Human Resource Management Systems (HRMS) web application hosted on a web server. It is designed to be used as a core security controlling module for a web-based application environment.

The TOE provides core security functionality such as authentication, access control, secure communications and application security management. All http requests to the web server will be meditated by the TOE before allowing access to the rest of the EmplX HRMS.

The security functionality that is within the scope of the evaluation includes:

  • Access control – EmplX Security Module manages access control based on user IDs, user roles and access control lists. It maintains access control lists (ACLs) for each object within an organisation. Each ACL maps users and roles to the operations that they are permitted to perform on the object.
  • Organisation Management – EmplX Security Module provides strict controls on organisation management. Only Super Administrators can manage the creation, modification and destruction of an organisation. Users and Supervisors can only operate within their organisation.
  • Identification and Authentication – each user is required to successfully identified using user ID and authenticated using password before any interaction with protected resources within EmplX HRMS is permitted.
  • Security Management - EmplX Security Module provides functions that allow management of the TOE and its security functions. It restricts access to the management functions based on the role of the user.
  • Secure Communications - EmplX Security Module is able to protect the user data from disclosure and modification when it is sent from users' browser to the EmplX HRMS using the secure SSL channel.