The Drupal project "Automated Logout" provides Drupal site administrators the ability to log users out after a specified time of inactivity.
The Drupal project "Ejector Seat" provides Javascript Ajax code that periodically checks to see if users are still logged in. If it is determined the user is not logged in, the client side code reloads the current page so the user sees as would an anonymous user.
The Drupal project "Session Limit" enables Drupal administrators to set limits on the number of simultaneous sessions for each user.
The Drupal Logging API, informally known as Watchdog, supports the integrity of software and information by reducing the risk of attackers gaining access to the system via theft of username and passwords and preventing ordinary users escalating privileges.
The Drupal Logging API, informally known as Watchdog, supports least privilege by upgrading Drupal's standard username and password login to two-factor authentication via a various two-factor authentication.
The Drupal project "Security Review" contributes to information flow enforcement at the application layer by checking access control to information views to protect against information disclosure. For a complete list of features see Project Security Review documentation.
The Drupal project "Paranoia" supports least privilege by blocking any location within the Drupal interface the project finds where a user can evaluate (e.g., run) PHP code. This limits the ability of an individual gaining elevated permission.
The Drupal project "Flood Control" provides Drupal administrators with an interface to configure flood controls variable sin Drupal 7, such as the limiter for login attempts.
The Drupal Logging API, informally known as Watchdog, improves account management by upgrading Drupal's standard username and password login to two-factor authentication via a various two-factor authentication.
The Drupal Logging API, informally known as Watchdog, supports the integrity of software and information by reducing the risk of attackers gaining access to the system via theft of username and passwords and preventing ordinary users escalating privileges.
The Drupal project "Security Review" contributes to minitoring and controlling changes to configuration settings at the application layer by checking Drupal configuration settings for errors that can make the site less secure or disclosure information. For a complete list of features see Project Security Review documentation.
The Drupal project "Security Kit" contributes significantly to session authenticity at the application layer at the application layer by preventing cross-site request forgeries and scripting, click-jacking, incorrect HTTP headers. Security Kit implements HTTP Strict Transport Security (HSTS) response header that prevent man-in-the-middle attacks. For a complete list of features see Project Security Kit documentation.
The Drupal project "Security Kit" improves trusted path in sessions with end-users at the application layer by implementing HTTP Strict Transport Security (HSTS) response header that prevent man-in-the-middle attacks. For a complete list of features see Project Security Kit documentation.
The Drupal project "GovReady Dashboard" provides a Drupal Administration dashboard that aggregates, documents and dissiminates to administrators essential information regarding maintenance of Drupal application, security updates, and plugin updates.
The Drupal Logging API, informally known as Watchdog, supports the integrity of software and information by reducing the risk of attackers gaining access to the system via theft of username and passwords and preventing ordinary users escalating privileges.
The Drupal project "Security Kit" helps control information in shared resources at the application layer by preventing unauthorized and unintended information transfers that can occur from cross-site request forgeries and scripting, click-jacking, and other incorrect HTTP headers. For a complete list of features see Project Security Kit documentation.
The Drupal project "Password Policy" allows administrators to define and enforce user password policies. Limitations - "Password policies only apply to passwords set via user forms in the web interface. Passwords changed by other means (Drush, web services, etc.) may not be subject to password policy constraints. Please see the following issue if you would like to contribute to removing this limitation: #2451159: Password policy doesn't work when updating the user" (Project Password Policy)
The Drupal project, "Two-factor Authentication (TFA)" supports least privilege by upgrading Drupal's standard username and password login to two-factor authentication via a various two-factor authentication.
The Drupal project "Security Review" helps ensure least privilege at the application layer is followed by checking proper Drupal admininstration permissions; checking file system permissions to protect against executing arbitrary files; prevention of dangerous HTML tags to prevent cross-site scripting; and limit file upload extentions. For a complete list of features see Project Security Review documentation.
The Drupal project "Security Review" contributes to configuration for least functionality at the application layer by checking Drupal configuration settings for arbitrary PHP execution, private files are properly secure, safe error reporting is set, and Drupal administration permissions are not misconfigured. For a complete list of features see Project Security Review documentation.
The Drupal project "GovReady Dashboard" provides a Drupal Administration dashboard that allows maintenance activities to be scheduled, documented as maintenance records, and reviewed by system administrators.
The Drupal project, "Two-factor Authentication (TFA)" improves account management by upgrading Drupal's standard username and password login to two-factor authentication via a various two-factor authentication.
The Drupal project "Security Kit" controls transmission confidentiality and integrity at the application layer by preventing cross-site request forgeries and scripting, click-jacking, incorrect HTTP headers. Security Kit implements HTTP Strict Transport Security (HSTS) response header that prevent man-in-the-middle attacks. For a complete list of features see Project Security Kit documentation.
The Drupal Logging API, informally known as Watchdog, supports the integrity of software and information by reducing the risk of attackers gaining access to the system via theft of username and passwords and preventing ordinary users escalating privileges.
This document was generated using OpenControl and ComplianceLib.
To request modifications, please make a pull request or open a new issue at the source repository https://github.com/opencontrol/Drupal-Projects-Compliance-Controls. Script generating this document is script/doc_basic.py.