Security Health Check - Additional Settings

Security Health Check was introduced with our February '22 release. It is a self-service page for customers to view and manage their portal's security settings. Security Health Check creates a joint responsibility model between Cornerstone and its customers, allowing customers to view and manage their portal’s security settings.

With our May '22 release we have introduced 10 additional values to the Security Health Check tool. Plus we have introduced the concept of a Warning status.

How Does this Enhancement Benefit My Organization?

This enhancement enables customers to view and manage additional portal's security settings. It will also enable customers to identify warning level security issues.

Frequently Asked Questions (FAQs)

That's great! Your security settings are set to Cornerstone's recommended values. No action for you at this time!

Cornerstone maintains recommended values for all security settings and encourages customers to review and update their portal's settings to align. A security issue is present when your portal's current security setting value does not align with Cornerstone's recommended value.

If a security issue is present, contact customer support. To create a support ticket (case) from the Security Health Check tool, click "Resolve" and "Create Support Ticket."

Yes, it is best practice to reach out to your IT Security team before requesting an update to any security settings.

Not always. For some organizations, a security setting has been intentionally set to a less secure value to support specific needs. Please consult your IT Security team before making any changes to your security settings

We have designated security issues with critical (red) or warning (yellow) levels based on a number of security criteria, including but not limited to the security vulnerability the setting may expose your portal to when not set to CSOD recommended value. We recommend you review all security issues with your IT Security team to evaluate the risk and criticality for your portal.

The full list of settings that will be displayed in your Security Health Check are commonly requested by customers and/or used during Penetration Tests.

Use Case

Alicia is a Cornerstone system administrator working with her IT Security department to review and sign off on application settings for an upcoming audit. Alicia accesses the Security Health Check tool, where she can easily identify the following:

  • Cornerstone security settings relevant to customer system administrators
  • Her organization's current security setting value compared to the Cornerstone recommended value
  • Detailed descriptions of each security setting

Alicia notices that the value of one of her organization's settings is not aligned with Cornerstone's recommended value, and she wants to update to the most secure value ahead of the upcoming audit. From the Security Health Check tool, she can identify settings that require a ticket to Global Customer Support to update.

Implementation

This functionality is automatically enabled for all organizations.

Security Health Check is available in Core Functions.

Permissions

The following permission applies to this functionality:

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Security Health Check - View Grants ability to view the Security Health Check tool. This permission cannot be constrained. This is an administrator permission. Core Administration