Security Health Check - Resolve a Security Setting
The Security Health Check tool enables customers to view and manage their portal’s security settings. Administrators can resolve any security issues that are displayed in this tool.
Administrators can only change the value for security issues, which are security settings that are in a critical or warning status. Further, administrators can only change security settings to the Cornerstone recommended value. To change a value for a non-security issue or to change a setting to a non-recommended value, administrators must contact customer support.
To resolve a security setting, go to . Then, select the Resolve link for a recommended action. The Security Issue flyout opens. Select the button to change the setting value.
Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Security Health Check - Edit Security Issues | Grants ability to edit security issue settings in the Security Health Check tool and set them to Cornerstone's recommended value. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Security Health Check - View | Grants ability to view the Security Health Check tool. This permission cannot be constrained. This is an administrator permission. | Core Administration |
Best Practices
- Organizations should consult with their IT Security team and test in Pilot and Stage environments before making any updates to security settings in the Production environment.
- Cornerstone maintains recommended values for portal security. Depending upon an organization’s portal configuration (ie: custom coding, scripts, etc), updating a setting to the Cornerstone recommended value may impact portal functionality (ie: custom HTML links, etc).
Frequently Asked Questions (FAQs)
What if I have no security issues?
Your security settings are set to Cornerstone's recommended values. No action for you at this time.
What is a security issue?
For your security, Cornerstone maintains recommended values for all security settings and encourages customers to review and update their portal's settings to align with Cornerstone's recommended values. A security issue is present when your portal's current security setting value does not align with Cornerstone's recommended value.
How do I resolve a security issue?
If a security issue is present, you can edit the security setting to the Cornerstone recommended value from the Security Health Check page.
We highly recommend that you review these security settings with your IT Security team and test in Pilot and Stage before applying any updates to Production.
Do I need to resolve my security issue?
You may not need to resolve a security issue. For some organizations, a security setting has been intentionally set to a less secure value to support specific needs. Please consult your IT Security team before making any changes to your security settings.
What if I have no items in my Modification History?
The Modification History reflects updates to your security settings following the November 2022 release.
Please note that historical updates via Global Customer Support cases are not reflected in the Security Health Check Modification History at this time. Should you require historical detail, please reach out to Global Customer Support.
Why are some security issues labeled as critical (red) and others are labeled as warning (yellow)?
Cornerstone has designated security issues as critical (red) or warning (yellow) levels based on a number of security criteria, including but not limited to the security vulnerability the setting may expose your portal to when not set to Cornerstone recommended value. We recommend you review all security issues with your IT Security team to evaluate the risk and criticality for your portal.
Why are these settings included in my Security Health Check?
The full list of settings that are displayed in your Security Health Check are commonly requested by customers or used during Penetration Tests.