Version 4.15

14 September 2020

[FEATURE] Reports: Check overview list is displayed in full width

[FEATURE] Check: New AT-GA-0010-01: Parameter auth/no_check_in_some_cases must be active

[FEATURE] Check: New CF-IS-0004-01: Reject expired passwords for SICF services

[FEATURE] Check: New CF-SM-0003-01: MMC HTTP access should be restricted via an ACL

[FEATURE] Check: New CF-SM-0003-02: MMC HTTP access should be restricted via an ACL

[FEATURE] Check: New CF-SM-0004-01: MMC HTTPS access should be restricted via an ACL

[FEATURE] Check: New CF-SM-0004-02: MMC HTTPS access should be restricted via an ACL

[FEATURE] Check: New CF-KE-0005-01: XSRF protection via dynp/confirmskip1screen

[FEATURE] Check: New CF-JC-0003-01: Server version information disclosed via server header

[FEATURE] Check: New CF-JC-0004-01: System cookies protection via SystemCookiesDataProtection

[FEATURE] Check: New CF-JC-0005-01: System cookies protection via SystemCookiesHTTPSProtection

[FEATURE] Check: New CF-JC-0006-01: Self registration must be switched off

[FEATURE] Check: New CF-JC-0007-01: Logon ticket marked as secure cookie to enforce send via SSL

[FEATURE] Check: New CF-JC-0008-01: Logon ticket HttpOnly stopping malicious client-side scripts

[FEATURE] Check: New CF-JC-0009-01: Logon ticket lifetime

[FEATURE] Check: New CF-JC-0010-01: Enablement of XML hardener

[FEATURE] Check: New CF-DC-0039-01: Number of HANA users with DATA ADMIN role

[FEATURE] Check: New CO-PP-0044-01: Security policy: PASSWORD_CHANGE_INTERVAL

[FEATURE] Check: New EN-SN-0007-01: Log unencrypted RFC Calls

[FEATURE] Check: New IN-LO-0024-01: Integrity of SAP ABAP security log

[FEATURE] Check: New IN-LO-0025-01: Log IP-adresses instead of terminal name in SAP Security log

[FEATURE] Check: New IN-LO-0026-01: Selection slots assigned to the SAP Security log

[FEATURE] Check: New IN-LO-0027-01: Generic user selection of SAP Security log

[FEATURE] Check: New security notes checks