Please discribe the user registration process
Which users will receive access to interface within your platform (for support purposes etc.)
Are there usage limits for super users, and are they enforced?
Are user passwords set to expire every 90 days?
Are default accounts, such as the guest account, disabled, deleted, and/or renamed when operating systems or products are installed?
Do all laptops that have access to customer data have full disk encryption enabled?
In cases where the vendor maintains the usernames & passwords, does the application have an account lockout policy of after 5 unsuccessful login attempts, the account is locked and remains locked for at least 20 minutes or until a system administrator unlocks the account?
In cases where the vendor maintains the usernames & passwords, what measures are in place to prevent brute force attacks?
In cases where the vendor maintains the usernames & passwords, what’s the process for viewing an entire list of Booz Allen users?
In cases where the vendor maintains the usernames & passwords, what’s the process for deleting Booz Allen accounts?