Encryption

Will any, or all, customer data be encrypted at rest within the system? If yes, provide details of what data will be encrypted and of the strength and type of encryption used.

All data at rest is encrypted with AES 256 or stronger algorithms.

Will password hashing be used within the system; if so where, to what standard and will any salting be used?

Yes, password hashing be used within the system. Passwords are salted and hashed using bcrypt.

Please state what system enforced password settings are active for: Password Minimum Length/ComplexityPassword Change IntervalLockout (after incorrect password entries)Password aging/historyCan you also state, what additional measures will be in place, to secure administrator accounts. (e.g. stronger passwords, 2FA or crypto keys required to access systems)? Can you confirm all default passwords have been changed?

Trint's password policy states that all passwords must include a minimum of 8 characters including one uppercase, one lowercase and one number. Password change interval not yet supported 10 failed attempts from the same IP address results in the IP address being blocked. Password aging not yet supported No additional password requirements for administrator accounts (2FA not yet supported), SSO recommended. All default passwords are changed immediatly on activation.