Application Security

In order to be compliant with state and federal requirements regarding application security and the protection of Personally Identifiable Information (PII), a new security level has been added to AIM 6.8 to mask PII from unsecured users.

The applicable standards are a compilation of various security controls found in the regulatory or industry standards and best practices such as ISO 27002, PCI,Massachusetts Law (201 CMR 17.00), CobiT, HIPAA, and GLBA, as well as the demonstrated expectations of the Federal Trade Commission.

A user with a security level below that set in your database can view all data entered in fields until such time as the entry is saved. Once saved, your unsecured user can view only the last four (4) characters of the data in that field.

It is important to note that masked fields are not masked in AIM-generated reports or documents.

In this documentation, we demonstrate the new security levels; outline the fields masked in AIM, AIM Accounting, Claims Manager and Data Maintenance Utility; and discuss the entering and editing of data in masked fields for users below your set security level.

Security Levels & Settings

New security levels have been added to both Data Maintenance Utility (DMU), AIM Accounting

Enhanced Security, and Active Directory security rights.

System Parameters

Upon upgrade, the new security level of Show PII Data, configured in DMU, is defaulted to zero allowing all users to view data in all masked fields. This parameter applies to AIM, AIM Accounting, Claims Manager, and Data Maintenance Utility.

AIM Accounting Enhanced Security

Upon upgrade, the AIM Accounting Enhanced Security option of Show PII Data is not enabled and must be selected to enable it. This parameter overrides the DMU parameter if the Enhanced Security feature is employed in AIM Accounting. This parameter applies only if your agency is employing the Enhanced Security feature of AIM Accounting, and overrides the DMU System Parameter for purposes of AIM Accounting security.

Active Directory

The Show PII Data security right has also been added to the available Active Directory Security Rights.

Masked Fields

When a field is masked you can view only the last four (4) characters of the data held in that field.

Though fields are masked in the user interface, they are fully displayed for purposes of AIM-generated reports and documents. Masked fields for each module are listed below.

AIM

Add/Edit Named Insured, Pg. 2 tab: License, and FEIN/SSN.

Driver Unit At Risk, Add/Edit Driver Information, Driver Information tab: SSN and License.

AIM Accounting

Admin Module

Edit Vendors, Edit tab: Federal Tax ID.

Accounts Receivable Module

Enter Cash Receipts, Receive Payment, Payment Application tab, Payor Bank Info tab: Account Number.

Company & Vendor Payable

Check Preparation, Prepare Company Payable Check Batch window, Payee Information tab, Payee Bank Information tab: Account Number.

Check Detail tab, Payee Detail tab, Payee Bank Information tab: Account Number.

Claims Manager

Add/Edit Claim, Claimant Additional Info tab: SSN/FEIN.

Table Maintenance, Name Master, Tax Info tab: SSN/Tax ID.

Data Maintenance Utility

Agent Table, Agent Detail tab, Basic Tab: Tax ID.

Entering & Editing Data in Masked Fields

For a user that does not hold the proper security level to view masked data, the following is an example of what to expect when entering and editing data in those fields. In our example, the security level is set to 9 while our user possesses a level of 7.

Entering Data in Masked Fields

While entering the data, the full entry is displayed when tabbing out of the field.

Once saved, attempting to view data results in the field being masked to view.

Editing Data in Masked Fields

Data in masked fields may be deleted or edited, as the data is only protected from view.

Upon entry to the screen, note that the data is displayed as masked.

  1. Place the cursor in the field to be edited.
  2. Press Backspace or Delete to clear the entire field.
  3. Enter the replacement data. Press Tab to move your cursor from the FEIN/SSN field and mask the data that you entered.
  4. Click OK to save the new entry or click Cancel to abandon your changes and retain the original information.

You can useWindows keyboard shortcuts in these fields, but note that if copied and pasted after being masked, only the masked data is displayed. For example, if you copy ***-**-1234 using Ctrl + C, then that data is pasted as ***-**-1234 when using Ctrl + P. Ctrl + Z and Ctrl + X do not replace data in nor cut data from the field.