LabVIEW

Hi Craig,

We actually do have a pretty good Developer Zone tutorial that walks through creating an FDA 21 CFR 11 Compliant application using DSC.  It includes an example link (although written for an older version, I was able to open and run the VI with 2010).  Have you seen this already and did it help?

There's also a KnowledgeBase article that we have to describe some additional options for creating a similar application using some tools from one of our Alliance Partners

Hi, Austin,

Thanks for the reply.  Yes, I have read through the Developer Zone tutorial many times, and have been using it as a reference.  I posted a question a couple of months ago that you replied to about how to set minutes idle until logoff and number of failed login attempts.  I was able to implement an automatic logout feature after a number of minutes of inactivity in the application just fine.  However, in the very last part of the article, it says this:

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.

Although it is ultimately the responsibility of the developer to implement procedures to ensure that this regulation is met, the DSC module provides you with some tools to help. The locking out of user names that fail consecutive logins can help to identify a compromised user name. Also, the administrator can deactivate any user name and can add a new temporary user name and password if necessary.

(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

The user lockout feature after a specified number of consecutive failed logins is a safeguard against unauthorized access to the system. In addition to this feature, you can log any failed login in a system file that the administrator can monitor to be notified of the failed events.

You can see from the underlined statements that this used to be a feature in the DSC module, but it appears to me that there is no longer any way to disable a user account except through the Domain Account Manager.  Perhaps that is enough to satisfy part (c) of the above regulation now, but it seems like a useful feature to have so that an unauthorized person cannot sit there all day long trying passwords for a specific account.  I have looked through all of the property node and invoke node classes and methods, but could find nothing pertaining to security or user accounts.  A search of the help pages also turns up nothing.  Did I miss something?

In the other passage I underlined, there is a reference to logging failed login attempts to a system file, but again I have not been able to find any kind of reference to how to do this.  Do you have any idea?  The standard read/write files will not work because system log files are generally protected, hidden, or encrypted.  Besides, if the program attempts to write to a system file with user permissions and not administrator permissions it won't work.  If it did work, then the user could just go and alter those system files to erase any record of their doings.  So really, logging failed login attempts in a system file is not a trivial task as the underlined statement above suggests.  Any suggestions would be appreciated...

Thanks,

Craig

Hi Craig,

Thanks for the clarification.  I spoke with a couple members of our R&D team to get a little more clarification on this myself.  It appears that the wording here may be a little misleading and we're not aware of any features that specifically came with older versions of DSC to allow you to do this.  It looks like what this document is talking about is that you'll have the ability to implement these functions (programmatically or other manual ways), but it doesn't look like these are actual features that will automatically allow you to do this easily.

As far as writing to a file goes, it looks like the documentation is referring to opening a file on your system and writing the data to it when a user has failed a certain number of times.  Again, we're not aware of any feature that was included to automatically allow you to write to a 'system' log file.  I agree with you in that the wording there could be a little confusing and makes it seem as though this is a built-in feature of DSC.

Honestly, in order to develop an FDA-compliant application like this, you may be able to save both time and money on implementation by using one of our Alliance Partners, Jova Systems, who have built a FDA-compliant wrapper around DSC.

Hi, Austin,

Thanks for checking into it for me, and for the suggestion about Jova Systems.  I'll see what I can come up with...

Best Regards,

Craig