|SAP NetWeaver at SAP.com|
With SAP NetWeaver, IT organizations can ensure IT compliance and support security across the entire software life cycle with secure development processes, secure configuration, and security compliance.
For further details on the topic Compliance please refer to SAP Developer Network (SDN) .
For further details on the topic Software Lificycle Security please refer to SAP Developer Network (SDN) .
|Secure Product Development and Security Governance||
SAP NetWeaver provides a development framework to build secure applications. SAP delivers best practices to IT organizations that provide recommendations on how to improve security across their IT environment. These best practices for security are an integral part of the product innovation life cycle (PIL) development model supported by SAP, ensuring that SAP solutions are developed and evaluated to ensure legal compliance, avoidance of potential vulnerabilities, and lower total cost of ownership.
With SAP NetWeaver, IT
organizations can install, configure, and activate software in a
secure manner. Once installation is complete, IT professionals can
limit authorization to the operating system and communication ports
to reduce risk across the system landscape. Next, IT professionals
can use templates delivered by SAP to quickly define role-based
access to necessary applications and content. Finally, IT
professionals can use the SAP Solution Manager to scan the system
for security risks, rank vulnerabilities, crate a report for
analysis, and implement security measures to optimize security
across the business network.
|Secure Change Management||
SAP recommends that IT organizations establish a three-system landscape that includes a development system, a test system, and a production system to increase security. This enables IT organizations to manage systems changes for each system independently, ensuring greater reliability and availability of the production system. Additionally the transports of code between the three systems can be
electronically signed to
guarantee their integrity and authenticity.
SAP NetWeaver allows IT
organizations to comply with security regulations by providing
audit trail capability and reporting features. In addition, SAP
NetWeaver Identity Management provides integration with SAP
Solutions for Governance, Risk and Compliance to ensure compliance
with regulations like BASEL II or the Sarbanes Oxley Act.
Finally, SAP communicates best practices regularly to help IT
organizations ensure they are complying with security