Security related questions about AutoPIPE:
1. Questions related to software security
Our security team generally routes security-related inquiries to our Trust Center.
2. Does Log4J pose a threat to AutoPIPE?
No, AutoPIPE products does not use any open source coding and is not written in Java. Therefore, LOG4J is not a threat in anyway to AutoPIPE..
In addition, please see WIKI page here.
3. Our company has a stringent set of security questions (200+ questions) that need to be answered before doing business, how can we get all of these questions answered?
First log a new case and send an excel file with 1 question on each row. The answer will be provided in the next column, the file saved, and sent back for your review.
4. Outstanding application vulnerability/security patch(es) for our current version
AutoPIPE development team does not provide security patches for current or older software. It is the user's responsibility to protect their computer system.
See WIKI here for list of program versions. Further below this listing is a hyperlink for Release notes on most of the versions released.
5. Noticed that MFA sign-in frequency has increased, what can be done to decrease the number of times to perform MFA sign-in?
Should the increased frequency of MFA prompts continue for more than 24 hours after a successful login you should perform a self-service password reset at: https://passwordreset.microsoftonline.com/
6. Is AutoPIPE FIPS compliant?
As of Dec 2023, from ECCN against encryption; Functionally – No. AutoPIPE's program source does contain libraries and functions capable of performing encryption. In addition, no testing has been performed with AutoPIPE using Windows in a FIPS 140-2 approved mode of operation. User are urged to test in these environments and advise Bentley technical support group of any issues that arise.