cancel
Showing results for 
Search instead for 
Did you mean: 
CarrieMinton
Staff
Staff

No Customer Care of JIRA ticket has been opened.

The ask by Morgan Stanley is to have SS&C update Communications to use a 3rd party certificate instead of the self-signed certificate.

The Morgan Stanley CISO team believes this is a security risk and should be remediated by SS&C with either a short-term solution if we can't provide a long-term solution this year.  The short-term solution could be to rotate the certificate in the SS&C Hosted environment by November 2022.

Risk - Self-signed certificates introduce a risk of server impersonation attack. 

Remediation - Vendor must ensure that the certificate used for authentication is not self-signed and is actually signed by a Trusted third party Certificate Authority.

Risk- Not rotating the certificates introduces the risk of certificate keys becoming “stale” and increases the likelihood that they will be compromised or increasing the period for which compromised credentials are valid.