Hitachi ID Access Certifier is designed to be secure. It is protected using a multi-layered security architecture, which includes running on a hardened OS, using file system ACLs, providing strong application-level user authentication, filtering user inputs, encrypting sensitive data, enforcing application-level ACLs and storing log data indefinitely.
Access Certifier never requires plaintext passwords to be stored in configuration files or scripts and does not store plaintext passwords anywhere. Access Certifier does not ship with a default administrator password -- one must be typed in at installation time.
These security measures are illustrated in Figure [link].