web app – Visually hidden labels, usability, accessibility and WCAG 2.1 compliance

I’m trying to understand how visually hidden labels fit within the accessibility and the WCAG 2.1 spec. It seems to me that as long as an input has a programatically associated label (whether that be a label element or through ARIA), it is compliant.

I did find that SC 2.5.3 has a note which states:

Note that where a visible text label does not exist for a component, this Success Criterion does not apply to that component.

However, I’m a little unsure how a sighted user who uses voice control would be able to use an input with a visually hidden label. Would they simply have to guess at the label name? Are there any other cases like this where a WCAG-compliant input would not be accessible because of a hidden?

I’m hoping somebody with a bit more accessibility knowledge could help guide me on this! Any comments on the general usability of inputs without a visible label are also much appreciated.

Grow your business by digitizing your firms’ compliance

Register Here
https://tinyurl.com/yzf2js2u

To join our Global Compliance Webinar as we show you how to:
– Tackle Compliance Challenges with a limited budget
– Ease the burdensome compliance tasks
– Meet the regulatory mandates more efficiently
– Eliminate the compliance obstacles impeding the company’s growth
– Implement attentiveness to crucial compliance issues
– Gain a competitive edge with Compliance Automation
– Streamline the end-to-end compliance workflow

 

Grow your business by digitizing your firms’ compliance amidst the pandemic

Register Here
https://tinyurl.com/yzf2js2u

To join our Global Compliance Webinar as we show you how to:
– Tackle Compliance Challenges with a limited budget
– Ease the burdensome compliance tasks
– Meet the regulatory mandates more efficiently
– Eliminate the compliance obstacles impeding the company’s growth
– Implement attentiveness to crucial compliance issues
– Gain a competitive edge with Compliance Automation
– Streamline the end-to-end compliance workflow

 

man in the middle – PCI DSS Compliance and Firewalling Dynamic Hosts with MITM Certificates

Question

Would using a firewall MITM capability to inspect all HTTPS web requests be against PCI compliance/rules?

Further Info

We have an issue where we need to allow access to some HTTPS sites on hosts that are in the PCI zone. The option we’re leaning towards is to load the firewall certificate as a trusted CA on the hosts that need to access these sites so that the firewall can inspect the requests – this would also impact requests off to the payment providers.

To me, this seems like bad practice and seems like something that shouldn’t be allowed under PCI (what if the firewall certificate is compromised etc).. but are also lots of use cases where I’ve seen this (in particular in workplaces)..

Is this allowed under PCI DSS rules? Any info on which rules would or would not allow this (if any) would be helpful.

mobile application – WCAG 2.1 Compliance: How does it apply to password-protected web and native apps

As stated in the title, I’m curious if anyone has resources explaining (or experiences with) any adjusted WCAG criteria for “gated” applications. Does something being behind a password wall, with specialized tools and even more advance functionality tied to having a business credit card, fall into the same bucket as general web requirements (I oversee design at a fintech). Fortunately, I’d designed it so that the vast majority of our application is already visually compliant (couple of color contrasts to adjust, but no biggy), but the markup itself has some shortcomings, and it’s unclear if it’s an all-or-nothing deal for apps that are…pseudo-public.

To be very clear: not looking for excuses to avoid making our application compliant. I have an extensive background in designing public sites and apps for non-profits and government entities, and am comfortable with and a huge proponent of digital accessibility. It’s all gonna get done, as fast as possible. However, I have limited resources at the moment, so it’s a matter of what is a requisite and should be done first, vs. fast follows.

I’ve scoured WCAG guidelines, supplemental material, etc., and have yet to find a definitive answer one way or the other. Any advice would be much appreciated.

How to make the Azure MySQL log events for Security Compliance

We currently in the process of the Implementing below Standards required.

https://www.cyber.gov.au/acsc/view-all-content/guidance/event-logging-and-auditing

Does anyone has any idea on how we can archive this below requirement of the logging, in a Azure Cloud MySQL Database System ? What sort of software’s we can use? or Any other idea’s on doing this ?

Security Control: 1537;
The following events are logged for databases:

access to particularly important data
addition of new users, especially privileged users
any query containing comments
any query containing multiple embedded queries
any query or database alerts or failures
attempts to elevate privileges
attempted access that is successful or unsuccessful
changes to the database structure
changes to user roles or database permissions
database administrator actions
database logons and logoffs
modifications to data
use of executable commands.

❕NEWS – Binance CEO in Compliance With Regulators To Acquire Global License. | Proxies-free

The recent crackdown on Binance by the financial regulatory authorities of UK, Germany and few other countries has brought positive development to the platform as the CEO Changpeng Zhao, revealed via his Twitter handle that the platform is already getting licenses and approvals from countries existing legal framework for crypto exchanges. How did you feel about this update?.

sharepoint online – MS Flow which send an email containing all the activities that has been done on a list or library from the compliance center audit logs

Inside Office 365 compliance center we can generate reports as follow:-

enter image description here

But i am not sure if i can automate this process using Power automate ? for example to create a power automate flow >> which will integrate with the compliance center audit’s api or using built-in actions and generate an email containing all the activities that has been done on a list or library and send it on daily/weekly basis ?

Thanks in advance for any help.

Regards

How do you monitor the security control compliance for third party providers?

It depends on your risks and if you need a certain level of assurance in order to keep your risks to an acceptable level.

Questionnaires are standard, but you need a security person who can understand the responses.

Most 3rd parties get assurance from 3rd party auditing and certification. That’s where SOC 2 Type 2 reports come in handy, ISO 27k certification, etc.