Compliance Sheriff Technical Note Checkpoints and ... Sheriff...Technical note: Checkpoints and...

Technical note: Checkpoints and checkpoint groups

Compliance Sheriff V5.1.0 © 2016 Cryptzone North America Inc.

TECHNICAL NOTE

Checkpoints and checkpoint groups

Version 5.1.0


i Compliance Sheriff V5.1.0 © 2016 Cryptzone North America Inc.

Copyright information

Copyright © 2016 Cryptzone North America Inc. All rights reserved.

Information in this document is subject to change without notice and does not represent a commitment on the part of

the vendor or its representatives. Permission to use, distribute, or copy not granted without written approval. No part of

this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

photocopying, without the written permission of Cryptzone North America Inc. Complying with all applicable copyright

laws in the US and other countries is the responsibility of the user.

The Cryptzone logo, Security Sheriff, Compliance Sheriff, and Compliance Deputy are trademarks of Cryptzone North

America Inc. Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries. All

other product names mentioned herein are trademarks of their respective owners.

Technical support

For licensing or technical support information, please submit your requests via the Cryptzone Help Center at

http://support.cryptzone.com using your Service Cloud account. For more information, visit www.cryptzone.com.

http://support.cryptzone.com/

http://www.cryptzone.com/


ii Compliance Sheriff V5.1.0 © 2016 Cryptzone North America Inc.

Contents

1. About this document ............................................................................................................................................. 1

2. Checkpoint groups ................................................................................................................................................. 2

Accessibility Module ........................................................................................................................................................ 2

Privacy Module ................................................................................................................................................................ 3

SiteQuality/SEO Module .................................................................................................................................................. 5

OpSec Module .................................................................................................................................................................. 5

3. Checkpoints ........................................................................................................................................................... 6

Accessibility Module ........................................................................................................................................................ 6

Privacy Module .............................................................................................................................................................. 27

SiteQuality/SEO Module ................................................................................................................................................ 40

OpSec Module ................................................................................................................................................................ 42

4. Compiled checkpoints ......................................................................................................................................... 44


1 Compliance Sheriff V5.1.0 © 2016 Cryptzone North America Inc.

1. About this document

Checkpoints are instructions that are used by Compliance Sheriff scans to check that web pages conform to certain

predetermined rules or guidelines. The Compliance Sheriff checkpoints are defined and grouped based on the compliance

modules available – Accessibility, Privacy, Site Quality/SEO and OpSec. These out-of-the-box (OOTB) checkpoints can be

modified to suit different environments. Compliance Sheriff also allows custom checkpoints to be created to meet the

specific compliance requirements of any organization.

This document provides the OOTB checkpoint groups and checkpoints that are installed with Compliance Sheriff. The

availability of these checkpoints and groups depend on the compliance modules you have licensed.

For licensing or technical support information, please submit your requests via the Cryptzone Help Center

(http://support.cryptzone.com) using your Service Cloud account. For more information, visit www.cryptzone.com.

http://support.cryptzone.com/

http://www.cryptzone.com/



2. Checkpoint groups

The tables below list the major checkpoint groups based on their compliance module. It does not list the subgroups

referenced by the main groups. Note that groups can contain either checkpoints or subgroups, and subgroups can only

contain checkpoints.

Accessibility Module

Checkpoint Group Contains Description

Section 508 Groups Main Section 508 Checkpoint group. Checks if content conforms to Section 508 accessibility guidelines. Contains all subgroups: Section 508 – 1194.22(a)-(p).

Web Content Accessibility Guidelines 2.0 Groups Main group for WCAG 2.0. Contains all subgroups: WCAG 2.0 – Guideline 1.1 – 4.1.

WCAG 2.0 - Compliance Level A Groups The minimum WCAG 2.0 standard for accessibility.

WCAG 2.0 - Compliance Level AA Groups The intermediate WCAG 2.0 standard for accessibility (must also pass level A).

WCAG 2.0 - Compliance Level AAA Groups The highest WCAG 2.0 standard for accessibility (must also pass levels A and AA)

Web Content Accessibility Guidelines 1.0 Groups Accessibility standard for web content, now superseded by WCAG 2.0.

WCAG 1.0 Priority 1 Checkpoints Contain WCAG 1.0 Priority 1 checkpoints. A web content developer must satisfy this checkpoint. Otherwise, one or more groups will find it impossible to access information in the document. Satisfying this checkpoint is a basic requirement for some groups to be able to use web documents.

WCAG 1.0 Priority 2 Checkpoints Contain WCAG 1.0 Priority 2 checkpoints. A Web content developer should satisfy this checkpoint. Otherwise, one or more groups will find it difficult to access information in the document. Satisfying this checkpoint will remove significant barriers to accessing Web documents.

WCAG 1.0 Priority 3 Checkpoints Contain WCAG 1.0 Priority 3 checkpoints. A Web content developer may address this checkpoint. Otherwise, one or more groups will find it somewhat difficult to access information in the document. Satisfying this checkpoint will improve access to Web documents.

Alt Text Quality Report Checkpoints Allows users to validate content for proper quality as related to valid alt-text for images based on best practices. These checks include the validation of the alt-text value for the word "image", image file name extensions, length of alt-text, and repeated words.




Accessibility Statistics Checkpoints Allows various accessibility statistics to be shown in the summary section of the report. This summary contains information such as the Image summary, showing the total number of image elements found, the number of images with or without alt text, and so on.

Compliance Insight – Accessibility Groups Special group that binds other subgroups that provides a summary on Contrast Ratio, Images, Labels, Links and Tables. As this group uses a subgroup.

Mobile Web Accessibility Checkpoints Allows user to test mobile web sites against various checkpoints to validate image sizes, large graphics, access keys, caching, etc.

Privacy Module


Compliance Insight - Privacy Groups Privacy>3rd Party Linking Privacy>PII Privacy>Policy Compliance Privacy>Visitor Tracking

COPPA - Children's Online Privacy Protection Act

Groups Websites that collect information from children under the age of thirteen are required to comply with Federal Trade Commission ( FTC ) Children's Online Privacy Protection Act (COPPA).

Financial Information Privacy Monitoring Groups Checks if content conforms with corporate and federal privacy standards concerning financial information

FISMA - Federal Information Security Management Act

Groups FIP Monitoring HIP Monitoring PII Monitoring Privacy Policy Secure methods for data collection Tracking Technologies

Health Information Privacy Monitoring Groups Checks if content conforms with corporate and federal privacy standards concerning health information

HIPAA - Collection, Use and Disclosure Limitations and Protections

Checkpoints The Collection, Use and Disclosure Limitation and Protections principle states that individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately.

HIPAA - Health Information Security Checkpoints The Safeguards Principle states that individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.




HIPAA Health Insurance Portability and Accountability Act

Groups Provides coverage for Health Information Security, Openness and Transparency, Individual Choice, and Safeguards principles of the Health Information Portability and Accountability Act (HIPAA)

HIPAA - Openness, Transparency and Individual Choice

Checkpoints Openness and Transparency and Individual Choice Principles overlap in what HiSoftware can do for them, so the principles will be combined into one report driven by the following check point Groups

MA 201 CMR 17.00 Groups PFI>Bank Account Indicators PFI>Credit Card Indicators PII>Custom Number, Characteristic, and/or Code Indicators PII>Name Indicators PII>Social Security Number Indicators

OMB M-10-22 Groups Guidance for Online Use of Web Measurement and Customization Technologies

Personally Identifiable Information Monitoring

Groups

PFI Personal Financial Information Groups

PHI Protected Health Information Groups

PII Personally Identifiable Information Groups Checks if content contains personally identifiable information prohibited by privacy standards.

Privacy Policy Groups Privacy>P3P Usage Privacy>Policy Compliance

Privacy Groups

Secure methods for data collection Checkpoints

Sensitive Organizational Content (SOC) Groups Checks if content reveals sensitive information about your organization

Tracking Technologies Groups OMB M-10-22 Privacy>Visitor Tracking Web Tracking>Beacons Web Tracking>Cookies

Web Tracking - Network Advertising Initiative Compliance

Checkpoints

Web Tracking Groups



SiteQuality/SEO Module


Compliance Insight - SEO Groups

Search Engine Optimization Checkpoints

Compliance Insight - SEO Groups

HIPAA - Data Quality, Integrity and Correction

The Correction principle states that Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied.

Site Quality - Link Validation Checkpoints

Site Quality - Offensive Content Checkpoints

Site Quality - Page Load Time Checkpoints

Site Quality - Spell Check Checkpoints

OpSec Module


Compliance Insight - Data Security Checkpoints

Operational Security Checkpoints



3. Checkpoints

The tables below list the OOTB checkpoints used within various checkpoint groups that make up of Compliance Sheriff

compliance modules. It includes new and updated checkpoints delivered in version 4.3 or later. If you’re performing an

upgrade, these new/updated checkpoints (and the checkpoint groups and subgroups that they are defined in) are not

automatically put into production. Once you have reviewed this list, refer to the Compliance Sheriff Installation Guide for

more information on how to apply these checkpoints and the above checkpoint groups.

Accessibility Module

Checkpoint Short Description Priority Group Subgroup

Section 508

a.1 All IMG elements are required to contain either the ALT or LONGDESC attribute.

1 Section 508 1194.22(a)

a.2 All APPLET elements are required to contain both element content and the ALT attribute.

1 Section 508 1194.22(a)

a.3 When EMBED elements are used, the NOEMBED element or ARIA attributes are required in the page.

1 Section 508 1194.22(a)

a.4 All OBJECT elements are required to contain element content.

1 Section 508 1194.22(a)

a.5 All SVG elements are required title or desc child element or ARIA attributes for providing description.

1 Section 508 1194.22(a)

a.6 All IFRAME elements which has non- text content, contains title or ARIA attribute for providing description.

1 Section 508 1194.22(a)

a.7 All Figure elements are required to have figcaption for describing purpose of element.

1 Section 508 1194.22(a)

b.1 Identify all OBJECT Elements that have a multimedia MIME type as the type attribute value

1 Section 508 1194.22(b)




b.2 Identify all OBJECT Elements that have a DATA attribute value with a multimedia file extension

1 Section 508 1194.22(b)

b.3 Identify all EMBED elements that have a SRC attribute value with a multimedia file extension

1 Section 508 1194.22(b)

b.4 Identify all links that have an HREF attribute value with a multimedia file extension

1 Section 508 1194.22(b)

b.5 Identify all VIDEO or AUDIO Elements that have a track child element with KIND attribute values subtitles, captions or descriptions.

1 Section 508 1194.22(b)

b.6 Identify all IFRAME elements that have a SRC attribute value with an external known webpage's video.

1 Section 508 1194.22(b)

c.1 Ensure that all information conveyed with color is also available without color, for example from context or markup

1 Section 508 1194.22(c)

d.1 Organize documents so they may be read without style sheets

1 Section 508 1194.22(d)

d.2 Ensure Color and background color may be specified at any level in the cascade of preceding selectors, by external stylesheets or through inheritance rules for all elements.

1 Section 508 1194.22(d)

d.3 Making the DOM order match the visual order

1 Section 508 1194.22(d)

e.1 Locate any IMG element that contains the ISMAP attribute

1 Section 508 1194.22(e)




e.2 No INPUT element should contain the USEMAP attribute

1 Section 508 1194.22(e)

f.1 All AREA elements are required to have the ALT attribute

1 Section 508 1194.22(f)

f.2 No IMG element should contain the ISMAP attribute

1 Section 508 1194.22(f)

f.3 No INPUT element should contain the ISMAP attribute

1 Section 508 1194.22(f)

g.1 For data tables, identify row and column headers

1 Section 508 1194.22(g)

h.1 For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells

1 Section 508 1194.22(h)

i.1 All IFRAME elements are required to contain element content

1 Section 508 1194.22(i)

i.2 All FRAME elements are required to contain the title attribute

1 Section 508 1194.22(i)

i.3 All FRAMESET elements will be checked for the NOFRAMES element

1 Section 508 1194.22(i)

j.1 Pages are required not to contain the BLINK element

1 Section 508 1194.22(j)

j.2 Until user agents allow users to control blinking, avoid causing content to blink

1 Section 508 1194.22(j)

k.1 Check for a 'Text Only Version' link that provides equivalent access to a page

1 Section 508 1194.22(k)

l.1 Verify information provided by scripts shall be identified with functional text that can be read by assistive technology.

1 Section 508 1194.22(l)




l.2 When SCRIPT elements are used, the NOSCRIPT element is required in the page

1 Section 508 1194.22(l)

l.3 Ensure that all anchor elements that use JavaScript in the link target describe purpose of the link through content or ALT attribute.

1 Section 508 1194.22(l)

m.1 All pages that have links to files that require a special reader or plug-in are required to contain the specified text indicating a link to the reader or plug- in

1 Section 508 1194.22(m)

n.1 Identify all LABEL elements used within FORM elements

2 Section 508 1194.22(n)

n.2 All INPUT elements are required to contain the ALT or TITLE attribute, or use a LABEL

2 Section 508 1194.22(n)

n.3 Associate labels explicitly with their controls (SELECT elements)

2 Section 508 1194.22(n)

n.4 Associate labels explicitly with their controls (TEXTAREA elements)

2 Section 508 1194.22(n)

n.5 Ensure that all LABEL 'FOR' attributes match another control

2 Section 508 1194.22(n)

n.6 Ensure that Placeholder attribute should not be used as an alternative to a label for all input elements.

2 Section 508 1194.22(n)

n.7 Ensure that all elements with role=application use either aria- labelledby or aria-describedby attribute.

2 Section 508 1194.22(n)

n.8 Ensure that all elements with required attribute contains required, mandatory or * in content of label.

1 Section 508 1194.22(n)




n.9 All elements which has role attribute checkbox or radio, set value of aria- checked either in HTML page or JavaScript.

1 Section 508 1194.22(n)

o.1 Pages should contain a bookmark link to skip navigation

1 Section 508 1194.22(o)

p.1 Pages are required not to use the META element with the HTTP-EQUIV attribute value 'refresh

1 Section 508 1194.22(p)

p.2 Allow users to complete an activity without any time limit

1 Section 508 1194.22(p)

WCAG 2.0

Accessibility20 C12 Use percent, em, or named font size for font sizes

2 WCAG 2.0 AA Criterion 1.4.4

Accessibility20 C15 Use CSS to change the presentation of a user interface component when it receives focus

2 Not Assigned

Accessibility20 C17 Scaling form elements which contain text


Criterion 1.4.8

Accessibility20 C27 Making the DOM order match the visual order

2 WCAG 2.0 A Criterion 1.3.2

Criterion 2.4.3

Accessibility20 C30 Using CSS to replace text with images of text and providing user interface controls to switch


Criterion 1.4.9

Accessibility20 F10 Failure of Success Criterion 2.1.2 and Conformance Requirement 5 due to combining multiple content formats in a way that traps users inside one format type


Accessibility20 F14 Failure of Success Criterion 1.3.3 due to identifying content only by its shape or location





Accessibility20 F24 Failure of Success Criterion 1.4.3, 1.4.6 and 1.4.8 due to specifying foreground (text) colors without specifying background colors or vice versa


Criterion 1.4.6

Criterion 1.4.8

Accessibility20 F3 Failure of Success Criterion 1.1.1 due to using CSS to include images that convey important information


Accessibility20 F30 Failure of Success Criterion 1.1.1 and

1.2.1 due to using text alternatives that are not alternatives.


Compliance Insight Accessibility

Images

Accessibility20 F4 Failure of Success Criterion 2.2.2 due to using text-decoration:blink without a mechanism to stop it in less than five seconds


Accessibility20 F66 Failure of Success Criterion 3.2.3 due to presenting navigation links in a different relative order on different pages


Accessibility20 F67 Failure of Success Criterion 1.1.1 and

1.2.1 due to providing long description for non-text content that does not serve the same purpose or does not present the same information


Accessibility20 F84 Failure of Success Criterion 2.4.9 due to using a non-specific link such as "click here" or "more" without a mechanism to change the link text to specific text.


Accessibility20 G105 Save data so that it can be used after a user re-authenticates

3 WCAG 2.0 AAA Criterion 2.2.5

Accessibility20 G107 Use "activate" rather than "focus" as a trigger for changes of context





Accessibility20 G130 Provide descriptive headings


Accessibility20 G134 Validate Web pages 1 WCAG 2.0 A Criterion 4.1.1

Accessibility20 G14 Ensure that information conveyed by color differences is also available in text


Accessibility20 G141 Organize a page using headings


Accessibility20 G144 Ensuring that the Web Page contains another CAPTCHA serving the same purpose using a different modality


Accessibility20 G145 Ensure that a contrast ratio of at least 3:1 exists between text (and images of text) and background behind the text


Criterion 1.4.6


Contrast Ratio

Accessibility20 G149 Using user interface components that are highlighted by the user agent when they receive focus


Accessibility20 G151 Provide a link to a text transcript of a prepared statement or script if the script is followed


Accessibility20 G158 Provide a full text transcript for the audio


Accessibility20 G159 Provide a full text transcript of the video content


Criterion 1.2.8


3 Compliance Insight Accessibility

Contrast Ratio

WCAG 2.0 AAA Criterion 1.4.6

Accessibility20 G18 Ensuring that a contrast ratio of at least 4.5:1 exists between text (and images of text) and background behind the text


Contrast Ratio

WCAG 2.0 AA Criterion 1.4.3

Criterion 1.4.6




Accessibility20 G19 Ensure that no component of the content flashes more than three times in any 1-second period


Criterion 2.3.2

Accessibility20 G197 Using labels, names, and text alternatives consistently for content that has the same functionality


Accessibility20 G5 Allow users to complete an activity without any time limit


Accessibility20 G54 Include a sign language interpreter in the video stream


Accessibility20 G56 Mix audio files so that non-speech sounds are at least 20 decibels

lower than the speech audio content


Accessibility20 G60 Ensure all autostart sounds turns off automatically within three seconds


Accessibility20 G62 Provide a glossary 3 WCAG 2.0 AAA Criterion 3.1.3

Criterion 3.1.4

Criterion 3.1.6

Accessibility20 G69 Provide a full synchronized media text alternative including any interaction


Criterion 1.2.8

Accessibility20 G71 Provide a help link on every Web page


Accessibility20 G75 Provide a mechanism to postpone any updating of content


Accessibility20 G78 Provide a sound track that includes audio description


Criterion 1.2.5

Accessibility20 G79 Provide a spoken version of the text


Accessibility20 G8 Create an extended audio description for the synchronized media content


Criterion 1.2.5

Criterion 1.2.7




Accessibility20 G83 Provide text descriptions to identify required fields that were not completed


Accessibility20 G87 Provide closed captions 1 WCAG 2.0 A Criterion 1.2.2

Accessibility20 G89 Provide expected data format and example


Criterion 3.3.5

Accessibility20 G9 Create captions for live synchronized media


Accessibility20 G98 Provide the ability for the user to review and correct answers before submitting


Criterion 3.3.6

Accessibility20 H2 Combine adjacent image and text links for the same resource


Criterion 2.4.9

Accessibility20 H24 Provide text alternatives for the area elements of image maps


Criterion 2.4.4

Criterion 2.4.9

Accessibility20 H25 Pages are required to use the TITLE element


Accessibility20 H27 Provide text and non-text alternatives for object


Accessibility20 H28 Provide definitions for abbreviations by using the abbr and acronym elements


Accessibility20 H30 Providing link text that describes the purpose of a link for anchor elements


Criterion 2.4.9

Accessibility20 H32 Provide submit buttons 1 WCAG 2.0 A Criterion 3.2.2

Accessibility20 H33 Supplement link text with the title attribute


Criterion 2.4.9

Accessibility20 H35 Provide text alternatives on applet elements


Accessibility20 H36 Use alt attributes on images used as submit buttons


Accessibility20 H37 Use alt attributes on img elements



Images

Accessibility20 H39 1 WCAG 2.0 A Criterion 1.3.1




Use caption elements to associate data table captions with data tables


Tables

Accessibility20 H4 Create a logical tab order through links, form controls, and objects


Accessibility20 H42 Use h1-h6 to identify headings


Accessibility20 H43 Use id and headers attributes to associate data cells with header cells in data tables. Updated includes the addition of a new compiled checkpoint “Accessibility 12.4c”



Tables

Accessibility20 H44 Use label elements to associate text labels with form controls


Criterion 1.3.1

Criterion 3.3.2

Criterion 4.1.2


Labels

Accessibility20 H45 Use longdesc 1 WCAG 2.0 A Criterion 1.1.1

Accessibility20 H46 When EMBED elements are used, the NOEMBED element is required in the page


Criterion 1.2.8

Accessibility20 H51 Accessibility20 H51

Use table markup to present tabular information


Use table markup to present tabular information


Tables

Accessibility20 H53 Use the body of the object element


Criterion 1.2.3

Criterion 1.2.8

Accessibility20 H56 Use the dir attribute on an inline element to resolve problems with nested directional runs


Accessibility20 H57 Use language attributes on the html element


Accessibility20 H58 Use language attributes to identify changes in the human language





Accessibility20 H59 Use the link element and navigation tools


Criterion 2.4.8

Accessibility20 H60 Use the link element to link to a glossary


Accessibility20 H63 Use the scope attribute to associate header cells and data cells in data tables


Accessibility20 H64 Using the title attribute of the frame and iframe elements


Criterion 4.1.2

Accessibility20 H65 Use the title attribute to identify form controls when the label element cannot be used


Criterion 1.3.1

Criterion 3.3.2

Criterion 4.1.2


Labels

Accessibility20 H67 Use null alt text and no title attribute on img elements for images that AT should ignore


Accessibility20 H73 Use the summary attribute of the table element to give an overview of data tables


Accessibility20 H76 Use meta refresh to create an instant client-side redirect (copy)


Accessibility20 H79 Identifying the purpose of a link in a data table using the link text combined with its enclosing table cell and associated table header cells


Accessibility20 H83 Use the target attribute to open a new window on user request and indicating this in link text


Accessibility20 H84 Use a button with a select element to perform an action


Accessibility20 H85 Use OPTGROUP to group OPTION elements inside a SELECT





Accessibility20 H95 Using the track element to provide captions


Accessibility20 H96 Using the track element to provide audio descriptions


Accessibility20 H97 Grouping related links using the nav element


Accessibility20 HS2 Ensure images are not used instead of text except for specific cases


Accessibility20 HS3 Verification checkpoint for 1.4.6

2

Accessibility20 HS4 DEMO: Verifying compliant toolbar


Accessibility20 HS5 All functionality of the content is operable through a keyboard interface without requiring specific timings for individual keystrokes.


Accessibility20 SCR1 Allow the user to extend the default time limit


Accessibility20 SCR18 Provide client-side validation and alert


Criterion 3.3.3

Criterion 3.3.4

Accessibility20 SCR2 Using redundant keyboard and mouse event handlers


Accessibility20 SCR24 Use the target attribute to open a new window on user request and indicating this in link text


WCAG 1.0

Accessibility 1.1.1 All IMG elements are required to contain either the ALT or LONGDESC attribute

1 WCAG 1.0 Guideline 1

Priority 1

Accessibility 1.1.1a All IMG elements are required to contain either the ALT or LONGDESC attribute


Priority 1




Accessibility 1.1.2 All INPUT elements are required to contain the ALT or TITLE attribute, or use a LABEL


Priority 1

Accessibility 1.1.3 All OBJECT elements are required to contain element content


Priority 1

Accessibility 1.1.4 All APPLET elements are required to contain both element content and the ALT attribute


Priority 1

Accessibility 1.1.5 All FRAMESET elements will be checked for the NOFRAMES element


Priority 1

Accessibility 1.1.6 All IFRAME elements are required to contain element content


Priority 1

Accessibility 1.1.7 All AREA elements are required to have the ALT attribute


Priority 1

Accessibility 1.1.8 When EMBED elements are used, the NOEMBED element is required in the page


Priority 1

Accessibility 1.2.1 Locate any IMG element that contains the ISMAP attribute


Priority 1

Accessibility 1.2.2 Locate any INPUT element that contains the ISMAP attribute


Priority 1

Accessibility 1.3 Provide auditory description for multimedia presentations


Priority 1

Accessibility 1.4.1 Identify all OBJECT Elements that have a multimedia MIME type as the type attribute value


Priority 1

Accessibility 1.4.2 Identify all OBJECT Elements that have a DATA attribute value with a multimedia file extension


Priority 1




Accessibility 1.4.3 Identify all EMBED elements that have a SRC attribute value with a multimedia file extension


Priority 1

Accessibility 1.4.4 Identify all links that have an HREF attribute value with a multimedia file extension


Priority 1

Accessibility 1.5 Identify all MAP elements that use the AREA element


Priority 3

Accessibility 2.1 Ensure that all information conveyed with color is also available without color, for example from context or markup


Priority 1

Accessibility 2.2 Foreground and background color combinations provide sufficient contrast


Priority 2

Accessibility 3.1 Verify that elements do not need to be converted to an appropriate markup language


Priority 2

Accessibility 3.2 Pages are required to use the

!DOCTYPE tag


Priority 2

Accessibility 3.3.1 Use style sheets to control layout and presentation


Priority 2

Accessibility 3.3.2 Identify the use of Bold and Italic elements within the page


Accessibility 3.4 Identify use of absolute units within elements and/or style sheets


Priority 2

Accessibility 3.5 Use header elements to convey document structure and use them according to specification


Priority 2

Accessibility 3.6 Identify the use of List elements (DL, UL, OL) within the page


Priority 2

Accessibility 3.7 Identify the use of Quote and BLOCKQUOTE elements within the page


Priority 2




Accessibility 4.1 Clearly identify changes in the natural language of a page's text and any text equivalents (e.g. captions)


Priority 1

Accessibility 4.2.1 Identify the use of ABBR elements within the page


Priority 3

Accessibility 4.2.2 Identify the use of ACRONYM elements within the page


Priority 3

Accessibility 4.3.1 Pages are required to use the META element with the NAME attribute value 'language' in the Head section


Priority 3

Accessibility 4.3.2 Identify the primary language of the page by the LANG attribute of HTML element or server headers


Priority 3

Accessibility 5.1 For data tables, identify row and column headers


Priority 1

Accessibility 5.2 For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells


Priority 1

Accessibility 5.3 Identify all layout tables 2 WCAG 1.0 Guideline 5

Priority 2

Accessibility 5.4 If a TABLE is used for layout, do not use any structural markup


Priority 2

Accessibility 5.5 Provide summaries for tables


Priority 3

Accessibility 5.6 Provide abbreviations for header labels


Priority 3

Accessibility 6.1 Organize documents so they may be read without style sheets


Accessibility 6.2.1 FRAME sources: Ensure that equivalents for dynamic content are updated when the dynamic content changes


Priority 1




Accessibility 6.2.2 Verify that equivalents of dynamic content are updated and available as often as the dynamic content


Priority 1

Accessibility 6.3.1 If any anchor elements use JavaScript in the link target, a NOSCRIPT tag should also be present


Priority 1

Accessibility 6.3.2 If any AREA elements use JavaScript in the link target, a NOSCRIPT tag should also be present


Priority 1

Accessibility 6.3.3 If any elements use HTML event handlers, a NOSCRIPT tag should also be present


Priority 1

Accessibility 6.3.4 When SCRIPT elements are used, the NOSCRIPT element is required in the page


Priority 1

Accessibility 6.3.5 All OBJECT elements are required to contain element content


Priority 1

Accessibility 6.3.6 All APPLET elements are required to contain both element content and the ALT attribute


Priority 1

Accessibility 6.3.7 When EMBED elements are used, the NOEMBED element is required in the page


Priority 1

Accessibility 6.3.8 All pages that have links to files that require a special reader or plug-in are required to contain the specified text indicating a link to the reader or plug- in


Priority 1

Accessibility 6.4 Ensure that event handlers are input device-independent


Priority 2

Accessibility 7.1 Until user agents allow users to control flickering, avoid causing content to flicker


Priority 2




Accessibility 7.2.1 Pages are required not to contain the BLINK element


Priority 1

Accessibility 7.2.2 Until user agents allow users to control blinking, avoid causing content to blink


Priority 2

Accessibility 7.3.1 Pages are required not to contain the MARQUEE element


Priority 1

Accessibility 7.3.2 Until user agents allow users to freeze moving content, avoid movement in pages


Priority 2

Accessibility 7.4.1 Pages are required not to use the META element with the HTTP-EQUIV attribute value 'refresh


Priority 2

Accessibility 7.5 Do not use markup to redirect pages automatically


Priority 2

Accessibility 8.1 Make scripts and applets directly accessible or compatible with assistive technologies


Priority 2

Accessibility 9.1.1 No IMG element should contain the ISMAP attribute


Priority 1

Accessibility 9.1.2 No INPUT element should contain the ISMAP attribute


Priority 1

Accessibility 9.2 Element interface can be operated in a device-independent manner


Priority 2

Accessibility 9.3 Specify logical event handlers rather than device-dependent event handlers


Priority 2

Accessibility 9.4.1 All Anchor, AREA, BUTTON, INPUT, OBJECT, SELECT and TEXTAREA

elements are required to use the TABINDEX attribute


Priority 3




Accessibility 9.5.1 Accesskey attribute is required in at least one of A, AREA, BUTTON, INPUT, LABEL, LEGEND, and TEXTAREA

elements


Priority 3

Accessibility 10.1.1 Check A and AREA elements for valid TARGET attribute


Priority 2

Accessibility 10.1.2 Verify that scripts do not spawn new windows


Priority 2

Accessibility 10.2 Identify all LABEL elements used within FORM elements


Priority 2

Accessibility 10.3 Provide linear text alternative for all tables that lay out text


Priority 3

Accessibility 10.4.1 Include default, place-holding characters in edit boxes


Priority 3

Accessibility 10.4.2 Include default, place-holding characters in text areas (TEXTAREA)


Priority 3

Accessibility 10.5 All Anchor elements not surrounding images cannot be directly adjacent


Priority 3

Accessibility 11.1 Use W3C technologies when they are available and appropriate for a task


Priority 2

Accessibility 11.2.1 Identify the use of deprecated elements within the page


Priority 2

Accessibility 11.2.2 Identify the use of deprecated attributes within the page


Priority 2

Accessibility 11.3 Provide information to receive documents


Priority 3

Accessibility 11.4.1 Check for a 'Text Version' link within the page


Priority 1

Accessibility 11.4.2 Check for an 'Accessibility' link within the page


Priority 1




Accessibility 12.1 All FRAME elements are required to contain the title attribute


Priority 1

Accessibility 12.2 All FRAME elements are required to use the LONGDESC attribute


Priority 2

Accessibility 12.3 Divide large blocks of information into more manageable groups where natural and appropriate


Priority 2

Accessibility 12.4.1 Ensure that all LABEL 'FOR' attributes match another control


Priority 2

Accessibility 12.4.2 Associate labels explicitly with their controls (SELECT elements)


Priority 2

Accessibility 12.4.3 Associate labels explicitly with their controls (TEXTAREA elements)


Priority 2

Accessibility 13.1.1 Anchor elements are required not to use any of the defined link phrases in the link text


Priority 2


Links

Accessibility 13.1.2 All Anchor elements are required not to use the same link text to refer to different resources


Priority 2


Links

Accessibility 13.2.1 Pages are required to use the TITLE element


Priority 2

Accessibility 13.2.2 Provide metadata to add semantic information to pages and sites


Priority 2

Accessibility 13.3 Check for link to site map page within document


Priority 2

Accessibility 13.4 Use navigation mechanisms in a consistent manner


Priority 2

Accessibility 13.5 Provide navigation bars 3 WCAG 1.0 Guideline 13

Priority 3




Accessibility 13.6 Pages should contain a bookmark link to skip navigation


Priority 3

Accessibility 13.7 Provide different types of searches for search functions


Priority 3

Accessibility 13.8 Provide information at the beginning of headings, paragraphs, lists


Priority 3

Accessibility 13.9 Page collection information 3 WCAG 1.0 Guideline 13

Priority 3

Accessibility 13.10 Method to skip over multi-line ASCII art


Priority 3

Accessibility 14.1 Use the clearest and simplest language appropriate for a site's content


Priority 1

Accessibility 14.2 Graphic or auditory presentations for Text


Priority 3

Accessibility 14.3 Consistent presentation style


Priority 3

AltQuality

AltQuality 1.1 Validate that the alt text does not use the word "Image”

2 AltText Quality Report

AltQuality 1.2 Validate that the alt text does not contain the text: .jpg, .gif, .bmp, .jpeg


AltQuality 1.6 Validate that the alt text does not use the text "image”


AltQuality 2.1 Validate that Alternative Text is greater than 7 and less than 81 characters in length.


AltQuality 2.2 Validate that Alternative Text is not used to repeat words


Statistics

Statistics 2.0 Identify tables with summaries and captions

1 Accessibility Statistics




Statistics 5.1 Identify forms with unlabeled controls


Statistics 5.2 Identify forms not using TABINDEX attributes


Statistics 5.3 Identify forms not using ACCESSKEY attributes


Mobile

Mobile_ACCESS_KEYS.xcp Assign access keys to links in navigational menus and frequently accessed functionality.

2 Mobile Web Accessibility

Mobile_AVOID_FREE_TEXT.xcp Avoid free text entry where possible.


Mobile_BALANCE.xcp Provide a balance between having a large number of navigation links on a page and the need to navigate multiple links to reach content.


Mobile_CACHING.xcp Provide caching information in HTTP responses.


Mobile_DEFAULT_INPUT_MODE.xcp Specify a default text entry mode, language and/or input format, if the device is known to support it.


Mobile_ENCODING_SUPPORT.xcp Ensure that content is encoded using a character encoding that is known to be supported by the device.


Mobile_ERROR_MESSAGES.xcp Provide informative error messages and a means of navigating away from an error message back to useful information.


Mobile_IMAGE_RESIZING.xcp Resize images at the server, if they have an intrinsic size.


Mobile_IMAGE_SPECIFY_SIZE.xcp Specify the size of images in markup, if they have an intrinsic size.





Mobile_LARGE_GRAPHICS.xcp Do not use images that cannot be rendered by the device. Avoid large or high resolution images except where critical information would otherwise be lost.


Mobile_NO_FRAMES.xcp Do not use frames. 2 Mobile Web Accessibility

Mobile_PROVIDE_DEFAULTS.xcp Provide pre-selected default values where possible.


Mobile_SCROLLING.xcp Limit scrolling to one direction, unless secondary scrolling cannot be avoided.


Mobile_TABLES_NESTED.xcp Do not use nested tables. 2 Mobile Web Accessibility

Privacy Module


Privacy EMP1 W2 Form 2 FIP

PFI Employment Indicators

Privacy EMP2 Resume Indicator 2 FIP

PFI Employment Indicators

Privacy MnA1 Mergers and Acquisitions Text Identifier 2 SOC Mergers and Acquisitions

Privacy MnA2 Mergers and Acquisitions Content Terms

2 SOC Mergers and Acquisitions

Privacy MnA3 Acquisition Company Identifier 2 SOC Mergers and Acquisitions

Privacy MnA4 Due Diligence Identifier 2 SOC Mergers and Acquisitions

Privacy OMB M-10-22 1.0 Ensure that pages that set 3rd party single session cookies include a link to an appropriate privacy policy link (Tier 1).

1 OMB M-10-22 Tier 1

Privacy OMB M-10-22 2.0 Ensure that your privacy policy indicates Tier 1 Cookies are set.





Privacy OMB M-10-22 3.0 Ensure that pages not collecting PII that set 3rd party multi-session cookies have an appropriate Privacy Policy link (Tier 2).




Privacy OMB M-10-22 5.0 Ensure that pages collecting PII that set 3rd party multi-session cookies have an opt-in option and Privacy Policy link (Tier 3).




Privacy P1 Portfolio indicator 2 FIP

Privacy P1 Portfolio indicator 2 PFI Portfolio Indicators

Privacy PF1 Credit Card Indicator - AMEX 2 FIP

PFI Credit Card Indicators

Privacy PF10 Bank Account Indicator - Suntrust 2 FIP

PFI Bank Account Indicators

Privacy PF11 Bank Account Indicator - HSBC 2 FIP


Privacy PF12 Bank Account Indicator - Keybank 2 FIP


Privacy PF13 Bank Account Indicator - State Street 2 FIP


Privacy PF14 American Currency Indicator 2 FIP

PFI Currency Indicators

Privacy PF15 European Currency Indicator 2 FIP


Privacy PF16 British Currency Indicator 2 FIP





Privacy PF17 Japanese Currency Indicator 2 FIP


Privacy PF2 Credit Card Indicator - Visa 2 FIP


Privacy PF3 Credit Card Indicator - MasterCard 2 FIP


Privacy PF4 Credit Card Indicator - Discover 2 FIP

Privacy PF4 Credit Card Indicator - Discover 2 PFI Credit Card Indicators

Privacy PF5 Bank Account Indicator - Bank of America

2 FIP


Privacy PF6 Bank Account Indicator - Chase 2 FIP


Privacy PF7 Bank Account Indicator - Citigroup 2 FIP


Privacy PF8 Bank Account Indicator - Wachovia 2 FIP


Privacy PF9 Bank Account Indicator - Wells Fargo 2 FIP


Privacy PH1 Medical Terms 1 HIPAA Health Information Security

PHI Medical Diagnosis

Privacy PH2 Medical Billing Terms 1 HIPAA Health Information Security

PHI Medical Billing




Privacy PH3 Medical Provisions 1 HIPAA Health Information Security

PHI Medical Provisions

Privacy PO1 Purchase Order Term Indicator 2 SOC Purchase Order Indicators

Privacy PO2 Purchase Order Number Indicator 2 SOC Purchase Order Indicators

Privacy SOW1 Statement of Work 1 SOC Statement of Work Identifiers

Privacy SOW10 Delivery schedule 1 SOC Statement of Work Identifiers

Privacy SOW11 Time and materials 1 SOC Statement of Work Identifiers

Privacy SOW12 Fixed Cost 1 SOC Statement of Work Identifiers

Privacy SOW13 Currency 1 SOC Statement of Work Identifiers

Privacy SOW2 Solicitation Number 2 SOC Statement of Work Identifiers

Privacy SOW3 NDA Short 1 SOC Statement of Work Identifiers

Privacy SOW4 NDA Full 1 SOC Statement of Work Identifiers

Privacy SOW5 Acceptance and authorization 1 SOC Statement of Work Identifiers

Privacy SOW6 Payment terms 1 SOC Statement of Work Identifiers

Privacy SOW7 Professional services agreement 1 SOC Statement of Work Identifiers

Privacy SOW8 Project name 1 SOC Statement of Work Identifiers

Privacy SOW9 Client name 1 SOC Statement of Work Identifiers

Privacy WT1 Find IMG SRC Beacon URL 1 Web Tracking Beacons

Privacy WT10 NAI Non-Compliant Third Party Tracker 1 Web Tracking Network Advertising Initiative Compliance




Privacy WT11 NAI Compliant Third Party Tracker Web Tracking Network Advertising Initiative Compliance

Privacy WT2 Find SCRIPT SRC Beacon URL 1 Web Tracking Beacons

Privacy WT3 Find IFRAME SRC Beacon URL 1 Web Tracking Beacons

Privacy WT4 Find JavaScript Source Text Beacon URL 1 Web Tracking Beacons

Privacy WT5 OBA Tag Search - Red List 2 Web Tracking Beacons

Privacy WT6 OBA Tag Search - Yellow List 2 Web Tracking Beacons

Privacy WT7 OBA Tag Search - Green List 2 Web Tracking Beacons

Privacy WT8 OBA Tag Search - Google Analytics 2 Web Tracking Beacons

Privacy WT9 OBA Tag Search - Sharethis 2 Web Tracking Beacons

Privacy 1.1 Identify pages that do not contain a privacy policy link

2 HIPAA Openness, Transparency and Individual Choice

Privacy Policy Compliance

Web Privacy

Privacy 1.2 Validate that pages with forms also have a privacy policy link



Web Privacy

Privacy 1.2.1 Validate that pages with forms collecting personally identifiable information have a privacy policy link



Web Privacy

Privacy 1.3 Validate that pages with mailto links also have a privacy policy link






Web Privacy

Privacy 1.4 Validate all pages have a link to the P3P policy reference file

2 Privacy P3P Usage

Web Privacy

Privacy 1.5 Validate that P3P policy reference file exists in the root of the tested page's site

1 Privacy P3P Usage

Web Privacy

Privacy 1.6 Identify that the server is setting HTTP P3P

2 Privacy P3P Usage

Web Privacy

Privacy 2.1 Identify pages that use forms 3 HIPAA Collection, Use and Disclosure Limitations and Protections

Privacy Data Collection

Secure methods for data collection

Web Privacy

Privacy 2.2 Identify pages that use forms with GET method

2 HIPAA Collection, Use and Disclosure Limitations and Protections



Web Privacy

Privacy 2.2.1 Identify pages that use forms collecting personally identifiable information with a GET method




Web Privacy

Privacy 2.3 Identify INPUT elements on a page 3 HIPAA Collection, Use and Disclosure Limitations and Protections






Web Privacy

Privacy 2.4 Identify TEXTAREA elements on a page 3 HIPAA Collection, Use and Disclosure Limitations and Protections



Web Privacy

Privacy 2.5 Identify SELECT elements on a page 3 HIPAA Collection, Use and Disclosure Limitations and Protections



Web Privacy

Privacy 3.1 Identify possible image element web beacons

2 Privacy Visitor Tracking

Web Privacy

Privacy 3.2 Identify image input element web beacons


Web Privacy

Privacy 4.1 Identify all pages that set cookies 3 Privacy Visitor Tracking

Web Privacy

Web Tracking Cookies

Privacy 4.1a Validate that no 3rd party cookies are set

1 Web Privacy


Privacy 4.1b Validate that all cookies are session cookies (no expiry date).


Web Privacy


Privacy 4.2 Identify all pages with JavaScript that accesses or modifies cookies


Web Privacy


Privacy 4.3 Identify all input elements with an ONCLICK event that access or modify cookies


Web Privacy





Privacy 4.4 Identify all pages with an ONLOAD event that access or modify cookies


Web Privacy


Privacy 5.1 Identify External Links 2 Privacy 3rd Party Linking

Web Privacy

Privacy 7.1 Validate that forms collecting personally identifiable information are secure




Web Privacy

Privacy 7.1.1 Identify pages that use non-secure forms




Web Privacy

Privacy 7.2 Identify forms that are collecting personally identifiable information




Web Privacy

Privacy 7.3 Validate that pages with forms also have an opt-out link



Web Privacy




Privacy 7.3.1 Validate that forms collecting personally identifiable information also have an opt-out link



Web Privacy

Privacy 7.4 Validate that pages with mailto links also have an opt-out link



Web Privacy

Privacy 8.1 Identify possible inclusion of Social Security numbers on a page

1 COPPA

General Privacy

HIPAA Collection, Use and Disclosure Limitations and Protections

HIPAA Health Information Security

PII Social Security Number Indicators


Privacy PII




Privacy 8.2 Identify possible inclusion of Credit Card numbers on a page

1 General Privacy

HIPAA Collection, Use and Disclosure Limitations and Protections


PHI Medical Billing

PII Credit Card Indicators


Privacy PII

Privacy 9.1 Name 2 COPPA

General Privacy


PII Name Indicators

Privacy 9.2 Gender 2

Privacy 9.3 Email Address 2 COPPA

Privacy 9.4 Veteran Status 2

Privacy 9.5 Family Relationship Information 2

Privacy 9.6 Physical Address (US) 2 COPPA

General Privacy


PII Geography Indicators

Privacy PII

Privacy 9.7 Citizenship Status 2




Privacy 9.8 Telephone Number (US) 2 COPPA

General Privacy


PII Name Indicators

Privacy PII

Privacy 9.9 Criminal History 2

Privacy 9.10 Birth Date 2 COPPA

General Privacy


PII Age Indicators

PII Date Indicators

Privacy 9.11 Professional Licenses 2

Privacy 9.12 Marital Status 2

Privacy 9.13 Social Security Number (US) 1

Privacy 9.14 Social Insurance Number (Canada) 2

Privacy 9.15 National ID Card Number 2

Privacy 9.16 Issuing Country 2

Privacy 9.17 Driver’s License Number 2

Privacy 9.18 Passport Number 2

Privacy 9.19 Financial Information 2

Privacy 9.20 IP Address 2

Privacy 9.21 Zip Code (US) 2 COPPA

General Privacy






Privacy 9.22 Age 2 COPPA

General Privacy


PII Age Indicators

Privacy 9.23 Race 2

Privacy 9.24 Email Text 2 COPPA

General Privacy

PII Email Indicators

Privacy 9.25 Last Name 2 COPPA

General Privacy


PII Name Indicators

Privacy 9.26 First Name 2 COPPA

General Privacy


PII Name Indicators

Privacy 9.27 Middle Name or Initial 2 COPPA

General Privacy


PII Name Indicators

PII Email Indicators

Privacy PII

Privacy 9.28 Date of Admission 2

Privacy 9.29 Date of Discharge 2

Privacy 9.30 Date of Death 2 General Privacy

PII Date Indicators




Privacy 9.38 Month 2 General Privacy

PII Date Indicators

Privacy 9.39 Day of Week 2 General Privacy

PII Date Indicators

Privacy 9.40 Date Format Month Day Year 2 General Privacy

PII Date Indicators

Privacy 9.41 Date Format Day Month Year 2 General Privacy

PII Date Indicators

Privacy 9.42 Social Security Number Text 1 COPPA

General Privacy


PII Social Security Number Indicators

Privacy 9.43 US State Text 2 COPPA

General Privacy



Privacy 9.44 US State Abbreviation Text 2 COPPA

General Privacy






Privacy 9.45 ID Badge Number 2 COPPA

General Privacy


PII Custom Number, Characteristic, and/or Code Indicators

Privacy 9.46 Date Format mm-dd-yyyy 2

Privacy 9.47 Date Format dd-mm-yyyy 2

Privacy 9.48 Date Format dd-mm-yyyy or mm-dd- yyyy

2

Privacy 9.49 Phone Number Text 1 COPPA

General Privacy


PII Name Indicators

Privacy 9.50 Zip Code (US) 2

SiteQuality/SEO Module


SiteQuality 1.0 Validate all links 1 Compliance Insight Site Quality

HIPAA Data Quality, Integrity and Correction

Site Quality Link Validation

Site Quality Offensive Content




SiteQuality 2.0 Verify that page is available 1 Compliance Insight Site Quality


Site Quality Page Load Time

SiteQuality 3.0 Verify that page has not changed 1

SiteQuality 4.0 Verify that no resources on page have changed

1

SiteQuality 5.0 Verify that page has no spelling errors 1 Compliance Insight Site Quality


Site Quality Spell Check

SiteQuality 6.0 Verify that page does not contain any offensive words

1 Compliance Insight Site Quality


SEO 1.1 Validate minimum keywords length 1 SEO

SEO 1.2 Validate maximum keywords length 1 SEO

SEO 2.1 Validate minimum description length 1 SEO

SEO 2.2 Validate maximum description length 1 SEO

SEO 3.1 Validate that author tag is used 1 SEO

SEO 4.1 Validate that http-equiv="keywords" meta tag is NOT used

1 SEO

SEO 4.2 Validate that http-equiv="description" meta tag is NOT used

1 SEO

SEO 4.3 Validate that http-equiv="refresh" meta tag is NOT used

1 SEO

SEO 4.4 Validate that image alt text for images is being used properly

1 SEO

SEO 4.5 Validate keyword tag is not being used incorrectly

1 Compliance Insight SEO

Keywords

SEO 4.5 Validate keyword tag is not being used incorrectly

1 SEO

SEO 4.6 Validate the description tag is not being incorrectly


Description




SEO 4.6 Validate the description tag is not being incorrectly

1 SEO

SEO 5.1 Validate that title element exists and that it has valid content


Title

SEO 5.1 Validate that title element exists and that it has valid content

1 SEO

SEO 6.1 Verify Page Has Google Analytics Script 1 Compliance Insight SEO

Analytics

SEO 6.2 Verify Page Has Correct Tracking Code 1 Compliance Insight SEO

Analytics

OpSec Module


OpSec 1.1 Identify if there is a website purpose statement link

1 Operational Security

OpSec 1.2 Verify that all pages have a title, enabling title searching


OpSec 2.1 Privacy Policy Notice 1 Operational Security

OpSec 2.2 Security Practices/Policy Notice 1 Operational Security

OpSec 3.1 External Link Disclaimer 1 Operational Security

OpSec 3.2 Identify External Links 1 Operational Security

OpSec 4.1 All Web Pages should be free of third party content or advertising


OpSec 4.2 All Web Pages should be free of third party content or advertising - Links


OpSec 5.1 Operational Information - Lessons Learned Audit


OpSec 5.2 Operational Information - Military Information Audit


OpSec 5.3 Operational Information - Social Security Audit


OpSec 5.4 Operational Information - Date of Birth Audit


OpSec 5.5 Operational Information - Address Audit 1 Operational Security

OpSec 5.6 Operational Information - Telephone number Audit


OpSec 6.1 Technology Data - Schematic Audit 1 Operational Security




OpSec 6.2 Technology Data - Diagrams Audit 1 Operational Security

OpSec 6.3 Technology Data - Frequency Audit 1 Operational Security

OpSec 7.1 Relevant Information - Deployment Schedule Audit


OpSec 7.2 Relevant Information - Exercise Plan Audit


OpSec 7.3 Relevant Information - Contingency Plans Audit


OpSec 7.4 Relevant Information - Training Plans Audit


OpSec 7.5 Relevant Information - Inspection Results Audit


OpSec 7.6 Relevant Information - Biographies Audit


OpSec 7.7 Relevant Information - Family Support Activities Audit


OpSec 7.8 Relevant Information - Phone Directories Audit


OpSec 8.1 Confidential Information 1 Compliance Insight - Data Security

OpSec 8.2 Copywritten Information 1 Compliance Insight - Data Security

OpSec 8.3 Copyright Symbol 1 Compliance Insight - Data Security

OpSec 8.4 Salary Information 1 Compliance Insight - Data Security

OpSec 8.5 Password Information 1 Compliance Insight - Data Security

OpSec 8.6 Confidential Keywords 1 Compliance Insight - Data Security



4. Compiled checkpoints

Compiled checkpoints are programs built into the main library (HISCLIB.DLL) used by Compliance Sheriff’s

scanning engine.

These programs are created to deliver complex checks that cannot be easily performed using X-path or

regular expressions in checkpoint definitions.

The compiled checkpoint is activated within a normal checkpoint (using the function

“IfPagePassesCompiledCheck”) with its result (pass/fail) being used to determine the overall result of a

checkpoint.

For example, the definition for the checkpoint: Accessibility 12.4.1:

The table below lists the compiled accessibility checkpoints in Compliance Sheriff.

Note. Unless noted in the Short Description, the name of the compiled checkpoint is the Checkpoint where it is currently used.

Compiled Checkpoint

Short Description Priority Group Subgroup

Accessibility 12.4a Checks that the FOR attribute for each LABEL element, if it exists, matches the ID of a control on the page.

Used in checkpoint Accessibility 12.4.1


Priority 2

Accessibility 12.4b Checks that no two controls (INPUT, SELECT and TEXTAREA elements) share the same ID.

Used in checkpoint Accessibility 12.4.1


Priority 2

Accessibility 12.4c Look for headers (TD/TH element) and if headers are available try to find the id’s associated to header in TH element.

New compiled checkpoint that is added into the existing WCAG 2.0 checkpoint Accessibility20 H43.



Tables

Accessibility 13.1.2 Checks that no two links that point to different resources use the same link text. All Anchor elements are required not to use the same link text to refer to different resources.


Priority 2


Links



Compiled Checkpoint


Accessibility 3.5 Checks that heading elements are used correctly, i.e. that no levels are skipped, and that first header on page is highest level.

Use header elements to convey document structure and use them according to specification


Priority 2

Accessibility20 G145 Ensure that a contrast ratio of at least 3:1 exists between text (and images of text) and background behind the text.

The objective of this technique is to make sure that users can read text that is presented over a background. This technique relaxes the 5:1 contrast ratio requirement for text that is at least 18 point (if not bold) or at least 14 point (if bold).


Criterion 1.4.6


Contrast Ratio


The objective of this technique is to make sure that users can read text that is presented over a background. This technique goes beyond the 5:1 contrast technique to provide a higher level of contrast to make it easier for people with low vision to read.


Contrast Ratio

WCAG 2.0 AAA Criterion 1.4.6

Accessibility20 G18 Ensuring that a contrast ratio of at least 4.5:1 exists between text (and images of text) and background behind the text.

The objective of this technique is to make sure that users can read text that is presented over a background. For Success Criterion 1.4.3, this technique describes the minimum contrast ratio for text that is less than 18 point (if not bold) and less than 14 point (if bold). For Success Criterion 1.4.5, this technique relaxes the 7:1 contrast ratio requirement for text that is at least 18 point (if not bold) or at least 14 point (if bold).

If the background is a solid color (or all black or all white) then the relative luminance of the text can be maintained by making sure that each of the text letters have 4.5:1 contrast ratio with the background.


Contrast Ratio

WCAG 2.0 AA Criterion 1.4.3

Criterion 1.4.6



Compiled Checkpoint


Accessibility20 H2 Combine adjacent image and text links for the same resource

This objective of this technique is to avoid unnecessary duplication that occurs when adjacent text and iconic versions of a link are contained in a document.


Criterion 2.4.9

Mobile IMAGES_RESIZING

Resize images at the server, if they have an intrinsic size.

Images such as bitmaps have an intrinsic size. Telling the browser in advance what the size is avoids it having to re-flow the page when it receives it. Resizing images at the server reduces the amount of data transferred and the amount of processing the device has to carry out to scale the image.


Compliance Sheriff Technical Note Checkpoints and ... Sheriff...Technical note: Checkpoints and...

Documents

Transcript of Compliance Sheriff Technical Note Checkpoints and ... Sheriff...Technical note: Checkpoints and...