New Encrypted Supplemental Question Downloadable Text Field
Problem Statement or Business Need
College requested the ability to implement a secure, encrypted supplemental question in the Standard Application. Currently, all college-defined supplemental questions are non-encypted (in transit, at rest, and when stored); this makes it a security risk to request and collect certain personal information from students in the application. For example, if the college wanted to set up a text question that required the student to enter a password alternative, or provide financial information, the data would not be secure in the download file, as well as the Report Center for all staff to see. In order to collect private information, CCCApply should develop a type of supplemental question that is encrypted and secured during data collection, data storage, and reporting.
Proposed Solution
A new, secure EncryptedText supplemental question type was developed to give colleges the ability to collect passwords and other sensitive data via supplemental question (text input field only). Data collected would be encrypted during transit and at rest. Technical specifications:
Requirements Summary
# | Description |
---|---|
1 | New supplemental question type should leverages the same encryption schema as used for Social Security Numbers and password fields |
2 | Data must be encrypted during transit (in-progress database to submitted application database to download file) and at rest (stored) |
3 | Field must have the ability to use a regular express (regex) and accept a validation |
4 | The encrypted text should be decrypted just prior to download and sent to download client over an SSL encrypted channel |
5 | The value should be written to the college download file in plain text |
Change Specifications
Develop a data field leveraging the same encryption schema used for Social Security Numbers and password fields
Ensure data is encrypted in transit and at rest
Ensure data field can read regex and accept validation
Ensure data text is encrypted prior to download
Send encrypted data to Download Client over secure SSL channel
Ensure data values can be downloaded in plain text
Top
Changes to Data Download File
Implementation of the encrypted, secure supplemental question text field is optional. To implement the ability to add a secure, encrypted supplemental question (text input type only), the college would need to update their Download Client transfer client jar file to the latest version. In addition, the college would design the question and data field using XML and add the new field to their current download Format file. If the college determines that the supplemental question should be a required field on their application, they must configure error validation logic, and the client (student) error message(s), clearly to ensure the student understands which field is required and that the focus is put on the field after the student closes (clicks OK) to the error message pop-up modal.
Update Download Client Jar Files
To add an EncryptedText supplemental question type to your download file, you must update your download format with the latest version of the Download Client jar files. Information and instructions can be found in the CCCApply Download Client User Guide.
For more information and instructions on creating supplemental questions, please see the Working with Supplemental Questions User Guide (Note: Clicking the link automatically starts the PDF download).
Changes to Logic
There are no changes to the residency logic as a result of this change request. However, colleges that implement a required secure supplemental question must ensure that field error validation logic is accurate and documented correctlyl. (This new data field is optional.)
Top
Supporting Documentation
Below is additional documentation (i.e., CCCCO legal opinions, residency and/or education code citations, legislation citations, supplemental information, etc.) to be referenced in support of this change request.
Description | File or Link |
---|---|
Working with Supplemental Questions User Guide | https://cccnext.jira.com/wiki/download/attachments/67043584/WorkingWithSupplementalQuestions.pdf?version=3&modificationDate=1432856615153&api=v2 |