Overview
The Settings page lets you manage your user profile, view account security information, and check the STP application configuration and OSF compliance status.
Profile
Update your personal details:
- First Name and Last Name — your display name throughout the application
- Email — your login email address
Click Save Changes to update your profile.
Account Security
This section shows your current security status:
- Role — your account role (User or Admin)
- Last Sign In — when you last logged in
- Sign In IP — the IP address of your last login
- Sign In Count — total number of times you've logged in
- Account Created — when your account was created
- Two-Factor Auth — whether MFA is enabled (click Manage to set up)
- API Tokens — number of active API tokens (click Manage to view)
Changing Your Password
Use the password reset page (linked in the Account Security section) to change your password. For security, password changes are handled through email verification.
STP Configuration
Shows the current application configuration:
- Application Version — the Beeswax STP version
- STP Phase — currently Phase 2 (PAYEVNT.0004)
- Rails Environment — Production, Staging, or Development
- Ruby/Rails Versions — the runtime versions
- Database — MySQL
OSF Compliance Status
Displays the implementation status of all 12 OSF (Operational Security Framework) control areas required for ATO Digital Service Provider registration:
| Control | Description |
|---|---|
| Audit Logging | 12-month retention policy |
| Multi-Factor Authentication | TOTP with backup codes |
| Security Certification | OWASP ASVS L2 self-assessment |
| Data Hosting | AWS Sydney (ap-southeast-2) |
| Encryption Key Management | AWS KMS |
| Encryption at Rest | AES-256 (RDS encryption) |
| Encryption in Transit | TLS 1.2+ enforced |
| Entity Validation | ABN validation + ATO credentials |
| Personnel Security | Access controls |
| Security Monitoring | CloudWatch + alerts |
| Supply Chain Visibility | Open-source dependencies audited |
| Third-Party Add-on Marketplace | Not applicable |
Each control shows one of: Implemented, Pending, Planned, or Not Applicable.