The Sarbanes-Oxley Act (SOX) was signed into law in 2002 in response to major corporate accounting scandals that cost investors billions of dollars. It ushered in significant legislative changes around maintaining the security of confidential financial disclosures. The stated objective of the Act is: “to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.”
Relevant to cyber security, SOX requires that organizations maintain internal controls to ensure that data is available only to individuals who require access. Organizations must also verify the effectiveness of SOX controls. Furthermore, deficiencies of the internal controls must be identified and their vulnerabilities corrected.
SOX Compliance – Sections 302 and 404
SOX section 302 mandates a set of internal procedures designed to ensure accurate financial disclosure. Section 404 of SOX requires management to report on the adequacy of the company’s internal control over sensitive financial data.
Lieberman RED – Rapid Enterprise Defense Identity Management directly addresses sections 302 and 404 of SOX compliance, making it easier for you to pass a SOX audit:
|RED Identity Management Feature||Sarbanes-Oxley Compliance Benefit|
|Create unique local passwords for every system||Correlate unique IDs to each user to prove who accessed an account and when|
|Frequently randomize local administrator passwords on every system||Protect private data by preventing one decrypted local password from providing unrestricted network access|
|Grant delegated users the ability to recover current local passwords||Control administrative privileges and ensure that only authorized users can access sensitive data|
|Audit all password operations including logons, recoveries and changes||Generate, analyze, and share audit-ready security reports|
|Secure passwords with SSL encryption of data to the browser, AES-256 encryption of data in the database, and optional hardware-based encryption||Prevent administrator and root passwords from being accessed and utilized by unauthorized users|
|Verify that the local passwords assigned to each system are still functional||Conduct periodic audits of user privileges|
Contact us today for more information on how we can help you achieve your Sarbanes-Oxley compliance requirements.