Eventia Compliance Reports
Eventia Compliance Reports, available in Eventia Reporter, enable enterprises to report on their regulatory compliance posture. Eventia Compliance Reports have been mapped to relevant requirements within the PCI, SOX, HIPAA, COBIT, and ISO 17799 regulations and standards.
Eventia Compliance Report |
PCI |
SOX (COBIT controls) |
COBIT |
ISO 17799 |
HIPAA |
|---|---|---|---|---|---|
Alert Risks |
1. Install and maintain a firewall configuration to protect cardholder data |
DS5.10 Network Security | DS5.5 Security Testing surveillance and monitoring DS5.10 Network Security PO9.3 Event Identification |
10.10.1 Audit Logging 10.10.2 Monitoring System Use 13.1.1 Reporting information security events |
164.308(a)(1)(ii)(D) Log, monitor and review activity Information 164.308(a)(6)(ii) Response to anomaly events and report and document them |
| Attacks | 1. Install and maintain a firewall configuration to protect cardholder data 11. Regularly test security systems and processes |
DS5.10 Network Security | DS5.5 Security testing, surveillance and monitoring DS5.10 Network Security PO9.3 Event Identification |
10.10.1 Audit logging 10.10.2 Monitoring System Use 13.1.1 Reporting information security events 13.1.2 Reporting security weaknesses |
164.308(a)(1)(ii)(D) Log, monitor and review activity Information 164.308(a)(6)(ii) Response to anomaly events and report and document them |
| Viruses | 5 Use and regularly update antivirus software or programs | DS5.9 Malicious software prevention, detection and correction | DS5.9 Malicious software prevention, detection and correction | 10.4.1 Controls against malicious code 10.4.2 Controls against mobile code |
164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software |
| Failed login | 7. Restrict access to data by business need-to-know 10. Track and monitor all access to network resources and cardholder data |
DS5.5 Security testing, surveillance and monitoring | DS5.5 Security testing, surveillance and monitoring PO9.3 Event identification |
10.10.1 Audit logging 10.10.2 Monitoring system use 10.10.4 Administrator and operator logs 13.1.1 Reporting Information Security Events |
164.308(a)(5)(ii)(C) Log-in Monitoring and reporting activities |
| Blocked Connections | 1. Install and maintain a firewall configuration to protect cardholder data | DS5.10 Network Security | DS5.5 Security testing, surveillance and monitoring DS5.10 Network Security |
10.6.1 Network controls 10.10.2 Monitoring system use |
164.308(a)(1)(i) Security Management Process: Implement policies and procedures to prevent, detect, contain, and correct security violations 164.308(a)(1)(ii)(D) Log, monitor and review activity Information |
| Policy Installations | 6. Develop and maintain secure systems and applications | AI6.1 Change standards and procedures AI6.4 Change status tracking and reporting | AI6.1 Change standards and procedures AI6.3 Emergency Changes AI6.4 Change status tracking and reporting |
10.1.2 Change management |
164.312(a)(1) Access control restrictions to Health information 164.308(a)(4)(ii)(B) Multi layer access authorization to health information |
| Successful Logins | 10. Track and monitor all access to network resources and cardholder data 12. Maintain a policy that addresses information security |
DS5.5 Security testing, surveillance and monitoring | PO9.3 Event identification DS5.5 Security testing, surveillance and monitoring |
10.10.1 Audit logging 10.10.2 Monitoring system use |
164.308(a)(5)(ii)(C) Log-in Monitoring and reporting activities |
| End Point Security Compliance | 1. Install and maintain a firewall configuration to protect cardholder data 5. Use and regularly update antivirus software or programs |
DS5.5 Security testing, surveillance and monitoring DS5.9 Malicious software prevention, detection and correction |
DS5.5 Security testing, surveillance and monitoring DS5.9 Malicious software prevention, detection and correction |
10.4.1 Controls against malicious code 10.10.2 Monitoring System Use |
164.308(a)(1)(i) Security Management Process: Implement policies and procedures to prevent, detect, contain, and correct security violations 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software 164.312(a)(1) Access control restrictions to Health information |
| Blocked Programs End-point reporting | 1. Install and maintain a firewall configuration to protect cardholder data 5. Use and regularly update antivirus software or programs |
DS5.5 Security testing, surveillance and monitoring DS5.9 Malicious software prevention, detection and correction |
DS5.5 Security testing, surveillance and monitoring DS5.9 Malicious software prevention, detection and correction |
10.4.1 Controls against malicious code 10.10.2 Monitoring System Use |
164.308(a)(1)(i) Security Management Process: Implement policies and procedures to prevent, detect, contain, and correct security violations 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software 164.312(a)(1) Access control restrictions to Health information |
| MailSaife End-Point | 5. Use and regularly update antivirus software or programs | DS5.9 Malicious software prevention, detection and correction | DS5.9 Malicious software prevention, detection and correction | 10.4.1 Controls against malicious code | 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software |
| Spyware end-point | 5. Use and regularly update antivirus software or programs | DS5.9 Malicious software prevention, detection and correction | DS5.9 Malicious software prevention, detection and correction | 10.4.1 Controls against malicious code | 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software |
| List of Added Dynamic Rules | 6. Develop and maintain secure systems and applications | AI6.1 Change standards and procedures AI6.3 Emergency Changes AI6.4 Change status tracking and reporting |
AI6.1 Change standards and procedures AI6.3 Emergency Changes AI6.4 Change status tracking and reporting |
10.1.2 Change management 10.6.1 Network Controls |
164.308(a)(1)(ii)(D) Log, monitor and review activity Information |
| Quarantine Hosts | 5. Use and regularly update antivirus software or programs | DS5.9 Malicious software prevention, detection and correction | DS5.9 Malicious software prevention, detection and correction | 10.4.1 Controls against malicious code | 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software |
| GTP Firewall Security Alerts | 1. Install and maintain a firewall configuration to protect cardholder data 5. Use and regularly update antivirus software or programs |
DS5.10 Network Security | DS5.5 Security Testing surveillance and monitoring DS5.10 Network Security PO9.3 Event Identification |
10.10.1 Audit Logging 10.10.2 Monitoring System Use 13.1.1 Reporting information security events |
164.308(a)(1)(ii)(D) Log, monitor and review activity Information 164.308(a)(6)(ii) Response to anomaly events and report and document them |
| Malicious code Protector | 5. Use and regularly update antivirus software or programs | DS5.9 Malicious software prevention, detection and correction | DS5.9 Malicious software prevention, detection and correction | 10.4.1 Controls against malicious code | 164.308(a)(5)(ii)(B) Protect, detect and report on Malicious Software |
| Application layer reporting | 1. Install and maintain a firewall configuration to protect cardholder data | DS5.10 Network Security | DS5.5 Security Testing surveillance and monitoring DS5.10 Network Security PO9.3 Event Identification |
10.6.1 Network controls 10.10.2 Monitoring system use |
164.308(a)(1)(i) Security Management Process: Implement policies and procedures to prevent, detect, contain, and correct security violations 164.308(a)(1)(ii)(D) Log, monitor and review activity Information |
| System Information | DS3.2 Current performance and capacity | 10.3.1 Capacity management | |||
| FireWall-1 Memory Information | DS3.2 Current performance and capacity | 10.3.1 Capacity management |
Compliance Source Information:
ISO 17799: ISO/IEC 17799 Second Edition 2005
COBIT: Control Objectives for Information Technology (COBIT) version 4.1
PCI - DSS: Payment Card Industry (PCI) – Data Security Standards (DSS) version 1.1 September 2006
SOX - COBIT: Mapped to COBIT using the Common Objectives for Sarbanes-Oxley (COSO Second Addition 2006)
HIPAA: Health Insurance Portability and Accountability Act of 1996 (HIPAA)
