Sarbanes-Oxley (SOX)
The Sarbanes-Oxley Act of 2002 (SOX) applies to all organizations that
are publicly traded in the United States. Compliance was required for
larger public companies by June 15, 2004, and for smaller companies by
April 15, 2005. The Control Objectives
for Information and related Technology (COBIT) framework published by
the IT Governance Institute provides details to support the required IT
controls assessment and design activities to meet SOX requirements.
Diplomat Transaction Manager products can help you meet all of the COBIT delivery and support control objectives that pertain to encryption and secure file transfer solutions. With Diplomat products, you can:
- Easily schedule jobs to encrypt, decrypt, sign and verify files using PGP and securely transfer them using SFTP(SSH) and FTPS(TLS/SSL).
- Protect your file transfers with access control, authentication, and secure configuration features.
- Suspend file transfer jobs in one simple step.
- Monitor encryption and file transfer jobs with a real-time job monitor.
- Capture detailed data on each file transfer job in an audit trail database to demonstrate SOX compliance.
CobiT Delivery and Support Control Objectives
DS5 Ensure Systems Security |
Diplomat Features |
DS5.3 Identity Management: Ensure that all users and their activity on IT systems are uniquely identifiable. Enable user identities via authentication mechanisms. … Maintain user identities and access rights in a central repository. ... Establish user identification, implement authentication and enforce access rights. |
- Secure configuration
- Control access
- Authenticate users and processes
|
DS5.5 Security Testing, Surveillance and Monitoring: Test and monitor the IT security implementation in a proactive way. … A logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed. |
- Capture audit data
- Monitor file transfers
|
DS5.6 Security Incident Definition: Clearly define and communicate the characteristics of potential security incidents so they can be properly classified and treated by the incident and problem management process. |
|
DS5.7 Protection of Security Technology: Make security-related technology resistant to tampering, and do not disclose security documentation unnecessarily. |
- Control access
- Automate transfers
|
DS5.8 Cryptographic Key Management: Determine that policies and procedures are in place to organize the generation, change, revocation, destruction, distribution, certification, storage, entry, use and archiving of cryptographic keys to ensure the protection of keys against modification and unauthorized disclosure. |
|
DS5.10 Network Security: Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks. |
- Secure configuration
- Control access
- Automate transfers
|
DS5.11 Exchange of Sensitive Data: Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt, and non-repudiation of origin. |
|
|
