Sarbanes Oxley version 1.0
| Scorecard | Audience | Description |
|---|---|---|
Data Access
|
Operations |
SOX Monitor Network Activity assesses whether the appropriate parties have access to data. This scorecard presents trended metrics results tracking user access, and evidences the presence of logs within an organization. |
|
SOX Access Management
|
Operations |
SOX Access Management examines the organization's control over provisioning access to information systems. This scorecard presents trended metrics results compared to user-definable policy for account provisioning and deprovisioning activity, idle accounts, and account status. |
|
SOX Anti-Virus
|
Operations |
SOX Anti-Virus assesses whether the organization's anti-virus software and virus definitions are current on SOX systems. This scorecard presents trended metrics results for coverage of assets, and configuration of anti-virus software. |
|
SOX Data at Rest
|
Operations |
SOX Data at Rest assesses the organization's protection of stored data. This scorecard presents trended metrics results for fully encrypted devices, devices exempt from encryption, encryption capacity, and data retention time. |
|
SOX Data in Motion
|
Operations |
SOX Data in Motion assesses the organization's protection of data in transit. This scorecard displays trended metrics results for email encryption, transaction encryption, and certificate management. |
|
SOX Firewall Configuration
|
Operations |
SOX Firewall Configuration assesses firewall coverage and firewall traffic. This scorecard presents trended metrics results for hosts behind a firewall, hosts exempt from firewall coverage, and percentage of inbound and outbound traffic denied by firewalls. |
|
SOX Network Testing
|
Operations |
SOX Network Testing assesses the effectiveness of the organizations vulnerability scanning. This scorecard presents trended metrics results for average time since last scan, and adherence to scanning within user-definable policy. |
|
SOX Physical Access
|
Operations |
This scorecard presents information regarding policies and management of physical access to customer data. |
|
SOX Security Policies
|
Operations |
This scorecard presents information regarding policies for system usage, data monitoring, and incident response. |
|
SOX Unique ID
|
Operations |
SOX Unique ID evaluates the organization's management of access to accounts. This scorecard presents trended metrics results for accounts with passwords, password strength, password age, and failed logins. |
|
SOX Vendor Defaults
|
Operations |
SOX Vendor Defaults addresses the use of vendor default configurations on network systems. This scorecard presents policy information regarding the testing and configuration of systems to eliminate vendor defaults. |
|
SOX Vulnerability and Patch Management
|
Operations |
SOX Vulnerability and Patch assesses the organization's patching control systems. This scorecard presents trended metrics results for patch management coverage, patch efficiency, and residual risks due to unpatched hosts. |