Generating Compliance Reports


 

EventLog Analyzer lets you generate the following pre-defined reports to help meet the requirements of PCI-DSS, FISMA, HIPAA, GLBA, and SOX regulatory compliance acts:

Click the Compliance Reports link to see the different reports available for each act. These reports are available under the Compliance Reports section in the Reports tab and the left navigation pane.

 

Click the Compliance Reports link to view the details and descriptions of the default compliance and the selected list of reports, configure new or existing compliance. You can find this link on the Reports menu of the sub-tab. Clicking the Compliance Reports link opens the Compliance Reports page. On the right side top of the page, + New Compliance link is present. With the + New Compliance link, you can add a new compliance and select a set of reports for the compliance. With Edit Compliance link, you can edit the default compliance available in the EventLog Analyzer. The Compliance Reports page displays the default and custom compliance reports with description and the respective sections/controls of the act covered. Click the Compliance report of your choice.

 

The chosen Compliance Report page displays the overview of the Compliance in pi graph format, its description and the report details.

You can click on the graph to get one level drill down of number of events information of reports of the group. In the next level drill down click the number of events link of the reports in the group to get the exact raw logs

It provides Change Report instant menu option on top of overview itself, to change the Compliance or the specific report of interest to be displayed.

It provides Change Host instant menu option on top of overview itself, to change the Host Group or the specific host of interest to be displayed.

It provides Schedule Report instant menu option on top of overview itself, to schedule the displayed compliance report. You also have Export to: PDF, CSV icons to export the report currently being viewed to the selected format.

 

EventLog Analyzer Support for adding more reports to the existing list of default reports with Help More Reports? Tell us here link, all the reports selected for the compliance and their description. Clicking on the compliance report, displays all the selected reports of the compliance in the <Compliance Name> Compliance Report page. Clicking on the individual report under a compliance, displays the selected report of the compliance in the <Compliance Name> Compliance Report page.

 

PCI Compliance Reports

Requirement 10 of Payment Card Industry Data Security Standard (PCI-DSS) requires payment service providers and merchants to track and report on all access to their network resources and cardholder data through system activity logs.

 

EventLog Analyzer provides the following reports under various groups to help organizations to comply with the PCI regulations. The following reports cover Requirements 10.1, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.6, 10.2.7

All these reports are accessible from the PCI Compliance Reports section.

 

FISMA Compliance Reports

Federal Information Security Management Act (FISMA) mandates minimum security requirements for the federal government and related agencies. The requirements are covered in FIPS Publication 200, Minimum Security Requirements for Federal Information Systems in seventeen security-related areas. Federal agencies must meet the requirements as defined herein through the use of the security controls in accordance with NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, as amended. The following controls are covered in the reports:

EventLog Analyzer provides the following reports under various groups to help comply with the FISMA regulation controls:

All these reports are accessible from the FISMA Compliance Reports section.

 

HIPAA Compliance Reports

The Health Insurance Portability And Accountability (HIPAA) regulation impacts those in healthcare that exchange patient information electronically. HIPAA regulations were established to protect the integrity and security of health information, including protecting against unauthorized use or disclosure of the information.

 

As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. In other words being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.

 

EventLog Analyzer provides the following reports under various groups to help comply with the HIPAA regulations:

All these reports are accessible from the HIPAA Compliance Reports section.

Sarbanes-Oxley Compliance Reports

Section 404 of the Sarbanes-Oxley (SOX) act describes specific regulations required for publicly traded companies to document the management’s “Assessment of Internal Controls” over security processes.

 

Although the exact requirements of Sarbanes-Oxley are a bit vague, as part of the requirements, it can be assumed that a security management process must exist in order to protect against attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations. In other words, being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive financial information.

 

EventLog Analyzer provides the following reports under various groups to help comply with the SOX regulations:

All these reports are accessible from the SOX Compliance Reports section.

GLBA Compliance Reports

Section 501 of the GLBA documents specific regulations required for financial institutions to protect “non-public personal information”.

 

As part of the GLBA requirements, it is necessary that a security management process exists in order to protect against attempted or successful unauthorized access, use, disclosure, modification, or interference of customer records. In other words being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive customer information.

 

EventLog Analyzer provides the following reports under various groups to help comply with the GLBA regulations:

All these reports are accessible from the GLBA Compliance Reports section.

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine