Displaying logo_final.jpg
EKC     PCS-DSS, HIPAA, and SOX
Compliance Solutions
E-SRF Access Analysis E-SRF Event Reporting F$recall
Who has access to data? What data can users access ?  Who can change access? Who has privileged access? What separated users still have access? Who is getting sensitive access? Who is attempting access not allowed? Who is accessing sensitive data?  Grant, revoke, log and manage privileged access 
Framework Focus Dataset and Resource Owners Reports Logonid Owners Reports Referenced Rules Access without Rules Cancelled/ Suspended Users Event Reports Resource Grouping PAM  Privileged Access Management
PCI Requirements    
7 Restrict Access to Cardholder Data                  
7.1 Access by RBAC  and Least Privilege        
7.2 Verify RBAC and Least Privilege Enforced  
8 Identify and Authenticate Access                  
8.1.2 Verify users have only authorized privileges.    
8.1.3 Remove access and privileges for terminated user.  
8.7 Verify direct access to databases is restricted.    
10 Track and Monitor Access                  
10.1 Log is Active and Identifies Users            
10.2 Verify all access, privilege changes, log access, and alteration is logged            
10.3 Verify logs contain logon id, action, and time/date stamp            
10.5 Prevent access to audit logs.  Audit log integrity checks and change detection.    
10.6 Log security events and detect suspicious activity.            
11 Test Security Systems and Processes                  
11.5 Deploy change detection and file integrity monitoring.            
HIPAA Standards and Implementation Specifications                  
164.308(a)(1)(ii)(D) Information system activity review            
164.308(a)(3)(i)  Ensure Appropriate Access      
164.308(a)(3)(ii)(B) Determine Role Based Access          
164.308(a)(3)(ii)(C) Termination Procedures          
164.308(a)(4)(i) Authorizing Access        
164.308(a)(4)(ii)(C) Establishing Access          
164.308(a)(5(ii)(C) Log-in Monitoring          
164.308(a)(6)(i) Security Incident Reporting            
164.308(a)(7)(ii)(C) Emergency Mode Operation          
164.308(a)(8) Periodic Evaluation  
164.312(a)(1) Access Control        
164.312(a)(1)(ii) Emergency Access Control          
164.312(b) Audit Controls            
164.312(c)(1) Data Integrity            
SOX 404  (PCAOB Standards)                  
Design and Effectiveness of Internal Controls      
Data processing integrity through segregation of duties.          
Access Control and Effectiveness