Knightdragon89 Posted March 8, 2023 Share Posted March 8, 2023 I would like to see more compliance reports in the reporting. The marketing page says there are compliance reports for NIST, PCI, HIPAA, NERC, and SOX; but I beg to differ. There is an audit section in reporting, but not a section for compliance which can and usually is different than auditing. Audit says show me what has been done. Complaince says show me the evidence thar you actually did something and not just say you did. For example, if the requirement says all passwords must be changed every 90 days, don't just show me an audit of changed passwords, show me the last changed date of every password within a password list, or within all password lists contained within a folder. I'm having to meet NIST, NERC, and TSA compliance evidence reporting, and I'm having a difficult time doing so without writing reports using API, and even with the API its a challenge. I would love to see more compliance based reports in version 10, if possible. Link to comment Share on other sites More sharing options...
support Posted March 14, 2023 Share Posted March 14, 2023 Hi Jon, Does the report "What passwords have not been used lately?" and the field "Last Updated" help at all? Or maybe the report "What passwords have recently been reset?" and for the duration, specify "Report All Data"? Regards Click Studios Link to comment Share on other sites More sharing options...
Knightdragon89 Posted March 14, 2023 Author Share Posted March 14, 2023 Its not enough to show what has or hasn't been used, that's an audit measurement. In compliance regulations set a measurement, for example all passwords within a teams control (all password lists under a root folder) has to be changed within 30 days of a member on the team leaving tbe team, and then you have a report which captures all accounts within the teams control (all password lists under the teams root folder) with the last updated date to prove all accounts under the team were changed within the required 30 days from separation. Complianve reports prove the requirements were met. To say a password has or hasn't been changed is not enough for compliance. Compliance auditors want you to prove to them nothing was missed. Link to comment Share on other sites More sharing options...
support Posted March 14, 2023 Share Posted March 14, 2023 Okay thanks. Link to comment Share on other sites More sharing options...
Don Posted March 22, 2023 Share Posted March 22, 2023 +1 Link to comment Share on other sites More sharing options...
Jerryk Posted March 31, 2023 Share Posted March 31, 2023 +1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now