Jump to content

More compliance reports

Knightdragon89

By Knightdragon89
in Feature Requests

 Share

Recommended Posts

Knightdragon89 Apprentice

Knightdragon89

Posted
Posted

I would like to see more compliance reports in the reporting. The marketing page says there are compliance reports for NIST, PCI, HIPAA, NERC, and SOX; but I beg to differ.

 

There is an audit section in reporting, but not a section for compliance which can and usually is different than auditing.  Audit says show me what has been done. Complaince says show me the evidence thar you actually did something and not just say you did.

 

For example, if the requirement says all passwords must be changed every 90 days, don't just show me an audit of changed passwords, show me the last changed date of every password within a password list, or within all password lists contained within a folder. 

 

I'm having to meet NIST, NERC, and TSA compliance evidence reporting, and I'm having a difficult time doing so without writing reports using API, and even with the API its a challenge. I would love to see more compliance based reports in version 10, if possible. 

Link to comment
Share on other sites
support Experienced

support

Posted
Posted

Hi Jon,

 

Does the report "What passwords have not been used lately?" and the field "Last Updated" help at all?

 

Or maybe the report "What passwords have recently been reset?" and for the duration, specify "Report All Data"?

 

Regards

Click Studios

Link to comment
Share on other sites
Knightdragon89 Apprentice

Knightdragon89

Posted
  • Author
Posted

Its not enough to show what has or hasn't been used, that's an audit measurement. In compliance regulations set a measurement, for example all passwords within a teams control (all password lists under a root folder) has to be changed within 30 days of a member on the team leaving tbe team, and then you have a report which captures all accounts within the teams control (all password lists under the teams root folder) with the last updated date to prove all accounts under the team were changed within the required 30 days from separation.

 

Complianve reports prove the requirements were met. To say a password has or hasn't been changed is not enough for compliance. Compliance auditors want you to prove to them nothing was missed.

 

Link to comment
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...