.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Bill 198 empowers the Ontario Securities Commission to develop guidelines to protect investors in public Canadian companies by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.
Dependencies
The Bill 198 compliance reports have the following dependencies.
- SA Rules:
Accounts Created
Accounts Deleted
Accounts Modified
Group Management
Password Changes
Password Changes Summary
User Access Revoked
Admin Access to Compliance Systems Details
Admin Access to Compliance Systems Summary
Access To Compliance Data Details
Access to Compliance Data Summary
User Access to Compliance Systems Details
User Access to Compliance Systems Summary
Logon Failures Details
Logon Failures Summary
Change in Audit Settings
- App Rules:
account:created
account:deleted
account:modified
account:group-management
access:user-access-revoked
account:password-change
account:logon-failure
config:change-audit-setting
account:logon-success
alm:cardholder-data
Citations
The Bill 198 reports have the following Citations.
- Report Rule: Accounts Created
- Citation Number: Bill 198
- Citation Description:
- Report Rule: Accounts Deleted
- Citation Number: Bill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1
- Citation Description: An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.
- Report Rule: Accounts Modified
- Citation Number: Bill 198
- Citation Description:
- Report Rule: Group Management
- Citation Number: Bill 198; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1
- Citation Description: An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.
- Report Rule: Account Management
- Citation Number: Bill 198
- Citation Description:
- Report Rule: Admin Access to Compliance Systems - Detail
- Citation Number: Bill 198; ISO 27002 - 10.10.4
- Citation Description: All activities by System Administrators and System Operators should be logged.
- Report Rule: Admin Access to Compliance Systems - Top 25
- Citation Number: Bill 198; ISO 27002 - 10.10.4
- Citation Description: All activities by System Administrators and System Operators should be logged.
- Report Rule: Change in Audit Settings
- Citation Number: Bill 198; ISO 15408-2
- Citation Description: The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed.
- Report Rule: Access to Compliance Data - Detail
- Citation Number: Bill 198
- Citation Description:
- Report Rule: Access to Compliance Data - Top 25
- Citation Number: Bill 198
- Citation Description:
- Report Rule: Logon Failures - Detail
- Citation Number: Bill 198; ISO 27002 - 11.5.1
- Citation Description: All successful and unsuccessful logon attempts should be recorded.
- Report Rule: Logon Failures - Top 25
- Citation Number: Bill 198; ISO 27002 - 11.5.1
- Citation Description: All successful and unsuccessful logon attempts should be recorded.
- Report Rule: Password Changes - Detail
Password Changes - Top 25 - Citation Number: Bill 198
- Citation Description:
- Report Rule: User Access Revoked
- Citation Number: Bill 198; ISO 27002 - 11.2.1
- Citation Description: Users who have changed jobs or left the organization should have their access rights removed immediately.
- Report Rule: User Access to Compliance Systems - Detail
- Citation Number: Bill 198; ISO 27002 -11.5.1
- Citation Description: All successful and unsuccessful logon attempts should be recorded.
- Report Rule: User Access to Compliance Systems - Top 25
- Citation Number: Bill 198; ISO 27002 -11.5.1
- Citation Description: All successful and unsuccessful logon attempts should be recorded.
