Skip to content
  • There are no suggestions because the search field is empty.

Compliance Reports: Sarbanes-Oxley Act of 2002 (SOX)

Sarbanes-Oxley Act of 2002 (SOX). Congress passed the Sarbanes-Oxley Act (SOX) in large part to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. Section 404 of Sarbanes-Oxley not only requires companies to establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis.

Dependencies

The SOX compliance reports have the following dependencies.

  • SA Rules:

    Access to Compliance Data Details

    Access to Compliance Data Summary

    Accounts Created

    Accounts Deleted

    Accounts Modified

    Admin Access to Compliance Systems Details

    Admin Access to Compliance Systems Summary

    Change in Audit Settings

    Group Management

    Logon Failures Details

    Logon Failures Summary

    Password Changes

    Password Changes Summary

    User Access Revoked

    User Access to Compliance Systems Details

    User Access to Compliance Systems Summary

  • SA Lists:

    Administrative Users

    Compliance Data

    Compliance Systems

  • App Rules:

    alm:cardholder-data

    account:created

    account:deleted

    account:modified

    account:logon-success

    config:change-audit-setting

    account:group-management

    account:logon-failure

    account:password-change

    access:user-access-revoked


Citations

The SOX compliance reports have the following Citations.

  • Report Rule: Accounts Created
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: Accounts Deleted
  • Citation Number: SOX 404; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1
  • Citation Description: Management assessment of internal controls; An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.

  • Report Rule: Accounts Modified
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: Group Management
  • Citation Number: SOX 404; ISO 27002 - 11.1.1, 11.2.2, 11.4.6, 11.6.1
  • Citation Description: Management assessment of internal controls; An access control policy should be developed and should state the access control rules and rights for all users and groups. Both logical and physical access controls should be used.

  • Report Rule: User Access to Compliance Systems - Top 25
  • Citation Number: Sox 404; ISO 27002 -11.5.1
  • Citation Description: Management assessment of internal controls.; All successful and unsuccessful logon attempts should be recorded.

  • Report Rule: Account Management
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: Admin Access to Compliance Systems - Detail
  • Citation Number: Sox 404; ISO 27002 - 10.10.4
  • Citation Description: Management assessment of internal controls; All activities by System Administrators and System Operators should be logged.

  • Report Rule: Admin Access to Compliance Systems - Top 25
  • Citation Number: Sox 404; ISO 27002 - 10.10.4
  • Citation Description: Management assessment of internal controls; All activities by System Administrators and System Operators should be logged.

  • Report Rule: Change in Audit Settings
  • Citation Number: SOX 404; ISO 15408-2
  • Citation Description: Management assessment of internal controls; The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed.

  • Report Rule: Access to Compliance Data - Detail
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: Access to Compliance Data - Top 25
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: Logon Failures - Detail
  • Citation Number: SOX 404; ISO 27002 - 11.5.1
  • Citation Description: Management assessment of internal controls; All successful and unsuccessful logon attempts should be recorded.

  • Report Rule: Logon Failures - Top 25
  • Citation Number: SOX 404; ISO 27002 - 11.5.1
  • Citation Description: Management assessment of internal controls; All successful and unsuccessful logon attempts should be recorded.

  • Report Rule: Password Changes - Detail
    Password Changes - Top 25
  • Citation Number: SOX 404
  • Citation Description: Management assessment of internal controls.

  • Report Rule: User Access Revoked
  • Citation Number: SOX 404; ISO 27002 - 11.2.1
  • Citation Description: Management assessment of internal controls; Users who have changed jobs or left the organization should have their access rights removed immediately.

  • Report Rule: User Access to Compliance Systems - Detail
  • Citation Number: Sox 404; ISO 27002 -11.5.1
  • Citation Description: Management assessment of internal controls.; All successful and unsuccessful logon attempts should be recorded.

docFeedback.png

You are here
Table of Contents > Compliance Reports: Sarbanes-Oxley Act of 2002 (SOX)