Date: Thu, 28 Mar 2024 23:10:30 +0000 (UTC) Message-ID: <93211359.69459.1711667430224@ip-10-0-1-26.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_69458_1548078998.1711667430220" ------=_Part_69458_1548078998.1711667430220 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
SQL Compliance Manager audits and identifies events that affect = SQL Server objects and data. By selecting a specific regulation guidel= ine set, SQL CM applies audit settings to your selected databases according= the corresponding data security rules. This audited data is collected and = securely stored for forensic analysis and reporting. SQL CM also provides t= amper-proof data security features as well as methods for watching events w= ithout exposing account information.
You can apply a regulation guideline when you register a new SQL Server instance or= audit a da= tabase though the Console or CLI. The following tables list each sectio= n of a regulation and the associated SQL Server events that SQL CM audits, = as well as specific audit features.
Idera, Inc. customers have the sole responsibility to ensure their compl= iance with the laws and standards affecting their business. Idera, Inc. doe= s not represent that its products or services ensures that customer is in c= ompliance with any law. It is the responsibility of the customer to obtain = legal, accounting, or audit counsel as to the necessary business practices = and actions to comply with such laws.
Section | Summary | Associated Audit Events and Features |
---|---|---|
99.2 |
What is the purpose of these regulati=
ons? |
Server Events:
|
99.31(a)(1) |
School officials |
Server Events:
|
99.31(a)(1)(ii) |
Controlling access to education recor=
ds by school | Server Events:
|
99.31(a)(2) |
Student's new school |
Server Events:
|
99.32(a)(1) |
What record keeping requirements exis=
t concerning requests and disclosures? |
Server Events:
|
Section | Summary | Associated Audit Events and Features |
---|---|---|
164.306 (a, 2) |
Security Standards |
Server Events:
|
164.308 (1, i) |
Security Management Process =
|
Server Events:
|
164.308 (B) |
Risk Management |
Server Events:
|
164.308 (D) |
Information System Activity Review |
Server Events:
|
164.308 (3, C) |
Termination Procedures |
Server Events:
|
164.308 (5, C) |
Implementation Specifications |
Server Events:
|
164.312 (b) |
Technical Standard |
Server Events:
|
164.404 (a) (1) (2) |
Security and Privacy |
Server Events:
|
164.404 (c) (1) (A), (B) |
Security and Privacy |
Server Events:
|
HITECH 13402 (a) (f), (1), (2) |
Notification In the Case of Breach |
Server Events:
|
Section | Summary | Associated Audit Events and Features |
---|---|---|
8 |
Assigning a unique identification (ID) to eac= h person with access ensures that each individual is uniquely accountable f= or his or her actions. When such accountability is in place, actions taken = on critical data and systems are performed by, and can be traced to, known = and authorized users. |
Server Events:
|
8.5.4 |
Immediately revoke access for any terminated = users. |
Server Events:
|
10 |
Track and monitor all access to network resou= rces and cardholder data- Logging mechanisms and the ability to track user = activities are critical. The presence of logs in all environments allows th= orough tracking and analysis if something does go wrong. Determining the ca= use of a compromise is very difficult without system activity logs. |
See subsections |
10.1 |
Establish a process for linking all access to= system components (especially access done with administrative privileges s= uch as root) to each individual user). |
Server Events:
|
10.2 |
Implement automated audit trails for all syst= em components to reconstruct the following events:
|
Server Events:
|
10.3 |
Record at least the following audit trail ent= ries for all system components for each event:
|
Server Events:
|
10.5 |
Secure audit trails so they cannot be altered= . |
SQL CM Repository |
10.7 |
Retain audit trail history for at least one y= ear, with a minimum of three months online availability. |
Enable archive and groom to retain Repository= data for a minimum of one year |
Section | Summary | Associated Audit Events and Features |
---|---|---|
404 |
A statement of management's responsibility fo=
r establishing and maintaining an adequate internal control structure and p=
rocedures for financial reporting; and management's assessment, as of the e=
nd of the company's most recent fiscal year of the effectiveness of the com=
pany's internal control structure and procedures for financial reporting, S=
ection 404 requires the company's auditor to attest to , and report on mana=
gement's assessment of the effectiveness of the company's internal controls=
and procedures for financial reporting in accordance with standards establ=
ished by the Public Company Accounting Oversight Board. (Source: Securities=
and Exchange Commission.)
|
Server Events:
|