SQL Compliance Manager audits and identifies events that affect SQL Server objects and data. By selecting a specific regulation guideline set, SQL CM applies audit settings to your selected databases according the corresponding data security rules. This audited data is collected and securely stored for forensic analysis and reporting. SQL CM also provides tamper-proof data security features as well as methods for watching events without exposing account information.
You can apply a regulation guideline when you register a new SQL Server instance or audit a database though the Console or CLI. The following tables list each section of a regulation and the associated SQL Server events that SQL CM audits, as well as specific audit features.
Idera, Inc. customers have the sole responsibility to ensure their compliance with the laws and standards affecting their business. Idera, Inc. does not represent that its products or services ensures that customer is in compliance with any law. It is the responsibility of the customer to obtain legal, accounting, or audit counsel as to the necessary business practices and actions to comply with such laws. |
Section | Summary | Associated Audit Events and Features |
---|---|---|
99.2 | What is the purpose of these regulations? | Server Events:
|
99.31(a)(1) | School officials | Server Events:
|
99.31(a)(1)(ii) | Controlling access to education records by school | Server Events:
|
99.31(a)(2) | Student's new school | Server Events:
|
99.32(a)(1) | What record keeping requirements exist concerning requests and disclosures? | Server Events:
|
Section | Summary | Associated Audit Events and Features |
---|---|---|
164.306 (a, 2) | Security Standards | Server Events:
|
164.308 (1, i) | Security Management Process | Server Events:
|
164.308 (B) | Risk Management | Server Events:
|
164.308 (D) | Information System Activity Review | Server Events:
|
164.308 (3, C) | Termination Procedures | Server Events:
|
164.308 (5, C) | Implementation Specifications | Server Events:
|
164.312 (b) | Technical Standard | Server Events:
|
164.404 (a) (1) (2) | Security and Privacy | Server Events:
|
164.404 (c) (1) (A), (B) | Security and Privacy | Server Events:
|
HITECH 13402 (a) (f), (1), (2) | Notification In the Case of Breach | Server Events:
|
Section | Summary | Associated Audit Events and Features |
---|---|---|
8 | Assigning a unique identification (ID) to each person with access ensures that each individual is uniquely accountable for his or her actions. When such accountability is in place, actions taken on critical data and systems are performed by, and can be traced to, known and authorized users. | Server Events:
|
8.5.4 | Immediately revoke access for any terminated users. | Server Events:
|
10 | Track and monitor all access to network resources and cardholder data- Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without system activity logs. | See subsections |
10.1 | Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user). | Server Events:
|
10.2 | Implement automated audit trails for all system components to reconstruct the following events:
| Server Events:
|
10.3 | Record at least the following audit trail entries for all system components for each event:
| Server Events:
|
10.5 | Secure audit trails so they cannot be altered. | SQL CM Repository |
10.7 | Retain audit trail history for at least one year, with a minimum of three months online availability. | Enable archive and groom to retain Repository data for a minimum of one year |
Section | Summary | Associated Audit Events and Features |
---|---|---|
404 | A statement of management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and management's assessment, as of the end of the company's most recent fiscal year of the effectiveness of the company's internal control structure and procedures for financial reporting, Section 404 requires the company's auditor to attest to , and report on management's assessment of the effectiveness of the company's internal controls and procedures for financial reporting in accordance with standards established by the Public Company Accounting Oversight Board. (Source: Securities and Exchange Commission.)
| Server Events:
|
Idera Website | Products | Purchase | Support | Resources | Community | About Us | Legal |
---|