News

RSA Readying Sarbanes-Oxley, HIPAA Compliance Package

RSA Security announced Wednesday that it will ship in June a tool to help IT organizations that are already using the company’s event-logging software to comply with new rules required by the Sarbanes-Oxley Act, HIPAA and other regulations.

RSA Reporting & Compliance Manager provides centralized reporting capabilities aimed at helping customers of RSA ClearTrust more easily comply with the security requirements associated with regulations emanating from recently enacted laws. Reporting and Compliance Manager leverages ClearTrust’s logging capabilities to provide auditing and reporting functions that let organizations report on both past and present access policies, and on user behavior, according to a company statement.

The new package features both pre-built and customizable reports. “RSA Reporting & Compliance Manager interprets log events generated by RSA ClearTrust software and provides consolidated, easy to customize, and exportable reports that can help administrators easily answer complex 'who, when, how, and why' audit questions about user access and authorization” the statement says.

The pre-built reports include ones for policy reports that show who has access to information and applications, policy change reports that demonstrate how an access policy changed over time, including the administrators who made the changes, activity reports that identify who accessed what and when, and intrusion reports documenting unsuccessful access attempts.

Reporting and Compliance Manager consists of four main components. The event collector gathers runtime event logs and administrative event logs from other RSA products, including ClearTrust. A report scheduler generates reports at scheduled intervals, while a reporting console provides charting and reporting functions, with drill-down, filtering and reporting customization capabilities. Finally, a compliance database contains report templates, and data generated from running templates, as well as captured log events from other RSA products.

RSA Reporting & Compliance Manager supports Windows, Solaris and Linux platforms, as well as Oracle and Microsoft SQL Server databases (the same versions that RSA ClearTrust supports). Additionally, ClearTrust 5.5.x is required.

About the Author

Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services, and .NET magazines.

Featured