PCI, SOX, and HIPAA reports
FortiDB provides the following types of compliance reports to help you achieve compliance with both internal and external requirements:
- Sarbanes-Oxley (SOX)
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability & Accountability Act (HIPAA)
Some compliance reports must be generated weekly, monthly, or quarterly.
PCI compliance report templates
PCI - Invalid Operation |
Identifies failed access attempts. This should be reviewed on a periodic basis by IT. |
Object Audit Options |
PCI - Privileged User Action |
Tracks all access/changes by the administrative accounts. The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. |
User Audit Options |
PCI - System Object Operations |
Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. |
Not required |
PCI - Access to Credit Card tables |
Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. |
Object Audit Options |
PCI - Successful/Unsuccessful Database Logins |
Tracks all successful and failed logins. |
Not required |
Abnormal or Unauthorized Changes to Data |
This report shows all changes made to data by any account other than the application user account. |
Object Audit Options or User Audit Options |
Abnormal Termination of Database Activity |
This report shows failed database processes (i.e. financial transactions or failed login attempts) originating from an application server. |
Object Audit Options or User Audit Options |
Abnormal Use of Service Accounts |
This report shows service accounts and the associated or related transaction origins. For example, the use of service account from an origin other than the application server would be shown. |
Object Audit Options or User Audit Options |
End of Period Adjustments |
This report shows changes to the general ledger at month-, quarter-, year-end. |
Object Audit Options |
History Of Privilege Changes |
This report shows changes to user access rights that were elevated or lessened in the database over time. |
Not required |
Verification of Audit Settings |
This report shows changes to configurable audit parameters. |
Not required |
HIPAA compliance report templates
Privilege Changes |
This report shows all user account additions, deletions, and changes. |
Object Audit Options |
Logins |
This report shows all successful and failed login attempts. |
Not required |
Security Incident Procedures |
This report shows what methods are used to communicate with external systems in case of security incidents. |
Not required |
Access to the Assessment Logs |
This report shows all activities related to the assessment logs. |
Not required |
Access to EPHI Data |
This report shows all access and and changes to the EPHI data made by any account. |
Object Audit Options |
User Privileges on EPHI Data |
This report shows all users with access privileges for EPHI data. |
Object Audit Options |
Privilege Summary |
This report shows all users with privileges. |
Not required |
Audit Controls |
This report shows all audit settings. |
Not required |
|
You cannot use regulatory compliance reports to monitor activity at the column level. |
See also