Fortinet black logo

Handbook (HTML)

PCI, SOX, and HIPAA reports

Copy Link
Copy Doc ID 73ac471a-9afd-11ea-8862-00505692583a:797010

PCI, SOX, and HIPAA reports

FortiDB provides the following types of compliance reports to help you achieve compliance with both internal and external requirements:

  • Sarbanes-Oxley (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability & Accountability Act (HIPAA)

Some compliance reports must be generated weekly, monthly, or quarterly.

PCI compliance report templates
Name Description Required option settings
PCI - Invalid Operation Identifies failed access attempts. This should be reviewed on a periodic basis by IT. Object Audit Options
PCI - Privileged User Action Tracks all access/changes by the administrative accounts. The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. User Audit Options
PCI - System Object Operations Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. Not required
PCI - Access to Credit Card tables Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. Object Audit Options
PCI - Successful/Unsuccessful Database Logins Tracks all successful and failed logins. Not required

Name Description Required option settings
Abnormal or Unauthorized Changes to Data This report shows all changes made to data by any account other than the application user account. Object Audit Options or User Audit Options
Abnormal Termination of Database Activity This report shows failed database processes (i.e. financial transactions or failed login attempts) originating from an application server. Object Audit Options or User Audit Options
Abnormal Use of Service Accounts This report shows service accounts and the associated or related transaction origins. For example, the use of service account from an origin other than the application server would be shown. Object Audit Options or User Audit Options
End of Period Adjustments This report shows changes to the general ledger at month-, quarter-, year-end. Object Audit Options
History Of Privilege Changes This report shows changes to user access rights that were elevated or lessened in the database over time. Not required
Verification of Audit Settings This report shows changes to configurable audit parameters. Not required
HIPAA compliance report templates
Name Description Required option settings
Privilege Changes This report shows all user account additions, deletions, and changes. Object Audit Options
Logins This report shows all successful and failed login attempts. Not required
Security Incident Procedures This report shows what methods are used to communicate with external systems in case of security incidents. Not required
Access to the Assessment Logs This report shows all activities related to the assessment logs. Not required
Access to EPHI Data This report shows all access and and changes to the EPHI data made by any account. Object Audit Options
User Privileges on EPHI Data This report shows all users with access privileges for EPHI data. Object Audit Options
Privilege Summary This report shows all users with privileges. Not required
Audit Controls This report shows all audit settings. Not required
You cannot use regulatory compliance reports to monitor activity at the column level.
See also

PCI, SOX, and HIPAA reports

FortiDB provides the following types of compliance reports to help you achieve compliance with both internal and external requirements:

  • Sarbanes-Oxley (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability & Accountability Act (HIPAA)

Some compliance reports must be generated weekly, monthly, or quarterly.

PCI compliance report templates
Name Description Required option settings
PCI - Invalid Operation Identifies failed access attempts. This should be reviewed on a periodic basis by IT. Object Audit Options
PCI - Privileged User Action Tracks all access/changes by the administrative accounts. The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. User Audit Options
PCI - System Object Operations Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. Not required
PCI - Access to Credit Card tables Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management. Object Audit Options
PCI - Successful/Unsuccessful Database Logins Tracks all successful and failed logins. Not required

Name Description Required option settings
Abnormal or Unauthorized Changes to Data This report shows all changes made to data by any account other than the application user account. Object Audit Options or User Audit Options
Abnormal Termination of Database Activity This report shows failed database processes (i.e. financial transactions or failed login attempts) originating from an application server. Object Audit Options or User Audit Options
Abnormal Use of Service Accounts This report shows service accounts and the associated or related transaction origins. For example, the use of service account from an origin other than the application server would be shown. Object Audit Options or User Audit Options
End of Period Adjustments This report shows changes to the general ledger at month-, quarter-, year-end. Object Audit Options
History Of Privilege Changes This report shows changes to user access rights that were elevated or lessened in the database over time. Not required
Verification of Audit Settings This report shows changes to configurable audit parameters. Not required
HIPAA compliance report templates
Name Description Required option settings
Privilege Changes This report shows all user account additions, deletions, and changes. Object Audit Options
Logins This report shows all successful and failed login attempts. Not required
Security Incident Procedures This report shows what methods are used to communicate with external systems in case of security incidents. Not required
Access to the Assessment Logs This report shows all activities related to the assessment logs. Not required
Access to EPHI Data This report shows all access and and changes to the EPHI data made by any account. Object Audit Options
User Privileges on EPHI Data This report shows all users with access privileges for EPHI data. Object Audit Options
Privilege Summary This report shows all users with privileges. Not required
Audit Controls This report shows all audit settings. Not required
You cannot use regulatory compliance reports to monitor activity at the column level.
See also