Authentication Solutions - By Regulation
The Sarbanes-Oxley Act (SOX) requires publicly-traded companies to implement controls with respect to specific internal business processes. This necessitates having an outside auditor certify the accuracy of financial statements and performing an annual assessment of internal controls relating to the security of critical data, particularly financial information.
There are several components to SOX, but it clearly stipulates that organizations are required to establish an “adequate internal control structure,” including control over system access. Sections 302 and 404 of SOX specifically require CEOs and CFOs to ensure their business processes are under control.
Organizations that must comply with SOX need a password authentication and management solution that provides the following capabilities:
PistolStar’s Password Power and PortalGuard respond to the SOX compliance needs of publicly-traded companies by ensuring robust password authentication, controlled system access, and consistent enforcement of corporate security policies.
Both products provide single sign-on using Microsoft Active Directory and the added security of the Kerberos authentication protocol, allowing end-users to use one password one time to access numerous enterprise applications, directories and servers, such as Lotus Domino and Notes, IBM WebSphere and System i, SAP and Oracle.
Password Power and PortalGuard further simplify authentication management by enabling end-users to perform self-service password reset/recovery, permitting them to change only one password in one location and without requiring the assistance of the Help Desk. During the synching process, password security policies (e.g., password expiration and password quality) are automatically transferred to the other passwords, ensuring the coordination of disparate password policies.
PortalGuard also provides functionality that enables administrators to meet or exceed the authentication security requirements of SOX. Administrators can implement best practices such as requiring a username, password and challenge question response to gain access and multiple challenge questions for self-service password reset and recovery. Password rules can be established by person, group or hierarchy and enable/disable certain password behaviors. For example, administrators can configure the number of password strike-outs allowed for each user and receive an alert when a strike count is exceeded. They also have the ability to:
To summarize, Password Power and PortalGuard provide the following capabilities for satisfying the authentication and access management needs of regulatory compliance: