Alert Logic® Log Review™ directly or indirectly addresses requirements for multiple regulations and industry security standards. The following list identifies how Log Review maps to the specific requirements, rules, or guidelines in some of the most popular standards. Details for each requirement or mandate are available from the respective regulatory or standards bodies.
Log Review Compliance Matrix
Requirement |
SOX 404 |
HIPAA |
PCI DSS |
ISO |
Must provide a policy for Log Review | DSS05.05 | 164.308(a)(1)(i) | 10.6 | 5.1.1 6.1.1 |
Must provide a defined process for Log Review | DSS05.02 DSS05.05 |
164.308(a)(1)(ii)(D) | 10.2 10.3 10.6 |
12.4.1 |
Must review logs within a specified time period | DSS05.02 | 164.308(a)(1)(ii)(D) | 10.6.1 | 12.4.1 12.4.3 |
Review access events | DSS05.07 | 164.308(a)(5)(ii)(C) 164.308(a)(6)(1) |
10.2.2 10.2.4 |
9.4.2 9.4.4 12.4.1 12.4.3 |
Review change events | DSS05.04 | 164.312(b) | 10.2.2 10.2.5 10.2.7 |
9.2.1 9.2.2 9.2.3 12.4.1 12.4.3 |
Maintain logs and audit trail for extended durations | 164.316(b)(2)(i) | 10.7 | 12.4 16.1.7 |
Additional Standards Mappings
Mappings to the following specific requirements of other security standards are available upon request to the Alert Logic Customer Care team:
- AICPA SOC2 Trust Services Criteria (TSP Section 100)
- Control Objectives for Information and Related Technology (COBIT)
- Family Educational Rights and Privacy Act (FERPA)
- Federal Financial Institutions Examination Council (FFIEC)
- Financial Industry Regulatory Authority (FINRA)
- National Institute of Standards and Technology (NIST)
Comments
0 comments
Please sign in to leave a comment.