Compliance Automation Summary Execute any of six ( **INCLUDED AT NO CHARGE**) pre-packaged compliance report packs for PCI DSS, Sarbanes-Oxley; HIPAA; NERC CIP; GLBA/FFIEC; and FISMA (all are customizable) or create your own ad-hoc compliance reports in real-time.
Increasing Security Compliance Demands Most enterprises must now adhere to multiple government and industry regulations, and IT governance frameworks such as CoBIT and ITIL that require the collection, archival, and reporting of log data.
One of the biggest challenges with collecting this log data is that the information required comes from various systems in different formats and represented in different ways. In addition, the quality and detail of the reporting solutions provided by vendors in support of the audit requirements supporting these regulations and frameworks vary widely.
To address these challenges LogMatrix has developed “ Collectors ” that enable the collection and archiving of virtually any type of log data.
In addition, we created six highly detailed Compliance Report Packs to help our customers quickly support their regulatory initiatives. These report packs are provided to our customers at NO CHARGE.
The data provided in these reports are mapped to specific regulations, identified controls, and/or the information contained in prescriptive documents (see below for more detail) – mappings done by experienced compliance experts on behalf of LogMatrix.
These reports can be used “as is” or modified for your specific policies. As a result, our Compliance Report Packs enable you to spend less time collecting, organizing, and reporting on the log data required to support your compliance initiatives.
LogMatrix Compliance Report Packs support the following regulations and control frameworks: Sample Report Menu:  Sample Mappings: 
Sample Report: 
LogMatrix Mapping Approach PCI DSS: Mappings were derived directly from the PCI DSS standard v1.2. Sarbanes-Oxley (SOX): The IT General Controls (ITGC's) for SOX are derived from the CobIT standard since there are no prescriptive controls for SOX. NERC CIP: The mapping was done based on controls specified in nine (CIP 001 to CIP 009) NERC-CIP (Critical Infrastructure Protection) standards as there is no prescriptive document (e.g. a NIST publication) that specifies detailed control requirements as is the case with HIPAA and FISMA. HIPAA: Follows the NIST Guide (SP-800-66) for implementing the HIPAA Security Rule - Oct 2008. FISMA: The mapping has been done based on the NIST 800-53 Publication - Recommended Security Controls for Federal Information Systems and Organizations (dated August 2009). GLBA/FFIEC: The GLBA/FFIEC mapping has been done based on Tier 1 and Tier 2 examination procedures as specified in the Appendix A of the FFIEC Information Security Handbook
|