Sarbanes-Oxley (SOX)

Encrypting Data-in-Transit

Sarbanes-Oxley (SOX) requires public companies in the US as well as foreign companies listed on US exchanges to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation.

Secure Shell for Public Companies Listed on US Exchanges

SSH Communications Security solutions address SOX compliance requirements by encrypting data-in-transit, controlling access to financial information and by monitoring encrypted channel traffic. We offer the only comprehensive platform enabling organization to meet SOX compliance requirements in their Secure Shell environment.

The Overview

Summary of requirements from COBIT DS 5.1 – DS 5.21

  • SOX/COBIT Requirements

    Secure Shell Guidance

  • Each user uniquely identified

    Centralized mapping of Secure Shell identity keys to users and processes.

  • Every user authenticated Ensure no shared logins for access to financial information.
  • Active violation reporting and follow up

    Continuous monitoring for Secure Shell access violations, unauthorized key set ups, configuration changes.

  • Regular updates of user rights and attributes

    Implement role based updates for users and process using Secure Shell.

  • Restricted access to sensitive data

    Implement access and command restrictions for Secure Shell users with access to sensitive data

  • Protection from malicious software

    Monitor and enforce use of approved Secure Shell software versions

  • Defined procedures for security events

    Ensure continuous monitoring and audit of Secure Shell sessions