Sarbanes-Oxley (SOX) requires public companies in the US as well as foreign companies listed on US exchanges to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation.
Secure Shell for Public Companies Listed on US Exchanges
SSH Communications Security solutions address SOX compliance requirements by encrypting data-in-transit, controlling access to financial information and by monitoring encrypted channel traffic. We offer the only comprehensive platform enabling organization to meet SOX compliance requirements in their Secure Shell environment.
Summary of requirements from COBIT DS 5.1 – DS 5.21
- SOX/COBIT Requirements
Secure Shell Guidance
- Each user uniquely identified
Centralized mapping of Secure Shell identity keys to users and processes.
- Every user authenticated Ensure no shared logins for access to financial information.
- Active violation reporting and follow up
Continuous monitoring for Secure Shell access violations, unauthorized key set ups, configuration changes.
- Regular updates of user rights and attributes
Implement role based updates for users and process using Secure Shell.
- Restricted access to sensitive data
Implement access and command restrictions for Secure Shell users with access to sensitive data
- Protection from malicious software
Monitor and enforce use of approved Secure Shell software versions
- Defined procedures for security events
Ensure continuous monitoring and audit of Secure Shell sessions