Reports : PCI, SOX, and HIPAA reports
 
PCI, SOX, and HIPAA reports
FortiDB provides the following types of compliance reports to help you achieve compliance with both internal and external requirements:
Sarbanes-Oxley (SOX)
Payment Card Industry Data Security Standard (PCI DSS)
Health Insurance Portability & Accountability Act (HIPAA)
Some compliance reports must be generated weekly, monthly, or quarterly.
Table 14: PCI compliance report templates
Name
Description
Required option settings
PCI - Invalid Operation
Identifies failed access attempts. This should be reviewed on a periodic basis by IT.
Object Audit Options
PCI - Privileged User Action
Tracks all access/changes by the administrative accounts. The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management.
User Audit Options
PCI - System Object Operations
Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management.
Not required
PCI - Access to Credit Card tables
Tracks all access/changes by the administrative accounts . The administrative accounts need to be specified during the configuration stage. The report should be reviewed and commented on by appropriate management.
Object Audit Options
PCI - Successful/Unsuccessful Database Logins
Tracks all successful and failed logins.
Not required
Table 15: SOX compliance report templates
Name
Description
Required option settings
Abnormal or Unauthorized Changes to Data
This report shows all changes made to data by any account other than the application user account.
Object Audit Options or User Audit Options
Abnormal Termination of Database Activity
This report shows failed database processes (i.e. financial transactions or failed login attempts) originating from an application server.
Object Audit Options or User Audit Options
Abnormal Use of Service Accounts
This report shows service accounts and the associated or related transaction origins. For example, the use of service account from an origin other than the application server would be shown.
Object Audit Options or User Audit Options
End of Period Adjustments
This report shows changes to the general ledger at month-, quarter-, year-end.
Object Audit Options
History Of Privilege Changes
This report shows changes to user access rights that were elevated or lessened in the database over time.
Not required
Verification of Audit Settings
This report shows changes to configurable audit parameters.
Not required
Table 16: HIPAA compliance report templates
Name
Description
Required option settings
Privilege Changes
This report shows all user account additions, deletions, and changes.
Object Audit Options
Logins
This report shows all successful and failed login attempts.
Not required
Security Incident Procedures
This report shows what methods are used to communicate with external systems in case of security incidents.
Not required
Access to the Assessment Logs
This report shows all activities related to the assessment logs.
Not required
Access to EPHI Data
This report shows all access and and changes to the EPHI data made by any account.
Object Audit Options
User Privileges on EPHI Data
This report shows all users with access privileges for EPHI data.
Object Audit Options
Privilege Summary
This report shows all users with privileges.
Not required
Audit Controls
This report shows all audit settings.
Not required
 
You cannot use regulatory compliance reports to monitor activity at the column level.
See also
General steps for generating PCI, SOX, and HIPAA reports
Report: Abnormal Termination of Database Activity
Report: Abnormal or Unauthorized Changes to Data
Report: Abnormal Use of Service Accounts
Report: End of Period Adjustments
Report: History of Privilege Changes
Report: Verification of Audit Settings