| Standard |
Requirement |
| HIPAA |
Section 164.312(b):
"Audit controls. Implement hardware, software, and/or procedural mechanisms that
record and examine activity in information systems that contain or use
electronic protected health information."
|
| Sarbanes-Oxley |
Section 404(a)(2):
"...contain an assessment, as of the end of the most recent fiscal year of the issuer, of the
effectiveness of the internal control structure and procedures of the issuer for financial reporting."
|
| GLBA |
Section 6801(b)(1):
"...to insure the security and confidentiality of customer records and information..."
|
| FISMA |
Section 3544(b)(5):
"...periodic testing and evaluation of the effectiveness of information security policies,
procedures, and practices..."
|
| NIST 800-53 / FIPS 200 |
CA-7 Continuous Monitoring:
"The organization monitors the security controls in the information system on an ongoing basis."
|
| ITIL |
DS5.7: Security Surveillance:
"To ensure such a level of security, that the agreed availability of the infrastructure
and the IT services, as well as the business functions, is not compromised."
|
| COBIT |
DS5.7: Security Surveillance:
"IT security administration should ensure that security activity is logged and any indication of
imminent security violation is reported immediately to all who may be concerned, internally and
externally, and is acted upon in a timely manner."
|
| PCI |
Section 10.2.1:
"Implement automated audit trails to reconstruct the following events, for all system components...
all individual user accesses to cardholder data."
|
| 21CFR11 |
Section 11.10(e):
"Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of
operator entries and actions that create, modify, or delete electronic records."
|