SenSage - Enterprise Security Analytics
Download InfoDemoContact Us
Solutions: Compliance Auditing for FFIEC and GLBA

Compliance

Overview -

Sarbanes-Oxley -

Financial Services -

Health Services -

Government -

PCI DSS -

Telecommunications -

ISO 27002 -

Log Management

Clients

Download Information
Datasheets
Whitepapers
Solution Notes
Product Demos
Webcasts
Case Studies
Reviews
Compliance Analytics
Telecomm
SOX
HIPAA
FFIEC/GLBA
PCI
NISPOM
FISMA
ISO 27002

SenSage Compliance Auditing for Federal Financial Institutions Examination Council guidelines and the Gramm-Leach Bliley Act requirements

As a financial services organization, you know that you are required to keep consumer financial information confidential and safe. Guidelines from the Federal Financial Institutions Examination Council (FFIEC)  and regulations such as the Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act include provisions to protect consumers’ personal financial information held by financial institutions.

The GLB Act includes three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule that apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers.

SenSage has working with large Wall Street financial firms as well regional ones to develop out-of-the-box compliance solution that directly map to specific FFIEC and Gramm-Leach-Bliley Act audit requirements.

Audit Category Requirements Addressed by SenSage
Access Control (page 16) Logging and auditing the use of privileged access.
Public Key Infrastructure (PKI) (page 23)

Recording all significant events performed by the Certificate Authority (CA) in a secure audit log.

Reviewing exception reports and system activity by the CA’s employees on a routine basis to detect malfunctions and unauthorized activities.
DNS Servers, routers and switches (page 32) Restricting, logging and monitoring administrative access to these devices.
Firewalls (p 38) Restricting, logging and monitoring administrative access to these devices.
Operating systems (page 39)

Monitoring user or program access to sensitive resources, and alerting on security events.

Monitoring user or program access to sensitive system resources, including files, programs, processes, or operating system parameters.

Filtering logs for potential security events, and providing adequate reporting and alerting capabilities.

Activating and using operating system security and logging capabilities, and supplementing them with additional security software where supported by risk management process.

Restricting and logging access to system utilities, particularly those with data altering capabilities.

Monitoring operating system access by user, terminal, date, and time of access.
Applications (page 41)

Logging access and security events

Using software that enables rapid analysis of user activities.

Remote Access (page 43)

Monitoring remote access.

Monitoring the date, time, user, user location, duration, and purpose for all remote access.
© 2008 SenSage, Inc Terms of Use | Home | Company | Solutions | Products | Partners | News | Download Info | Contact Us | Sitemap | Support