The Sarbanes-Oxley Act of 2002 requires that public companies implement IT controls to assure the accuracy of company financial records. These controls must include IT processes that provide for the security of data, central management of user accounts and the ability to audit and report on both internal and external file transfers.
Sarbanes-Oxley does not define the specifics as to how these controls must be implemented, therefore many companies and SOX auditors have adopted the COBIT (Control Objectives for Information and Related Technology) standard for use in documenting, defining and evaluating internal controls.
JSCAPE MFT Server when used properly may satisfy many of these COBIT controls and assist you in meeting your Sarbanes-Oxley requirements. These controls and the corresponding solutions offered by JSCAPE MFT Server have been identified in the table below.
COBIT Standards
| COBIT | Description | Solution |
|---|---|---|
| DS1.5 | Monitoring and Reporting | JSCAPE MFT Server includes a reporting module that may be used to quickly generate reports on all server activity. |
| DS5.1 | Remote Management | JSCAPE MFT Server includes management software allowing for the secure remote control and management of users and server configuration from any location. |
| DS5.3 | Identity Management | JSCAPE MFT server may easily be configured to authenticate users against central user repositories such as LDAP, Active Directory and JDBC relational databases. |
| DS5.4 | User Account Management | JSCAPE MFT Server provides a user-friendly interface for managing users and user permissions. Using JSCAPE MFT Server administrators can suspend accounts, define expiration dates for accounts and enforce secure connections when accessing system resources. |
| DS5.5 | Abnormal Activity Detection | JSCAPE MFT Server may automatically disable accounts or block IP addresses of clients that attempt to authenticate unsuccessfully too many times within a defined period. Should an account or IP be blocked, JSCAPE MFT Server may capture these events and notify system administrators via email. All server activity is automatically logged for audit and reporting purposes. |
| DS5.7 | Protection of Security Technology | JSCAPE MFT Server encrypts any sensitive information that may be found in server configuration files. |
| DS5.8 | Cryptographic Key Management | JSCAPE MFT Server includes a key manager application for the creation and management of encryption keys. |
| DS5.10 | Network Security | JSCAPE MFT Server supports various secure file transfer protocols including FTPS (FTP over SSL), HTTPS, SFTP (FTP over SSH) and SCP (Secure Copy) in order to encrypt data as it is sent over the network. In addition, JSCAPE MFT Server includes the ability to define IP access rules in order to further lock down account access. |
| DS5.11 | Exchange of Sensitive Data | JSCAPE MFT Server supports OpenPGP encryption ensuring that data can only be read by the intended recipient. Origin of data may be easily authenticated by verifying the data signature against the senders public-key. |
| DS11.5 | Backup and Restoration | JSCAPE MFT Server user account data may be securely stored in a relational database or directory for easy backup and restoration. |
| DS11.6 | Data Security | JSCAPE MFT Server can automatically encrypt data as it is uploaded to the server using OpenPGP encryption, ensuring that data is protected while at rest. |
| DS13.2 | Job Scheduling | JSCAPE MFT Server includes support for triggers that may be used in order to automate processes in response to server events. Time based triggers may be created to automate routine functions on a scheduled basis. |