cloakware server password manager
compliance mapping
CSPM helps organizations comply with important industry regulations - including PCI, SAS-70, SOX, GLBA, and FISMA - as shown in the following table.
| Regulation | Description | Requirement areas addressed | How CSPM delivers compliance |
| Payment Card Industry (PCI) | Created by American Express, Discover, Mastercard, Visa and others to combat fraud, identity theft and other security issues within the credit card industry | Section 7. Restrict access to data by business need-to-know | 7.1 Limits access to computing resources and cardholder information to only those individuals whose job requires such access
7.2 Establishes a mechanism for systems with multiple users that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed |
| Section 8. Assign a unique ID to each person with computer access | 8.4 Ensures passwords are fully encrypted during transmission and storage, on all system components 8.5 Ensures proper user authentication and password management for non-consumer users and administrators, on all system components 8.5.8 Eliminates the wide-spread sharing of admin and application passwords and restricts users to only the access they need 8.5.9 Enables hard-coded application and privileged passwords to be changed every 90 days 8.5.16 Ensures access to any database containing cardholder information is authenticated. |
||
| Statement on Auditing Standards No. 70 (SAS-70) | Defines the physical and logical security requirements for service organizations such as hosted data centers, insurance claims processors, and credit processing companies | Access Controls Disaster Recovery |
Automates and manages the passwords associated with network devices (routers, firewalls), unattended applications and privileged accounts enables organizations to comply with several of the "high-risk" category items of the specification |
| Sarbanes Oxley (SOX) | Defines financial and accounting disclosure standards for corporations | Section 404: Management Assessment of Internal Controls which requires companies to assess any risk associated with information technology or internal process that may impact the accurate and timely reporting of financial information | Eliminates the accessibility to the critical passwords protecting this type of information Protects organizations against both external and internal malicious or casual threats to the accurate reporting of financial and accounting information |
| Gramm Leach Bliley (GLBA) | Provides privacy protections against the sale of personal private financial information | Financial Privacy Rule
Safeguards Rule Pretexting Provision |
Safeguards private data by allowing organizations to remove the human factor from the password change process, by eliminating clear text passwords to critical systems, and by allowing frequent changes to the passwords used to protect personal financial information stored in the organizations databases |
| Federal Information Security Management Act (FISMA) | Defines security requirements on government agencies for the purposes of improving federal information and information systems security | Account Management
Access Enforcement Access control Authentication Software and information integrity |
Eliminates the dissemination of admin and application passwords to former government sub-contractors and employees Enables regular password changes Eliminates the hard-coding of clear text passwords (passwords in the clear can be easily hacked) |