|
Organizations in the United States that meet specific industry or financial requirements are subject to government-imposed standards such as Sarbanes-Oxley (SOX) or HIPAA.
Additionally, organizations worldwide are often required to adhere to similar government-imposed standards, or adopt process-based standards such as ITIL or COBIT.
Active Directory stores and protects vital IT components that organizations use to secure and control access to organizational IT resources whose protection falls under the purview of demonstrating regulatory compliance.
For example, in order to demonstrate SOX compliance, organizations need to accurately document the identities of all personnel who possess the ability to reset the Chief Financial Officer's (CFO's) password.
Similarly, organizations need to document the identities of all personnel who possess the ability to modify the membership of all security groups that are being used to control access to financial documents, portals or databases that fall under the purview of these compliance regulations.
In effect, in order to demonstrate regulatory compliance, organizations need to assess and document the identities of all personnel who possess the ability to perform specific administrative tasks on specific IT assets stored in and protected by Active Directory.
This section helps IT managers and IT administrators understand what aspects of Active Directory access they need to cover to demonstrate compliance and shows them exactly how to demonstrate the compliance of access rights in Active Directory.
|
