Kimberley
12 years agoLevel 6
FAQ: Is DRA SOX compliant?
Here is a question that the DRA product team received, and thought it would be useful to share the answer with the community:
Is DRA SOX compliant?
Here is the response from the DRA product team:
Disaster Recovery Advisor provides a comprehensive and flexible security model, based on eight years of close work with those customers to meet any new security requirement and concern.
All security options are policy-based - multiple policies can be used if needed. Some of the supported security options, relevant to SOX regulated environments are:
- The ability to collect data indirectly
- Disaster Recovery Advisor does not need establish any direct connection with SOX regulated servers. Instead, it can use a trusted proxy (or “jump”) server
- Disaster Recovery Advisor first performs authentication and authorization against the trusted server, and then executes data collection by that server
- The ability to integrate with any existing privilege management tool (e.g., CA eTrust, PowerBroker, UPM)
- The ability to integrate with password vaults so that no credential information is cached on disk (default is encrypted caching)
- Support for one-time passwords (fully managed by DRA) and key-based authentication
- Time limits can be applied for data collection