The Sarbanes-Oxley Act (SOX) requires that publicly traded companies ensure their internal business processes are properly monitored and managed. Financial reporting processes are driven by IT systems, so they need to be configured securely and maintained properly. In addition, publicly traded companies must disclose material risks and incidents to the Securities and Exchange Commission (SEC) and investors. Penalties for noncompliance include civil fines up to several millions of dollars, cease-and-desist orders, and trading suspensions. Criminal penalties may apply for willfully certifying incorrect reports.
Below, learn more about SOX and how Rapid7 can help you achieve your compliance goals.
SOX Security Rule
PCI DSS Requirement | InsightVM & Managed VM | Insight IDR & MDR | InsightAppSec & Managed AppSec | InsightCloudSec | Metasploit | Consulting Services |
|---|
Requirement 1: Maintain firewall configuration to protect cardholder data | ✔ | ✔ | | ✔ | ✔ | ✔ |
Requirement 2: No vendor-supplied default system passwords or configurations | ✔ | | ✔ | ✔ | ✔ | ✔ |
Requirement 3: Protect stored cardholder data | | ✔ | | | | ✔ |
Requirement 4: Encrypt transmission of cardholder data over open networks | ✔ | | ✔ | | | ✔ |
Requirement 5: Protect systems against malware, regularly update antivirus programs | ✔ | ✔ | | | | ✔ |
Requirement 6: Develop and maintain secure systems and applications | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Requirement 7: Restrict access to cardholder data | ✔ | ✔ | ✔ | | | ✔ |
Requirement 8: Identify and authenticate access to cardholder data | ✔ | ✔ | ✔ | | ✔ | ✔ |
Requirement 9: Restrict physical access to cardholder data | | | | | | ✔ |
Requirement 10: Track and monitor all access to network resources and cardholder data | | ✔ | | | | ✔ |
Requirement 11: Regularly test security systems and processes | ✔ | ✔ | ✔ | | ✔ | ✔ |
Requirement 12: Maintain an information security policy for all personnel | | ✔ | | | | ✔ |
