SOX – Lists
List Name | List Description | Type | List ID |
|---|---|---|---|
SOX: Data Loss Prevention | This list includes production data loss prevention devices, including LogRhythm Data Loss Defender. | Log Source | -2498 |
SOX: File Integrity Monitors | This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. | Log Source | -2497 |
SOX: Backup Servers-Systems | This list should be populated with any production system or server that facilitates backup or recovery processes to support disaster recovery, redundancy, or backup procedures. | Log Source | -2496 |
SOX: Network Access Control Systems | This list should be populated with production systems that enforce access controls. Examples include: VPN servers, WAP, LDAP, Active Directory, Dial-In Servers, etc. | Log Source | -2495 |
SOX: Malware Prevention Systems | This list should be populated with production systems that generate malware detection & prevention logs. Examples: anti-virus and spyware detection/prevention systems. | Log Source | -2494 |
SOX: Physical Security Systems | This list is to be populated and periodically updated according to physical security systems in-scope for the organization. | Log Source | -2493 |
SOX: Network Security Systems | This list should be populated with production network security systems (firewalls, intrusion detection/prevention systems, proxies, load balancers, routers, and firewalls). | Log Source | -2492 |
SOX: Test Servers-Systems | This list should be populated with any server or system that is utilized in a test setting and facilitates change management prior to a migration to a production environment. This should align with entity structure. | Entity | -2491 |
SOX: Production Servers- Systems | This list should be populated with any server or system that is utilized in a production setting, but is not classified as critical in nature. This should align with entity structure | Entity | -2490 |
SOX: Critical Servers-Systems | This list should be populated with any server or system classified as critical where financial data resides or is processed through transactions. Further any servers or systems containing proprietary data should be considered as critical. This should align with entity structure classifications. | Entity | -2489 |
SOX: Terminated Accounts | This list should be populated and periodically updated with those accounts classified as terminated through the user access management process. List updates should build off existing periodic access review results. | User | -2488 |
SOX: Shared Accounts | This list should be populated and periodically updated with those accounts where multiple users may utilize the shared account. List updates should build off existing periodic access review results. | User | -2487 |
SOX: Default & Generic Accounts | This list includes pre-populated or known default accounts, but should also be populated with other default or generic accounts within the organization’s environment. List updates should build off existing periodic access review results. | User | -2486 |
SOX: Vendor Accounts | This list should be populated and periodically updated with those accounts classified as vendor or third-party related with access to your environment. List updates should build off existing periodic access review results. | User | -2485 |
SOX: HR Payroll Accounts | This list should be populated and periodically updated with those accounts classified as HR or Payroll related. List updates should build off existing periodic access review results. | User | -2484 |
SOX: TST Privileged Accounts | This list should be populated and periodically updated with those accounts classified as privileged (ability to migrate changes from test to production). | User | -2483 |
SOX: PRD Privileged Accounts | This list should be populated and periodically updated with those accounts classified as privileged in nature within the production environment. | User | -2482 |
SOX: Business User Accounts | This list should be populated and periodically updated with those accounts belonging to Business Users within your environment. List updates should build off existing periodic access review results. | User | -2481 |
SOX: IT User Accounts | This list should be populated and periodically updated with those accounts belonging to IT personnel. List updates should build off existing periodic access review results. | User | -2480 |