SOX Newbie Questions 2883
-
Excuse my ignorance but I really feel Im jumping in at the deep end here.
My particular area of interest is the SOX compliance structure for the issuance of passwords within a bank.
Where do the rules originate from? In order for an organization to be SOX compliant with regard to the issuance of passwords? Would it be internal security department or does SOX have it’s own rules?
These passwords would be for a variety of platforms from Root down.
Can anyone give me some ideas?
-
There are no SOX requirements particular to a bank or related to password structure. Passwords controls would be more related to insustry-accepted standards (minimum length, usage of alpha, numeric, special characters, upper/lower case, etc.). Generally, banks are subject to a tighter set of rules on controls, which, if followed, would be acceptable for SOX purposes.
-
… Generally, banks are subject to a tighter set of rules on controls, which, if followed, would be acceptable for SOX purposes.
Thanks again Mike I did expand on my situation in your other reply but I am interested in where this tight set of rules would come from and to what extent they would or wouldn’t be acceptable to a SOX auditor.