To use these policies, Symantec Enterprise Security Manager SU 19 or later is required for Symantec ESM 5.5 or Symantec ESM 6.0 managers and agents. The policies enable you to comply with the Sarbanes-Oxley Act by doing the following activities:
- Achieving and maintaining compliance as an ongoing process
- Reporting on the current state of compliance (e.g. for an audit or examination)
There are three policies per platform that address different aspects of the IT process that comply with the Sarbanes-Oxley Act. You can run the policies at different time intervals based on operational efficiencies:
- Change Notification policy (daily)
- Resource Review policy (weekly)
- Controls Compliance policy (biweekly)
Note: Sarbanes-Oxley support has been added for Oracle® and Microsoft SQL® databases.
File(s)
Windows
Download Symantec Enterprise Security Manager Policy Manual for the Sarbanes-Oxley Act for Windows (PDF)
Download Microsoft Windows 2000 Change Notification Policy Installer (EXE)
Download Microsoft Windows 2000 Resource Review Policy Installer (EXE)
Download Microsoft Windows 2000 Controls Compliance Policy Installer (EXE)
Download Microsoft Windows XP Change Notification Policy Installer (EXE)
Download Microsoft Windows XP Resource Review Policy Installer (EXE)
Download Microsoft Windows XP Controls Compliance Policy Installer (EXE)
Download Microsoft Windows Server 2003 Change Notification Policy Installer (EXE)
Download Microsoft Windows Server 2003 Resource Review Policy Installer (EXE)
Download Microsoft Windows Server 2003 Controls Compliance Policy Installer (EXE)
UNIX
Download Symantec Enterprise Security Manager Policy Manual for the Sarbanes-Oxley Act for UNIX (PDF)
Download IBM AIX versions 5.1 and 5.2 Change Notification Policy Installer (EXE)
Download IBM AIX versions 5.1 and 5.2 Resource Review Policy Installer (EXE)
Download IBM AIX versions 5.1 and 5.2 Change Notification Policy Installer (EXE)
Download Hewlett-Packard HP-UX versions 10.x and 11.x Change Notification Policy Installer (EXE)
Download Hewlett-Packard HP-UX versions 10.x and 11.x Resource Review Policy Installer (EXE)
Download Hewlett-Packard HP-UX versions 10.x and 11.x Controls Compliance Policy Installer (EXE)
Download Red Hat Linux Enterprise Server versions 2.1 and 3.0 Change Notification Policy Installer (EXE)
Download Red Hat Linux Enterprise Server versions 2.1 and 3.0 Resource Review Policy Installer (EXE)
Download Red Hat Linux Enterprise Server versions 2.1 and 3.0 Controls Compliance Policy Installer (EXE)
Download Sun Solaris versions 8 and 9 Change Notification Policy Installer (EXE)
Download Sun Solaris versions 8 and 9 Resource Review Policy Installer (EXE)
Download Sun Solaris versions 8 and 9 Controls Compliance Policy Installer (EXE)
Download SUSE Linux Standard Server version 8 Change Notification Policy Installer (EXE)
Download SUSE Linux Standard Server version 8 Resource Review Policy Installer (EXE)
Download SUSE Linux Standard Server version 8 Controls Compliance Policy Installer (EXE)
Description
The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act, was introduced as House Resolution 3763, passed by the 107th Congress, and signed into law by President George W. Bush on July 30th, 2002. The Sarbanes-Oxley Act is unlike other recently introduced regulations and standards that contain explicit security requirements relating to confidentiality, integrity and availability. The purpose of the law is to ensure accountability and integrity of the financial reporting process for public companies.
The Securities and Exchange Commission (SEC) is the regulatory body responsible for enforcing the Act.
The SEC requires organizations to select and implement an internal control framework. COSO has become the most commonly adopted framework. The Information Technology Governance Institute (ITGI) also defines relevant control objectives within CobiT.
These Symantec Enterprise Security Manager policies for the Sarbanes-Oxley Act assess compliance with many of the components of internal control in COSO and control objectives in CobiT that may be reviewed by your public auditor during your annual attestation of compliance required by the Sarbanes-Oxley Act.
Last modified on: Wednesday, 28-Jan-09 15:21:38
| 
