Video Screencast Help

FAQ: Is DRA SOX compliant?

Created: 16 Jul 2013 • Updated: 22 Jul 2013 | 1 comment
Kimberley's picture
This issue has been solved. See solution.

Here is a question that the DRA product team received, and thought it would be useful to share the answer with the community:

Is DRA SOX compliant?

Operating Systems:

Comments 1 CommentJump to latest comment

Kimberley's picture

Here is the response from the DRA product team:

Disaster Recovery Advisor provides a comprehensive and flexible security model, based on eight years of close work with those customers to meet any new security requirement and concern.

All security options are policy-based - multiple policies can be used if needed.   Some of the supported security options, relevant to SOX regulated environments are:

  • The ability to collect data indirectly
  • Disaster Recovery Advisor does not need establish any direct connection with SOX regulated servers.  Instead, it can use a trusted proxy (or “jump”) server
  • Disaster Recovery Advisor first performs authentication and authorization against the trusted server, and then executes data collection by that server
  • The ability to integrate with any existing privilege management tool (e.g., CA eTrust, PowerBroker, UPM)
  • The ability to integrate with password vaults so that no credential information is cached on disk (default is encrypted caching)
  • Support for one-time passwords (fully managed by DRA) and key-based authentication
  • Time limits can be applied for data collection

Thanks for participating in the community!