TABLE OF CONTENTS:
• Installation and Planning
• Compliance Monitoring, Auditing, and Reporting
• Internal Application Security and Setup Options
• Automatic, Batch, and Manual Assessment Availability
Today's security requirements can overwhelm even the most organized IT department. Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) auditors demand proof of compliance on critical systems.
Powertech Compliance Monitor eases the burden of compliance, allowing programmers, analysts, and system managers to return to revenue-producing projects.
Use this checklist to see how your current method compares.
| INSTALLATION AND PLANNING | Current Method | Compliance Monitor |
| 100% IBM i-based, with no external servers or client software required | ✓ | |
| Wizard-guided installation process for rapid deployment | ✓ | |
| Report on all configuration and system event activity via a single solution | ✓ | |
| Contains a comprehensive electronic guide to best practices and regulatory compliance | ✓ | |
| Generate security and compliance reports within minutes of installation | ✓ | |
| Automatic installation and configuration of HTTP and web application server | ✓ | |
| Access the product from anywhere via web browser | ✓ | |
| Extract and report on all 70+ IBM-generated events from QAUDJRN | ✓ | |
| Mapped to industry-standard audit frameworks, such as COBIT and ISO17799 | ✓ | |
| Utilizes a single graphical console for managing all security-related audit reporting | ✓ | |
| Integration with Powertech Exit Point Manager for reporting on transaction firewall events | ✓ | |
| Integration with Powertech Authority Broker for reporting on privileged user swaps | ✓ | |
| Highly scalable environment, from single server/uni-partition up to multi-server/ multi-partition | ✓ | |
| COMPLIANCE MONITORING, AUDITING, AND REPORTING | Current Method | Compliance Monitor |
| Predefined report groups for MICS (gaming industry), PCI-DSS (payment card industry), Sarbanes-Oxley (SOX), and NIST | ✓ | |
| Display data via an integrated viewer | ✓ | |
| Export reports to any combination of .PDF, .CSV, and .XLSX | ✓ | |
| Send reports to an IFS folder | ✓ | |
| Run side-by-side comparison reports of system values across multiple endpoints | ✓ | |
| Hundreds of predefined reports for instant reporting | ✓ | |
| Dozens of predefined data filters | ✓ | |
| Design powerful custom filters and share them with other users | ✓ | |
| Customize reports (select columns, sort order, and apply filters) and save customizations | ✓ | |
| Collate QAUDJRN reports from multiple systems | ✓ | |
| Define, customize, and edit custom security policies | ✓ | |
| Assign custom security policies to each endpoint | ✓ | |
| Reduce review workload by showing only exceptions to security policy | ✓ | |
| Highlight (colorize) exceptions to defined security policy based on customizable criticality | ✓ | |
| Import and export report definitions, filters, scorecard definitions, and security policies | ✓ | |
| Endpoint filters eliminate unwanted or unnecessary data retrieval | ✓ | |
| Track overall compliance statistics with easy-to-digest summary scorecards | ✓ | |
| INTERNAL APPLICATION SECURITY AND SETUP OPTIONS | Current Method | Compliance Monitor |
| Comprehensive security authorization scheme isolates users from complexities of IBM i infrastructure | ✓ | |
| Auditing user does not require credentials on endpoint servers | ✓ | |
| Protect audit elements: reports, endpoint systems, customized reports, filters, etc. | ✓ | |
| Auditing user profile does not require any IBM i special authority | ✓ | |
| Accommodate servers residing in different time zones, adjusted to the local time | ✓ | |
| Provides the administrator with diagnostic access and diagnostic logging | ✓ | |
| Consolidator preferences include the ability to encrypt, provide tamper resistance, and require digital signatures to PDF reports | ✓ | |
| AUTOMATIC, BATCH, AND MANUAL ASSESSMENT AVAILABILITY | Current Method | Compliance Monitor |
| Define batch assessment to run automatically (scheduled) or invoke manually | ✓ | |
| Schedule using IBM regular and advanced job scheduler, Robot Schedule or application code | ✓ | |
| Distribute batch report results via email to an individual or distribution list | ✓ | |
| View completed manual and batch assessments in centralized dashboard viewer | ✓ | |
| Harvest and centrally store QAUDJRN data from multiple endpoints with over 90% compression | ✓ | |
| Digitally sign and encrypt reports prior to electronic distribution | ✓ | |
| Configure the collection aging thresholds for manual and automatic assessment data by ‘age’ or ‘storage used’ | ✓ | |