Technology Solutions: Compliance Management
Challenge: Making sense of the requirements
While it is hard to imagine a more over-hyped market driver than compliance, the requirements placed on you are real and you must respond.
The frustrating part of this exercise is the lack of hard and fast guidelines about what really constitutes compliance with a policy or regulation. Gartner themselves provide the most realistic and, at the same time, concerning, evaluation of the compliance dilemma.
“The secret is that there is no definitive assertion of what equals compliance, so organizations are on their own to determine what is reasonable and appropriate for them.”
Gartner, January 2006
QRadar solution for compliance management
QRadar provides key technology underpinnings for a company’s efforts to deliver security best practices as required by specific industry regulations. Core to QRadar’s ability to support a compliance initiative is specific workflow that maps to accepted control frameworks and specific regulations.
QRadar provides reporting and alerting workflow for the following Control Frameworks:
- Control Objectives for Information and related Technology (CobiT)
- International Organization for Standardization (ISO) ISO/IEC 27002 (17799)
- Common Criteria (CC) (ISO/IEC 15408)
- NIST special publication 800-53 revision 1 & FIPS 200
QRadar supports compliance focused workflow for the following Regulations:
- Payment Card Industry Data Security Standard (PCI-DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (SOX)
- Graham-Leach-Bliley Act (GLBA)
Federal Information Security Management Act (FISMA)
Useful links...
How QRadar Addresses Regulatory Compliance Requirements:
Rationalizing Compliance Requirements Amid the Hype