I discovered this tool while browsing for enterprise policy framework kind of concept implementation for SQL Server 2005. Apart for the framework that I described in my earlier post, this is one another tool that adds value in terms of compliance and can prove as a standard auditing mechanism for convincing end clients too for SOX compliance.
Overview (reference: Microsoft Download Center)
This configuration pack contains configuration items intended to help you establish and validate a desired configuration for your SQL 2005 servers in order to support your Sarbanes-Oxley compliance efforts.
The Microsoft SQL Server 2005 Assessment Configuration Pack for Sarbanes-Oxley Act was developed in conjunction with Brabeion Software, and contains suggested system configurations that map best practices and standards to the requirements of the Sarbanes-Oxley Act. This configuration pack defines recommended configurations based on a number of settings-based configuration items, and assesses your system against the desired configuration.
Once imported into SCCM 2007, this configuration pack and its included configuration items can be targeted to collections of systems which are then audited for compliance with the recommended configurations. When settings are detected to be out of compliance, events will be generated and sent to the Configuration Manager server where the data is available for reporting.
Please note that the configuration items, settings, and values included in this configuration pack do not necessarily represent every configuration required for Sarbanes-Oxley compliance. The administrator should verify that the rules being evaluated meet the unique requirements for their specific environment. If desired, the administrator can also modify the configuration pack by adding, modifying, and deleting configuration items, settings, and values through the Desired Configuration Management user interface within the SCCM 2007 console.
Once imported into SCCM 2007, this configuration pack and its included configuration items can be targeted to collections of systems which are then audited for compliance with the recommended configurations. When settings are detected to be out of compliance, events will be generated and sent to the Configuration Manager server where the data is available for reporting.
Please note that the configuration items, settings, and values included in this configuration pack do not necessarily represent every configuration required for Sarbanes-Oxley compliance. The administrator should verify that the rules being evaluated meet the unique requirements for their specific environment. If desired, the administrator can also modify the configuration pack by adding, modifying, and deleting configuration items, settings, and values through the Desired Configuration Management user interface within the SCCM 2007 console.
No comments:
Post a Comment