The United States Congress passed the Sarbanes-Oxley Act (SOX) in 2002 to protect an enterprise's shareholders and the general public from accounting errors and fraudulent practices and to improve the accuracy of corporate disclosures.
SOX requires U.S. publicly-traded companies to provide evidence of adherence to strong internal control systems that cover five (5) key components: (1) Control Environment (2) Risk Assessment (3) Control Activities (4) Information and Communication and (5) Monitoring. Further, management and employees of the organization must illustrate integrity through the adoption of internal controls and accurate financial reporting.
In order for enterprises to meet accurate financial reporting and disclosure requirements under SOX, the protection of credentials and access to financial systems is essential. Cyber risk and external threat vectors are pervasive risks to the underlying integrity of a financial reporting system. Thus, data protection and integrity in an enterprise has become more pervasive in that every user within an enterprise network is a potential risk factor. Therefore, risk mitigation and data protection for every employee (and subcontractor) on every device - which transacts with the enterprise's systems and networks - is critical. The nucleus of this protection starts with Identity and Access Management (IAM). IAM policies are an integral part of an enterprise's internal control system and environment. Keeper Security is a pervasive IAM cybersecurity product that protects and safeguards an enterprise and its users from data breaches and cyberthreats.
By implementing and provisioning Keeper Enterprise across the entire organization (i.e. Keeper Enterprise is provisioned to all employees on all devices), the organization's data is protected and access to financial systems is secured and monitored. Therefore, the enterprise is better positioned to comply with SOX.
Keeper Enterprise utilizes a zero-trust framework and zero-knowledge security architecture that establishes a secure, encrypted and monitored control environment. Keeper Enterprise supports robust internal controls through delegated administration, enforcement policies, event tracking, monitoring and reporting. To support SOX-compliant organizations, Keeper Security undergoes annual audits to cover controls for security, availability, confidentiality and privacy. Keeper Security is SOC 2 (Type 1 and Type 2) and ISO 27001 compliant.
Keeper Enterprise is a cybersecurity platform that provides organizations with the functionality needed to manage, monitor and protect access to financial systems and; to safeguard and protect any data or files stored in the system, with zero-knowledge security and end-to-end encryption.
Once Keeper Enterprise is provisioned to all users in the organization, the Keeper Admin Console provides administrators with a single-dashboard view of the password-related usage among employees.
Record Password Strength
Unique Record Passwords
Two-Factor Authentication
Below is a dashboard view of the overall Security Score including Record Password Strength, Unique Record Passwords and Two-Factor Authentication usage within the platform. The Admin can drill down into specific users.
Each individual user vault also provides a security audit and BreachWatch reporting view which addresses important internal control requirements of SOX.
Keeper's role-based access policies provide the Administrator with the ability to enforce dozens of enforcements including:
Website-specific, password complexity policies
Access controls
Master Password complexity
Two-Factor Authentication
Sharing restrictions
Keeper provides security information and event reporting capabilities at the Admin and individual user level which provides auditors with summary and detailed information. This capability is included in Keeper's Advanced Reporting & Alerts (ARAM) module which also integrates with Security Information and Event Management (SIEM) systems.
Advanced Reporting & Alerts Module ("ARAM")
The ARAM module tracks over ninety (90) different event types in the cybersecurity platform and provides reporting capabilities covering several key areas:
Record-level Usage (e.g. user, device, location, record IDs that were accessed, updated, auto-filled, etc.)
BreachWatch - dark web monitoring and alerts
User-level, general usage and statistics
For more information about ARAM see Reporting, Alerts & Compliance section
Keeper Commander (https://github.com/Keeper-Security/Commander) provides the Keeper Administrator and specific end-users with the ability to run several reports to adhere to SOX compliance requirements.
Keeper Commander can be run as either an end-user or an Administrator. The Keeper Administrator has several reporting features available that are above and beyond the basic commands. To install Keeper Commander, follow the instructions in the Github repository. A few examples of reports are provided below.
The share-report command provides a breakdown of which users within the organization have access to records within the vault. This report is generated based on the specific user currently logged into Commander. For example, if a certain Admin is responsible for creating shared folders and assigning permissions to users, this user should run the report.
My Vault> share-report -husage: share-report [-h] [--format {table,csv}] [--output OUTPUT] [-r RECORD] [-e USER] [-o] [-v]Display report on record sharingoptional arguments:-h, --help show this help message and exit--format {table,csv} output format.--output OUTPUT output file name. (ignored for table format)-r RECORD, --record RECORDrecord name or UID-e USER, --email USERuser email or team name-o, --owner record ownership information-v, --verbose display verbose information
The share-report command in verbose mode (-v) provides a list of each record in the vault, who has access. To find the specific permissions on an individual record, use the "get" command:
My Vault> get Sj9cyAezjL2U43Dg1_1yrgUID: Sj9cyAezjL2U43Dg1_1yrgFolder: Protected AccountsTitle: Dropbox - CraigLogin: [email protected]Password: ******URL: https://www.dropbox.com/loginAttachments: backup_codes.png 105.85Kb ID: 8ECqxJTVICQTwo Factor Code: 219677 valid for 30 secShared Users: [email protected] (Owner)[email protected] (Edit)[email protected] (Edit)[email protected] (View)[email protected] (View)Shared Folders: Protected AccountsMy Vault>
The "audit-report" command is able to provide detailed event-based reporting at the user, record or overall system level.
My Vault> audit-report -husage: audit-report [-h] [--syntax-help] [--format {table,csv}] [--output OUTPUT] [--details] --report-type {raw,dim,hour,day,week,month,span} [--report-format {message,fields}][--columns COLUMNS] [--aggregate {occurrences,first_created,last_created}] [--timezone TIMEZONE] [--limit LIMIT] [--order {desc,asc}] [--created CREATED][--event-type EVENT_TYPE] [--username USERNAME] [--to-username TO_USERNAME] [--record-uid RECORD_UID] [--shared-folder-uid SHARED_FOLDER_UID]Run audit reportoptional arguments:-h, --help show this help message and exit--syntax-help display help--format {table,csv} output format.--output OUTPUT output file name. (ignored for table format)--details lookup column details--report-type {raw,dim,hour,day,week,month,span}report type--report-format {message,fields}output format (raw reports only)--columns COLUMNS Can be repeated. (ignored for raw reports)--aggregate {occurrences,first_created,last_created}aggregated value. Can be repeated. (ignored for raw reports)--timezone TIMEZONE return results for specific timezone--limit LIMIT maximum number of returned rows--order {desc,asc} sort order--created CREATED Filter: Created date. Predefined filters: today, yesterday, last_7_days, last_30_days, month_to_date, last_month, year_to_date, last_year--event-type EVENT_TYPEFilter: Audit Event Type--username USERNAME Filter: Username of event originator--to-username TO_USERNAMEFilter: Username of event target--record-uid RECORD_UIDFilter: Record UID--shared-folder-uid SHARED_FOLDER_UIDFilter: Shared Folder UID
For example, below is a report of a specific user "open_record" event, indicating when any password was accessed by the user.
My Vault> audit-report --format=table --report-type raw --event-type open_record --username [email protected]created audit_event_type username ip_address keeper_version geo_location message------------------------- ------------------ --------------------- -------------- ---------------- ---------------------------- -------------------------------------------------------------------2020-10-30 10:23:54-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw2020-10-30 10:23:51-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ2020-10-30 09:54:24-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ2020-10-30 09:53:59-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw2020-10-30 09:53:57-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw2020-10-29 17:48:47-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID Sj9cyAezjL2U43Dg1_1yrg2019-11-04 04:04:01-08:00 open_record [email protected] 20.21.18.186 Web App 14.9.5 Mount Laurel, New Jersey, US User [email protected] opened record UID icRRKVYN4Td-kGA1t3J4Gw2019-09-17 23:09:02-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID hq_vmpnsAcPWAf6NKjCWUA2019-09-17 23:09:00-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvA2019-09-17 23:08:59-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA2019-09-17 23:02:40-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA2019-09-17 22:50:12-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg2019-09-17 22:50:11-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA2019-09-17 22:50:10-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg2019-09-17 22:49:49-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA2019-09-17 22:48:43-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg2019-09-17 22:37:47-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q2019-09-17 22:37:47-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q2019-09-17 22:37:09-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA2019-09-17 22:37:09-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA2019-09-17 22:36:20-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg2019-09-17 22:36:20-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg2019-09-17 16:55:06-07:00 open_record [email protected] 33.108.217.233 Web App 14.9.1 Fair Oaks, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA2019-09-17 16:54:55-07:00 open_record [email protected] 33.108.217.233 Web App 14.9.1 Fair Oaks, California, US User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvAMy Vault>