Sarbanes-Oxley (SOX) Compliance

Keeper helps organizations meet and satisfy SOX Compliance requirements by enforcing internal controls and security safeguards to protect an organization's financial data and digital assets.

Sarbanes-Oxley (SOX) Requirements

The United States Congress passed the Sarbanes-Oxley Act (SOX) in 2002 to protect an enterprise's shareholders and the general public from accounting errors and fraudulent practices and to improve the accuracy of corporate disclosures.

SOX requires U.S. publicly-traded companies to provide evidence of adherence to strong internal control systems that cover five (5) key components: (1) Control Environment (2) Risk Assessment (3) Control Activities (4) Information and Communication and (5) Monitoring. Further, management and employees of the organization must illustrate integrity through the adoption of internal controls and accurate financial reporting.

In order for enterprises to meet accurate financial reporting and disclosure requirements under SOX, the protection of credentials and access to financial systems is essential. Cyber risk and external threat vectors are pervasive risks to the underlying integrity of a financial reporting system. Thus, data protection and integrity in an enterprise has become more pervasive in that every user within an enterprise network is a potential risk factor. Therefore, risk mitigation and data protection for every employee (and subcontractor) on every device - which transacts with the enterprise's systems and networks - is critical. The nucleus of this protection starts with Identity and Access Management (IAM). IAM policies are an integral part of an enterprise's internal control system and environment. Keeper Security is a pervasive IAM cybersecurity product that protects and safeguards an enterprise and its users from data breaches and cyberthreats.

By implementing and provisioning Keeper Enterprise across the entire organization (i.e. Keeper Enterprise is provisioned to all employees on all devices), the organization's data is protected and access to financial systems is secured and monitored. Therefore, the enterprise is better positioned to comply with SOX.

Keeper Enterprise utilizes a zero-trust framework and zero-knowledge security architecture that establishes a secure, encrypted and monitored control environment. Keeper Enterprise supports robust internal controls through delegated administration, enforcement policies, event tracking, monitoring and reporting. To support SOX-compliant organizations, Keeper Security undergoes annual audits to cover controls for security, availability, confidentiality and privacy. Keeper Security is SOC 2 (Type 1 and Type 2) and ISO 27001 compliant.

Compliance Features

Keeper Enterprise is a cybersecurity platform that provides organizations with the functionality needed to manage, monitor and protect access to financial systems and; to safeguard and protect any data or files stored in the system, with zero-knowledge security and end-to-end encryption.

Enforcing the Use of Strong Passwords

Once Keeper Enterprise is provisioned to all users in the organization, the Keeper Admin Console provides administrators with a single-dashboard view of the password-related usage among employees.

  • Record Password Strength

  • Unique Record Passwords

  • Two-Factor Authentication

Below is a dashboard view of the overall Security Score including Record Password Strength, Unique Record Passwords and Two-Factor Authentication usage within the platform. The Admin can drill down into specific users.

Admin Console Dashboard - Security Audit

Each individual user vault also provides a security audit and BreachWatch reporting view which addresses important internal control requirements of SOX.

Security Audit for End-Users

Role-Based Enforcement Policies

Keeper's role-based access policies provide the Administrator with the ability to enforce dozens of enforcements including:

  • Website-specific, password complexity policies

  • Access controls

  • Master Password complexity

  • Two-Factor Authentication

  • Sharing restrictions

Role Enforcement Policies

SOX Audit Reporting

Keeper provides security information and event reporting capabilities at the Admin and individual user level which provides auditors with summary and detailed information. This capability is included in Keeper's Advanced Reporting & Alerts (ARAM) module which also integrates with Security Information and Event Management (SIEM) systems.

Advanced Reporting & Alerts Module ("ARAM")

The ARAM module tracks over ninety (90) different event types in the cybersecurity platform and provides reporting capabilities covering several key areas:

  • Record-level Usage (e.g. user, device, location, record IDs that were accessed, updated, auto-filled, etc.)

  • BreachWatch - dark web monitoring and alerts

  • User-level, general usage and statistics

Advanced Reporting & Alerts Module

For more information about ARAM see Reporting, Alerts & Compliance section

SOX Transactional Reports

Keeper Commander (https://github.com/Keeper-Security/Commander) provides the Keeper Administrator and specific end-users with the ability to run several reports to adhere to SOX compliance requirements.

Keeper Commander can be run as either an end-user or an Administrator. The Keeper Administrator has several reporting features available that are above and beyond the basic commands. To install Keeper Commander, follow the instructions in the Github repository. A few examples of reports are provided below.

Shared Access Report (share-report)

The share-report command provides a breakdown of which users within the organization have access to records within the vault. This report is generated based on the specific user currently logged into Commander. For example, if a certain Admin is responsible for creating shared folders and assigning permissions to users, this user should run the report.

My Vault> share-report -h
usage: share-report [-h] [--format {table,csv}] [--output OUTPUT] [-r RECORD] [-e USER] [-o] [-v]
Display report on record sharing
optional arguments:
-h, --help show this help message and exit
--format {table,csv} output format.
--output OUTPUT output file name. (ignored for table format)
-r RECORD, --record RECORD
record name or UID
-e USER, --email USER
user email or team name
-o, --owner record ownership information
-v, --verbose display verbose information

The share-report command in verbose mode (-v) provides a list of each record in the vault, who has access. To find the specific permissions on an individual record, use the "get" command:

My Vault> get Sj9cyAezjL2U43Dg1_1yrg
UID: Sj9cyAezjL2U43Dg1_1yrg
Folder: Protected Accounts
Title: Dropbox - Craig
Password: ******
URL: https://www.dropbox.com/login
Attachments: backup_codes.png 105.85Kb ID: 8ECqxJTVICQ
Two Factor Code: 219677 valid for 30 sec
Shared Users: [email protected] (Owner)
Shared Folders: Protected Accounts
My Vault>

ARAM Audit-Report (audit-report)

The "audit-report" command is able to provide detailed event-based reporting at the user, record or overall system level.

My Vault> audit-report -h
usage: audit-report [-h] [--syntax-help] [--format {table,csv}] [--output OUTPUT] [--details] --report-type {raw,dim,hour,day,week,month,span} [--report-format {message,fields}]
[--columns COLUMNS] [--aggregate {occurrences,first_created,last_created}] [--timezone TIMEZONE] [--limit LIMIT] [--order {desc,asc}] [--created CREATED]
[--event-type EVENT_TYPE] [--username USERNAME] [--to-username TO_USERNAME] [--record-uid RECORD_UID] [--shared-folder-uid SHARED_FOLDER_UID]
Run audit report
optional arguments:
-h, --help show this help message and exit
--syntax-help display help
--format {table,csv} output format.
--output OUTPUT output file name. (ignored for table format)
--details lookup column details
--report-type {raw,dim,hour,day,week,month,span}
report type
--report-format {message,fields}
output format (raw reports only)
--columns COLUMNS Can be repeated. (ignored for raw reports)
--aggregate {occurrences,first_created,last_created}
aggregated value. Can be repeated. (ignored for raw reports)
--timezone TIMEZONE return results for specific timezone
--limit LIMIT maximum number of returned rows
--order {desc,asc} sort order
--created CREATED Filter: Created date. Predefined filters: today, yesterday, last_7_days, last_30_days, month_to_date, last_month, year_to_date, last_year
--event-type EVENT_TYPE
Filter: Audit Event Type
--username USERNAME Filter: Username of event originator
--to-username TO_USERNAME
Filter: Username of event target
--record-uid RECORD_UID
Filter: Record UID
--shared-folder-uid SHARED_FOLDER_UID
Filter: Shared Folder UID

For example, below is a report of a specific user "open_record" event, indicating when any password was accessed by the user.

My Vault> audit-report --format=table --report-type raw --event-type open_record --username [email protected]
created audit_event_type username ip_address keeper_version geo_location message
------------------------- ------------------ --------------------- -------------- ---------------- ---------------------------- -------------------------------------------------------------------
2020-10-30 10:23:54-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-30 10:23:51-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ
2020-10-30 09:54:24-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ
2020-10-30 09:53:59-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-30 09:53:57-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-29 17:48:47-07:00 open_record [email protected] 24.18.217.234 Web App 15.0.9 Fair Oaks, California, US User [email protected] opened record UID Sj9cyAezjL2U43Dg1_1yrg
2019-11-04 04:04:01-08:00 open_record [email protected] 20.21.18.186 Web App 14.9.5 Mount Laurel, New Jersey, US User [email protected] opened record UID icRRKVYN4Td-kGA1t3J4Gw
2019-09-17 23:09:02-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID hq_vmpnsAcPWAf6NKjCWUA
2019-09-17 23:09:00-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvA
2019-09-17 23:08:59-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 23:02:40-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:50:12-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:50:11-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:50:10-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:49:49-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:48:43-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:37:47-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q
2019-09-17 22:37:47-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q
2019-09-17 22:37:09-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 22:37:09-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 22:36:20-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg
2019-09-17 22:36:20-07:00 open_record [email protected] 33.40.155.247 Web App 14.9.1 Sacramento, California, US User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg
2019-09-17 16:55:06-07:00 open_record [email protected] 33.108.217.233 Web App 14.9.1 Fair Oaks, California, US User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 16:54:55-07:00 open_record [email protected] 33.108.217.233 Web App 14.9.1 Fair Oaks, California, US User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvA
My Vault>