Sarbanes-Oxley (SOX) Compliance

Keeper helps organizations meet and satisfy SOX Compliance requirements by enforcing internal controls and security safeguards to protect an organization's financial data and digital assets.
Sarbanes-Oxley (SOX) Requirements
The United States Congress passed the Sarbanes-Oxley Act (SOX) in 2002 to protect an enterprise's shareholders and the general public from accounting errors and fraudulent practices and to improve the accuracy of corporate disclosures.
SOX requires U.S. publicly-traded companies to provide evidence of adherence to strong internal control systems that cover five (5) key components: (1) Control Environment (2) Risk Assessment (3) Control Activities (4) Information and Communication and (5) Monitoring. Further, management and employees of the organization must illustrate integrity through the adoption of internal controls and accurate financial reporting.  
In order for enterprises to meet accurate financial reporting and disclosure requirements under SOX, the protection of credentials and access to financial systems is essential.  Cyber risk and external threat vectors are pervasive risks to the underlying integrity of a financial reporting system.  Thus, data protection and integrity in an enterprise has become more pervasive in that every user within an enterprise network is a potential risk factor.  Therefore, risk mitigation and data protection for every employee (and subcontractor) on every device - which transacts with the enterprise's systems and networks - is critical.  The nucleus of this protection starts with Identity and Access Management (IAM).  IAM policies are an integral part of an enterprise's internal control system and environment. Keeper Security is a pervasive IAM cybersecurity product that protects and safeguards an enterprise and its users from data breaches and cyberthreats.
By implementing and provisioning Keeper Enterprise across the entire organization (i.e. Keeper Enterprise is provisioned to all employees on all devices), the organization's data is protected and access to financial systems is secured and monitored. Therefore, the enterprise is better positioned to comply with SOX.  
Keeper Enterprise utilizes a zero-trust framework and zero-knowledge security architecture that establishes a secure, encrypted and monitored control environment.  Keeper Enterprise supports robust internal controls through delegated administration, enforcement policies, event tracking, monitoring and reporting.  To support SOX-compliant organizations, Keeper Security undergoes annual audits to cover controls for security, availability, confidentiality and privacy. Keeper Security is SOC 2 (Type 1 and Type 2) and ISO 27001 compliant.
Compliance Features
Keeper Enterprise is a cybersecurity platform that provides organizations with the functionality needed to manage, monitor and protect access to financial systems and; to safeguard and protect any data or files stored in the system, with zero-knowledge security and end-to-end encryption. 
Enforcing the Use of Strong Passwords
Once Keeper Enterprise is provisioned to all users in the organization, the Keeper Admin Console provides administrators with a single-dashboard view of the password-related usage among employees.
Record Password Strength
Unique Record Passwords
Two-Factor Authentication
Below is a dashboard view of the overall Security Score including Record Password Strength, Unique Record Passwords and Two-Factor Authentication usage within the platform.  The Admin can drill down into specific users.
Admin Console Dashboard - Security Audit
Each individual user vault also provides a security audit and BreachWatch reporting view which addresses important internal control requirements of SOX.
Security Audit for End-Users
Role-Based Enforcement Policies
Keeper's role-based access policies provide the Administrator with the ability to enforce dozens of enforcements including:
Website-specific, password complexity policies
Access controls
Master Password complexity
Two-Factor Authentication
Sharing restrictions
Role Enforcement Policies
SOX Audit Reporting
Keeper provides security information and event reporting capabilities at the Admin and individual user level which provides auditors with summary and detailed information.  This capability is included in Keeper's Advanced Reporting & Alerts (ARAM) module which also integrates with Security Information and Event Management (SIEM) systems.
Advanced Reporting & Alerts Module ("ARAM")
The ARAM module tracks over ninety (90) different event types in the cybersecurity platform and provides reporting capabilities covering several key areas:
Record-level Usage (e.g. user, device, location, record IDs that were accessed, updated, auto-filled, etc.)
BreachWatch - dark web monitoring and alerts
User-level, general usage and statistics
Advanced Reporting & Alerts Module
For more information about ARAM see Reporting, Alerts & Compliance section
SOX Transactional Reports
Keeper Commander (https://github.com/Keeper-Security/Commander) provides the Keeper Administrator and specific end-users with the ability to run several reports to adhere to SOX compliance requirements.
Keeper Commander can be run as either an end-user or an Administrator.  The Keeper Administrator has several reporting features available that are above and beyond the basic commands. To install Keeper Commander, follow the instructions in the Github repository.  A few examples of reports are provided below.
Shared Access Report (share-report)
The share-report command provides a breakdown of which users within the organization have access to records within the vault.  This report is generated based on the specific user currently logged into Commander.  For example, if a certain Admin is responsible for creating shared folders and assigning permissions to users, this user should run the report.
My Vault> share-report -h                                                                                                                                                                          
usage: share-report [-h] [--format {table,csv}] [--output OUTPUT] [-r RECORD] [-e USER] [-o] [-v]
​
Display report on record sharing
​
optional arguments:
  -h, --help            show this help message and exit
  --format {table,csv}  output format.
  --output OUTPUT       output file name. (ignored for table format)
  -r RECORD, --record RECORD
                        record name or UID
  -e USER, --email USER
                        user email or team name
  -o, --owner           record ownership information
  -v, --verbose         display verbose information
​
The share-report command in verbose mode (-v) provides a list of each record in the vault, who has access. To find the specific permissions on an individual record, use the "get" command:
My Vault> get Sj9cyAezjL2U43Dg1_1yrg                                                                                                                                                                                     
​
                 UID: Sj9cyAezjL2U43Dg1_1yrg
              Folder: Protected Accounts
               Title: Dropbox - Craig     
               Login: [email protected]
            Password: ******              
                 URL: https://www.dropbox.com/login
         Attachments: backup_codes.png     105.85Kb     ID: 8ECqxJTVICQ
     Two Factor Code: 219677               valid for 30 sec
        Shared Users: [email protected] (Owner) 
                      [email protected] (Edit) 
                      [email protected] (Edit) 
                      [email protected] (View) 
                      [email protected] (View) 
      Shared Folders: Protected Accounts
​
My Vault>                                                                                                                                                                                                                
​
ARAM Audit-Report (audit-report)
The "audit-report" command is able to provide detailed event-based reporting at the user, record or overall system level.
My Vault> audit-report -h                                                                                                                                                                          
usage: audit-report [-h] [--syntax-help] [--format {table,csv}] [--output OUTPUT] [--details] --report-type {raw,dim,hour,day,week,month,span} [--report-format {message,fields}]
                    [--columns COLUMNS] [--aggregate {occurrences,first_created,last_created}] [--timezone TIMEZONE] [--limit LIMIT] [--order {desc,asc}] [--created CREATED]
                    [--event-type EVENT_TYPE] [--username USERNAME] [--to-username TO_USERNAME] [--record-uid RECORD_UID] [--shared-folder-uid SHARED_FOLDER_UID]
​
Run audit report
​
optional arguments:
  -h, --help            show this help message and exit
  --syntax-help         display help
  --format {table,csv}  output format.
  --output OUTPUT       output file name. (ignored for table format)
  --details             lookup column details
  --report-type {raw,dim,hour,day,week,month,span}
                        report type
  --report-format {message,fields}
                        output format (raw reports only)
  --columns COLUMNS     Can be repeated. (ignored for raw reports)
  --aggregate {occurrences,first_created,last_created}
                        aggregated value. Can be repeated. (ignored for raw reports)
  --timezone TIMEZONE   return results for specific timezone
  --limit LIMIT         maximum number of returned rows
  --order {desc,asc}    sort order
  --created CREATED     Filter: Created date. Predefined filters: today, yesterday, last_7_days, last_30_days, month_to_date, last_month, year_to_date, last_year
  --event-type EVENT_TYPE
                        Filter: Audit Event Type
  --username USERNAME   Filter: Username of event originator
  --to-username TO_USERNAME
                        Filter: Username of event target
  --record-uid RECORD_UID
                        Filter: Record UID
  --shared-folder-uid SHARED_FOLDER_UID
                        Filter: Shared Folder UID
​
​
For example, below is a report of a specific user "open_record" event, indicating when any password was accessed by the user.
My Vault> audit-report --format=table --report-type raw --event-type open_record --username [email protected]                                                                                  
created                    audit_event_type    username               ip_address      keeper_version    geo_location                  message
-------------------------  ------------------  ---------------------  --------------  ----------------  ----------------------------  -------------------------------------------------------------------
2020-10-30 10:23:54-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-30 10:23:51-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ
2020-10-30 09:54:24-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID kS8rp3Z14KScxYZ5tZHQjQ
2020-10-30 09:53:59-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-30 09:53:57-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID OXTUcwY2E6yUx55pjbGLaw
2020-10-29 17:48:47-07:00  open_record         [email protected]  24.18.217.234  Web App 15.0.9    Fair Oaks, California, US     User [email protected] opened record UID Sj9cyAezjL2U43Dg1_1yrg
2019-11-04 04:04:01-08:00  open_record         [email protected]  20.21.18.186   Web App 14.9.5    Mount Laurel, New Jersey, US  User [email protected] opened record UID icRRKVYN4Td-kGA1t3J4Gw
2019-09-17 23:09:02-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID hq_vmpnsAcPWAf6NKjCWUA
2019-09-17 23:09:00-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvA
2019-09-17 23:08:59-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 23:02:40-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:50:12-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:50:11-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:50:10-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:49:49-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 22:48:43-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID 1dp8_Yx1ueN8Jt07t94Zcg
2019-09-17 22:37:47-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q
2019-09-17 22:37:47-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID GyiwwlSpVzWUWyncX8qn2Q
2019-09-17 22:37:09-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 22:37:09-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID jsZ6imVmnxKjDMf9rw3MwA
2019-09-17 22:36:20-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg
2019-09-17 22:36:20-07:00  open_record         [email protected]  33.40.155.247   Web App 14.9.1    Sacramento, California, US    User [email protected] opened record UID NQNBwI3hPlHNk6R_ZVOElg
2019-09-17 16:55:06-07:00  open_record         [email protected]  33.108.217.233  Web App 14.9.1    Fair Oaks, California, US     User [email protected] opened record UID yBajSC7kS5Bpute6H4rRBA
2019-09-17 16:54:55-07:00  open_record         [email protected]  33.108.217.233  Web App 14.9.1    Fair Oaks, California, US     User [email protected] opened record UID BCdu5EDuTsEzhPLRkgPJvA
My Vault>                                                                                                                                                                                                                
​
​
​
​
​
​
Reporting, Alerts & Compliance
Vault Offline Access
Last updated 1 month ago