Admin Console 16.0.0
AWS GovCloud Release with beta features: Compliance Reports and Record Type Controls
Last updated
AWS GovCloud Release with beta features: Compliance Reports and Record Type Controls
Last updated
Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.
Record Types Admin Controls allow administrators to customize the use of record types for their enterprise. Keeper administrators with permission to manage record types, can create new custom record type templates and restrict the use of any record types by role and/or node.
Compliance Reports provide on-demand visibility of the access permissions associated with your enterprise records. These reports simplify the compliance auditing process for Sarbanes Oxley (SOX) and other regulations requiring access control monitoring. The user-defined reports can be exported and fed into automated compliance systems or sent directly to external auditors. This is a secure add-on feature to your Keeper license package.
Security Model for Compliance Reports
To support Compliance Reports, certain non-secret fields of the Keeper vault records are encrypted with the Elliptic Curve Enterprise Public Key. Keeper Administrators are able to decrypt the Enterprise Private Key when they login to the Admin Console. Since the reports contain some non-credential encrypted record data, an administrator must have permission to run and view these reports. The encrypted record data is included in the report and can also be used as report filters. The encrypted record data includes:
Record Title
Record Type
URL
Zero-knowledge remains preserved because the encrypted data is decrypted on the Keeper Administrator Console using the Enterprise Private Key, restricted to administrators that have Compliance Reporting permission.
The Advanced Reporting & Alerts Module now contains several new event types to cover Compliance Reporting and Record Types.
New ARAM Events |
Event | Category | Description |
compliance_report_saved | compliance | Compliance report UID ${app_uid} saved by ${username} |
compliance_report_downloaded | compliance | Compliance report UID ${app_uid} downloaded by ${username} |
compliance_report_exported | compliance | Compliance report UID ${app_uid} exported by ${username} |
compliance_report_deleted | compliance | Compliance report UID ${app_uid} deleted by ${username} |
saved_criteria_saved | compliance | Compliance report criteria UID ${app_uid} saved by ${username} |
saved_criteria_edited | compliance | Compliance report criteria UID ${app_uid} edited by ${username} |
saved_criteria_deleted | compliance | Compliance report criteria UID ${app_uid} deleted by ${username} |
record_type_created | policy | Admin ${username} created record type "${name}" |
record_type_updated | policy | Admin ${username} updated record type "${name}" |
record_type_deleted | policy | Admin ${username} deleted record type "${name}" |
EM-4867: Renew button is not active on expired accounts
EM-4871: Node and device type attributes for ARAM not working
EM-4875: Deleted Users saved in ARAM Report Criteria result in white screen
EM-4878: Expired accounts cannot pay on the Administrator Login screen
EM-4904: Event types in ARAM reports erroneously displaying scroll bar
EM-4875: Deleted users saved to ARAM report results in white screen
EM-4899: Adding role to a user does not display until admin logs in or manually syncs
EM-4908: New calendar for a new ARAM user shows “January 1900” for the starting date
EM-4930: Not able to delete users from enterprise
EM-4944: User can change email address without a correct master password
EM-4953: ARAM BreachWatch events are not being listed correctly
EM-4971: Getting server failure when attempting to move a user to a new node
EM-4974: Access permissions for records that are visible through "links" to other records will not be reflected in Compliance Reports. The compliance reports will show only record permissions where the record is shared via a direct share or through a shared folder. An example of this would be a Payment Card linked to a Bank Account record type.
EM-4979: Record Type records are not successfully transferred on second account transfer after a first successful account transfer.
EM-4884: Console needs to show changes to custom record types without manual sync or log out / log in.
EM-4969: When selecting a report criteria filter that includes a deleted node, the Admin Console fails and displays a blank screen.
EM-4973: No user warning when re-running reporting criteria that includes a user that is no longer associated with the selected node/s.
EM-4958: Not logging Compliance Reports “exported report” events to ARAM.
