AlienVault USM Anywhere provides out-of-the-box, pre-built compliance reporting templates based on alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., vulnerabilities, and eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. collected in the system. These reports make it fast and simple to navigate the requirements and demonstrate compliance during an audit. You can easily customize, save, and export any report as needed.
You can find these templates on Reports > Compliance Templates.
USM Anywhere supports several compliance templates including the following:
- PCI: Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. These reports are identified and based on specific PCI DSS requirements to provide the auditor with the specific information requested. For example, PCI DSS requirement 10.7.a: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. See PCI DSS Compliance Templates for more information.
- NIST CSF. The National Institute of Standards Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. See NIST CSF Compliance Templates for more information.
- HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered entities, anyone who provides treatment, payment and operations in healthcare, and business associates, anyone with access to patient information and provides support in treatment, payment, or operations. Subcontractors, or business associates of business associates, must also be in compliance. See HIPAA Compliance Templates for more information.
- ISO 27001. ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The ISO and the International Electrotechnical Commission (IEC) developed 27001 to provide requirements for an information security management system (ISMS). See ISO 27001 Compliance Templates for more information.
Important: Events with the name "User added", "User removed", "User account", "New user added", "User added to group", and "User deleted" from the Auditd data source are required for the PCI DSS reports.