Introduction to the Regulatory Compliance Module
The Regulatory Compliance Module (RSM) helps you achieve or exceed compliance requirements mandated by the most rigorous standards, including PCI DSS, HIPAA, HITECH, Sarbanes-Oxley, and many others.
The features listed below are activated by the RCM:
-
Privacy configuration, including GDPR-specific settings
-
Specify personal data and privacy settings on a Site and per user
-
Generate GDPR DPIA report (Requires ARM)
-
Removes old data automatically Data sanitization/wiping (PCI DSS 9)
-
Hides or disables non-allowed cipher or SSL versions, key lengths <128 bits, anonymous account type, and warns when importing certificates with weak keys (PCI DSS 4.1)
-
Causes idle sessions to automatically timeout (PCI DSS 8.1.8)
-
Limits repeated invalid login attempts (PCI DSS 8.1.6)
-
Provides a configuration wizard for creating PCI DSS compliant Sites
-
Monitors and reports on configuration changes that result in PCI DSS violations (PCI DSS 12) (Requires ARM)
-
Produces automatic daily PCI DSS Compliance reports (PCI DSS 12) (Requires ARM)
-
Warns if password complexity is disabled (PCI DSS 8.2.3)
-
Warns if insecure protocols are in use (PCI DSS 2.2.2)
-
Warns if user disk quota is not set (PCI DSS 3.1)
-
Warns if secure remote administration not set (PCI DSS 2.3)
-
Warns if Encrypting File System (EFS) in use (PCI DSS 3.4.1)
-
Warns if DoS and flood settings are too low (PCI DSS 2.2.4)
-
Warns if vendor defaults remain unchanged (PCI DSS 2.1)
-
Warns if expired keys present (PCI DSS 3.6.5)
-
Warns if multiple administrator roles present (PCI DSS 7.1)
-
Warns if anonymous account type in use (PCI DSS 8.5)