sqlserver12345 (2/12/2015)
I have a generic question.I need to define the scope for a SQL server database 2008 audit.There could be several parameters which can part of the scope.But I have been asked to identify the most generic parameters to form the scope which can be part of both financial and healthcare database systems.We are a healthcare and financial unit.
What could be the scope from a database perspective to be in compliance with PCI, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO27001
Thanks
The scope is in all those documents and more. This isn't a trivial thing that can be generalized. You'll need to meet the letter of the law for each of those documents to survive a real audit.
--Jeff Moden
Change is inevitable... Change for the better is not.