Home Forums SQL Server 2008 Security (SS2K8) Audit RE: Audit

  • February 12, 2015 at 8:25 am

    #1777260

    sqlserver12345 (2/12/2015)

    I have a generic question.I need to define the scope for a SQL server database 2008 audit.There could be several parameters which can part of the scope.But I have been asked to identify the most generic parameters to form the scope which can be part of both financial and healthcare database systems.

    We are a healthcare and financial unit.

    What could be the scope from a database perspective to be in compliance with PCI, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO27001

    Thanks

    The scope is in all those documents and more. This isn't a trivial thing that can be generalized. You'll need to meet the letter of the law for each of those documents to survive a real audit.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)