So it’s that time of year again, the auditors are back in. They have spent the last 11 and a half months locked in a cupboard reading the latest versions of all your compliance standards and are ready to go through your estate with a fine tooth comb.
This time it’s PCI… so they come around quoting section numbers and how everything must conform to a uniform standard, one they like to see a documented copy of. So you open up Osirium and show them that you have strong authentication to all your devices. You show them the profiles that define who can gain access to what and that their level of privilege is defined, not just admin accounts everywhere. They ask about network settings, they want to see NTP server setting s set, remote syslog servers set and that auditing all actions of admins is turned on. So you fire up the PCI status report and show that all your devices are in check. Finally, they want to know if everything is patched with the latest security fixes, so you oblige and bring up the inventory report. Finally he asks if the milk in the fridge is in date…. well, we can’t check everything!!!