AlienVault USM Anywhere provides out of the box pre-built compliance reporting templates based on alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., vulnerabilities, and eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. collected in the system. These reports make it fast and simple to navigate the requirements and demonstrate compliance during an audit. You can easily customize, save, and export any report as needed.
You can find these templates on Reports > Compliance Templates.
USM Anywhere supports several Compliance Templates including:
- PCI. PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. These reports are identified and based on specific PCI DSS requirements to provide the auditor with the specific information requested. For example, PCI DSS requirement 10.7.a: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
- NIST CSF. The National Institute of Standards Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.
- HIPAA. The Health Insurance Portability and Accountability Act sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment, or operations. Subcontractors, or business associates of business associates, must also be in compliance.
- ISO 27001. ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide requirements for an information security management system (ISMS).
Note: The PCI compliance templates are filtered by default based on the predefined PCI DSS Asset Group. After you click Generate Report to open the report template, you can choose another asset group by clicking Edit Filters in the upper right corner of the Create Report window. See To edit a saved report for more information on editing reports.
Note: The HIPAA compliance templates are filtered by default based on the predefined HIPAA Asset Group; however, you can select another Asset Group by customizing the template as described below.