Configuration Backup
- Network Device Discovery
- Baseline Configuration
- Network Backup Software
- Automated configuration backup
- Scheduling Configuration Backup
- Encrypted Storage of Configuration & Centralized Control
- Network Disaster Recovery Plan
Change Management
- Configuration Change Management
- Role Based Access Control (RBAC)
- Configuration Versioning & labelling
- Real time Change Detection
- Change Management Rules & Notifications
- Restore Device Configurations
- Config Compare Tool
Configlets
- Network Automation Tool
- Network Configuration Automation
- Command Execution Tasks
- Cisco Access Control List (ACL)
- What is VLAN
- SNMPv3 Configuration
- Enable SNMP in Cisco Router
- What is NAT?
- Configure static NAT Cisco
- Configure dynamic NAT Cisco
- Configuring PAT Cisco
- Juniper Software Upgrade
- Configure Cisco Banner
- Configure Cisco DHCP server
- Configure Cisco interface speed
REST Configlets
- REST API based config management
- Fortigate REST API config management
- Palo Alto REST API config management
Vulnerability Management
- Firmware Vulnerability
- Vulnerability Sync
- Firmware Vulnerability Insights
Firmware Upgrade
- Firmware Upgrade
- Cisco IOS Firmware Upgrade
Compliance
- Compliance Monitoring
- Compliance Reporting
- CIS Benchmark Compliance
- PCI Compliance
- SOX Compliance
- HIPAA Compliance
Configuration Management
- Simplified device templates
- Configuration Drift Management
- Syslog Configuration
- 3Com Device Configuration
- 3Com Switch Configuration
- Manage Device Configuration
- Router Configuration Management
- Network Configuration Analysis
- HP switch management software
- Huawei Router Configuration
- Cisco Device Configuration Management
- Backup Cisco switch config
- Cisco router configuration backup
- Juniper Device Configuration Management
- Brocade Device Configuration Management
- Brocade Router Config Management
- Brocade Switch Configuration Management
- NETGEAR Configuration Manager
- Aruba Device Configuration Management
- Siemens Configuration Tool
- Firewall Configuration Management
- What is Network Configuration Management (NCM)
- Network Configuration and Change Management
- Configuration Automation
- Network Device Management
- Multi-vendor device configuration support
- Searching Configurations
- Network Inventory Management
- Hardware Inventory
- Configuration File Management
- Terminal
Distributed Management
- NCM Enterprise Edition
- Enterprise Edition Smart Upgrade
- Centralized user management
- Tags
Reports
- Network Reports
- Configuration Reports
- Vulnerability Reports
- Network User Reports
- Compliance Report
- EOL/EOS Reports
- Other Reports
Ebooks
- Network disaster recovery plan
- Best practices in configuration Management
- The top 4 best practices for effective compliance management
- The top 4 best practices for effective firmware vulnerability management
Tech Topics
- Staying Ahead of Firmware Breaches
- Startup vs. Running Configuration
- Copy Running-Startup Configs
- Network Validation
White Papers
- Network Validation
- Conquering NCCM Challenges through Automation
Knowledge Base
- FAQ
- How-to
Enterprise Edition Knowledge Base
- FAQ (Enterprise Edition)
- How-to (Enterprise Edition)
Web Comic
- Network Administrators & Device Configuration Blues
Case Studies
- Automation for World's Leading News Agency
- Central Management and Control for UK's Top ITSO
- Business Continuity for Telecom Service Provider
- Total Control of Network Devices of Leading University
- Unified NCCM for IT service provider
Configuration Management Basics
- What is network automation
- Configuration change management best practices
- Top 5 advantages of network backup software
- How to choose the right network automation tool
- Top six benefits of configuration automation
- Network Audit
- Network Audit Tool
- Need for network backup software
- How to choose the right network backup software
- Network Configuration Change Management Tools
- Five challenges in managing configuration changes
- Brocade Switch Configuration Backup
- Network automation
- Network Vulnerabilities
- Configuring Cisco Switch
- Configure Cisco Router
- Configuration Backup
- SOX compliance requirements
Network Access Control
- SAML authentication
Integrations
- Integrate Password Manager Pro
- Integrate ServiceDesk Plus
- Integrate ServiceDesk Plus On-Demand
- Integrate ServiceNow
- Integrate PagerDuty

What is SOX compliance?

The United States Congress passed the Sarbanes-Oxley Act, also known as SOX, in 2002. SOX compliance protocols were developed to protect the public from fraudulent or erroneous practices by business entities. By implementing SOX financial security controls, organizations can protect their sensitive data from theft and cyberattacks.

What are SOX requirements?

The following SOX compliance requirements are applicable to IT organizations:

A. Corporate responsibility for financial reports: If your organization is public, it is mandatory to report its financial situation in a regular, timely manner to the Security Exchange Commission (SEC). The company's CFO and CEO must authenticate each financial report and they will be held accountable for the content in the report. This is a major SOX compliance requirement according to SOX compliance requirement section 302.

B. Assessing internal controls: Every organization must develop an internal control process, and both management and external auditors must assess how effective the process is and determine possible flaws in the process that could lead to a SOX violation. This control is mandated by SOX compliance requirement section 404.

C. Maintaining transparency: The organization's officials must inform their investors and the public if there is a major change in the organization's financial situation and its ability to operate. This control is mandated by SOX compliance requirement section 409.

What SOX compliance means for your IT department?

During a SOX compliance IT audit, your organization's IT department must prove its adherence to SOX compliance standards by providing documentation that shows how the organization has met the mandated financial transparency and data security thresholds.

While documenting, make sure your organization's IT department is familiar with the security controls, access privilege, and log management standards required for the financial records across the organization.

SOX compliance audit

IT security: Ensure that proper controls are in place to prevent data breaches, and have tools ready to remediate incidents should they occur. Invest in services and equipment that will monitor and protect your financial database.
Access controls: Prevent unauthorized users from viewing sensitive financial information utilizing physical and electronic controls. This includes keeping servers and data centers in secure locations, implementing effective password controls, and other measures.
Data backup: Maintain backup systems to protect sensitive data. Data centers containing backed-up data, including those stored off-site or by a third party are also subject to the same SOX compliance requirements as those hosted on-site.
Change management: Add new users and computers, update and install new software, and make any changes to databases or other data infrastructure components. This involves maintaining records of what was changed, when it was changed, and who changed it.

SOX penalties

Company officials or others who make any change that conceals truthful information, or includes a false statement, are subject to fines or imprisonment for up to 20 years.
Company officials who prepare a false financial report are subject to fines up to $5 million or imprisonment for up to 20 years.

How Network Configuration Manager helps your company to be SOX compliant

ManageEngine Network Configuration Manager provides SOX compliance policies by default. You can apply these policies to your IT devices and check if any device is violating the policy. Network Configuration Manager also allows you to see all the rule violations and helps you fix them. You can also download SOX compliance reports and submit those reports during audits. This enables you to improve the overall security of your company's financial data, be SOX compliant, and avoid huge penalties.

FAQ

1. Who is personally liable if there is a compliance violation?

The company's CFO and CEO will be liable if there is a compliance violation. They will be subject to penalties or imprisonment in case of a violation.

2. We accidentally revealed nonpublic financial information inappropriately across our network. Is that a SOX violation?

It is a SOX violation. If nonpublic information is inappropriately disclosed on your network, you must rapidly execute a response program to identify the extent of the exposure, assess the effect on the corporation and its customers, and notify all affected parties.

Our compliance and configuration management software, Network Configuration Manager, provides remediation configlets which immediately help fix violations.

3. We use Cisco devices in our network and the only way to protect a Cisco device is through plain text passwords. Will that be enough?

A plain text password is not secure since it makes your device vulnerable to data breaches and attacks. Attackers can obtain financial information and other data by leveraging plain text passwords to break in to your network.

Network Configuration Manager helps identify passwords that are in plain text and allows you to encrypt them using configlets.