Reports

Password Inventory Report

This report provides a snapshot of details about the total number of resources, passwords, resource types and users present in PAM360. Besides, it provides details about the ownership of each password/resource and details about the time at which the passwords were accessed.

There are three sections in this report:

Password Inventory - Summary Report

This section lists down the details in summary about the total number of resources, total number of passwords, total number of users and total number of resource types.

Password Distribution by Resource Type

This section provides a pie-chart showing the number of resources based on the resource types.

Password Inventory- Detailed Report

This section lists down the details of all the resources passwords, resource types and users present in PAM360. Besides, it provides details about the ownership of each password/resource and details about the time at which the passwords were accessed.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation.

Policy Compliance Report

This report provides a snapshot of details about the passwords that comply to the password policy set by the administrator and the ones that do not comply. Besides, it provides details about the ownership of each password.

Also, in the case of the passwords which are found to be non-compliant, details about non-compliance are also provided. This helps in taking the required corrective action immediately to make them compliant.

There are three sections in this report:

Password Policy Compliance Summary

This section lists down the details in summary about the total number of passwords, total number of passwords that comply to the policy and total number of passwords that are non-compliant.

Policy Violation by Resource Type

This section provides a pie-chart showing the number of passwords that are non-compliant to the defined policy based on the resource type.

List of Password Policies

This section lists down all policies that have been created. Details about each policy can be easily viewed by simply clicking on the name of each policy.

Policy Compliance Status

This section lists down the compliance details of all the resources (whether they are compliant with the defined policy or not). It also depicts the number of violations in each resource and the ownership details of resources and passwords in tabular form. You can make a search in this report by clicking the icon present at the top-right hand corner of the table.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation.

Password Expiry Report

This report provides information about the validity details of passwords. In other words, it provides details about the passwords that have expired and the passwords that are valid.

There are three sections in this report:

Password Expiry - Summary

This section lists down the details in summary about the total number of passwords, total number of expired passwords and total number of valid passwords.

Resource Types and Expiry Status

This section provides a pie-chart showing the number of expired passwords in each resource type.

Expiry Status of Passwords

This section lists down the expiry/validity details of all the resources. It also depicts the number of expired/valid passwords in each resource and the ownership details of resources and passwords in tabular form. You can make a search in this report by clicking the icon present at the top-right hand corner of the table.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Password Activity Report

This report provides information about the usage details of all passwords in the system. It provides details about the passwords that were most accessed during a specific time period, the ones that were least accessed, average access per day, per week, passwords that were frequently reset etc.

There are six sections in this report:

Activity Statistics - Summary Report

This section lists down the details in summary about the total number of passwords, average access per day/ per week, average password age, the number of passwords for which reset is supported, number of passwords that were reset using agents, number of passwords that were reset without agents, number of failures in password reset

Most Accessed Passwords

This section provides a graph showing the top 10 passwords that were accessed most.

Frequently Reset Passwords

This section provides a graph showing the top 10 passwords that were reset most.

Least Accessed Passwords

This section provides a graph showing the least accessed 10 passwords.

Rarely Changed Passwords

This section provides a graph showing the least reset 10 passwords.

Password Activity Details

This section provides the following details about the passwords that are in sync with the target systems: Date of creation of the password, number of times the password had been accessed from the date of creation, number of time the password underwent changes, the time at which the password was accessed/changed last, the frequency at which the password is being accessed every day, the frequency at which the password is being changed every week etc.

List of resources for which access control workflow has been activated

This section lists all the resources for which password access control workflow has been activated

List of resources for which access control workflow has been deactivated

This section lists all the resources for which password access control workflow has been deactivated

List of resources for which access control workflow has not been configured

This section lists all the resources for which password access control workflow has not been configured at all

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Password Access Control - Resource

This report provides a detailed summary of how password request-release workflow configuration for resources is configured and used. The report contains the details of resources for which Resource-level access control is configured. In addition, the report provides a list of password access requests raised, approved and denied in the specified number of days (a minimum of 5 and a maximum of 30 days).
You can also view the list of passwords checked out and checked in during a specified number of days.

The report contains the following sections:

Access Control Activated

This section lists all the resources for which Resource-level Access Control is activated.
Automatic Approvals

This section lists all the resources for which an auto-approval time frame is configured.
Access Control Not Configured

This section lists all the resources for which Access Control is not configured.
Access Control Deactivated

This section lists all the resources for which Access Control is currently deactivated.
Excluded Accounts From Resource Access Control

This section lists all the resources which are currently excluded from Resource-level Access Control.
List of password access requests raised in the last X no. of days

This section lists all the password access requests raised in the specified number of days.
List of password access requests approved in the last X no. of days

This section lists all the password access requests approved in the specified number of days.
List of password access requests denied in the last X no. of days

This section lists all the password access requests denied in the specified number of days.
List of passwords checked out in the last X no. of days

This section lists all the passwords checked out in the specified number of days.
List of passwords checked in during the last X no. of days

This section lists all the passwords checked in during the specified number of days.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links Export to PDF, Export to XLS or Email this Report to do the required operation.

Password Access Control - Account

This report provides a detailed summary of how password request-release workflow configuration for accounts is configured and used. The report contains the details of resources for which Account-level access control is configured. In addition, the report provides a list of password access requests raised, approved and denied in the specified number of days (a minimum of 5 and a maximum of 30 days).
You can also view the list of passwords checked out and checked in during a specified number of days.

The report contains the following sections:

Access Control Activated

This section lists all the accounts for which Account-level Access Control is activated.
Automatic Approvals

This section lists all the accounts for which an auto-approval time frame is configured.

Access Control Deactivated

This section lists all the accounts for which Access Control is currently deactivated.

List of password access requests raised in the last X no. of days

This section lists all the password access requests raised in the specified number of days.
List of password access requests approved in the last X no. of days

This section lists all the password access requests approved in the specified number of days.
List of password access requests denied in the last X no. of days

This section lists all the password access requests denied in the specified number of days.
List of passwords checked out in the last X no. of days

This section lists all the passwords checked out in the specified number of days.
List of passwords checked in during the last X no. of days

This section lists all the passwords checked in during the specified number of days.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links Export to PDF, Export to XLS or Email this Report to do the required operation.

Passwords Out of Sync Report

Passwords of resources such as servers, databases, network devices and other applications are stored in PAM360. It is quite possible that someone who have administrative access to these resources could access the resource directly and change the password of the administrative account.

In such cases, the password stored in PAM360 would be outdated and will not be of use to the users who access PAM360 for the password. PAM360 provides option for checking the integrity of passwords at any point of time on demand and also at periodic intervals.

You can create a scheduled task for carrying out the integrity check at periodic intervals. Click "Schedule Report" and fill in the details.

You can also generate this report at any point of time by clicking the link "Generate Report". When you do so, you will get the results of the automatic integrity check done by PAM360 at 1 AM every day for all the accounts for which remote synchronization has been enabled. The results of the current day's check done at 1 AM will be depicted in the report.

In case, you want to carry out integrity check at any moment on demand to get latest details, you need to click the option "ScheduleIntegrity Check". PAM360 will try to establish connection with the target systems for all the accounts for which remote password reset has been enabled. Once the connection is established, it tries to login with the credentials stores in PAM360. If login does not succeed, PAM360 concludes that the password is out of sync. In case, PAM360 is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync. A consolidated notification would be emailed to all the administrators and auditors.

The Passwords Out of Sync report provides information if the passwords in the system are in sync with the corresponding passwords in the target systems.

There are two sections in this report:

Password Integrity Statistics

This section lists down the statistical details in summary about the total number of passwords for which reset is supported, passwords for which reset is done using agents, number of passwords that were reset using agents, number of passwords in the system are in sync with the corresponding passwords in the target systems, number of passwords that are out of sync etc.

Passwords Out of Sync Distribution

This section displays a pie-chart that portrays the distribution of passwords (that are out of sync) across resource types.

Passwords Out of Sync Details

This section provides an expanded list of passwords, mentioning which of them are not in sync, who owns them, and their resource type.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Ungrouped Passwords Report

Provides complete details about the password access control workflow scenario of your organizations. List of resources for which access control has been enabled, resources for which access control is activated/deactivated, resources for which the requests are automatically approved, list of password release requests approved/denied etc are depicted through this report.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation.

Unshared Passwords

Passwords stored in PAM360. Certain passwords may not be shared with anyone. Such unshared passwords are listed in this report.

User Access Report

This report provides details about all users in the system with reference to password and resource access.

This report has three sections:

User Statistics - Summary Report

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

Details such as the number of new users added during the last five days, users deleted, role change, number of invalid login attempts, users who carried out password reset during the past five days, users who did not login during the last five days, total number of users/user groups in the system, user roles etc are presented as part of this report.

User Activity Summary Report

The actions performed by users on passwords such as password retrieval, password reset etc captured as part of this summary report. This report provides the number of such actions done by each user. Similarly, the number of password actions performed by members of each user group are also depicted.

User Access Details

The resources and resource groups that are owned by/shared to each user are depicted as part of this report. The privileges allowed for the user are also listed.

User Group Access Details

The list of users who are members of the group, resource groups that are owned by/shared to the user group are depicted as part of this report.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

User Activity Report

This report provides details about the password usage of all the users in the system.

This report has the following sections:

Activity Statistics - Summary Report

The total number of passwords accessed by users and user groups during a specified time period are depicted in the form of graphs.

Most Active Users - Login/Access/Reset

The list of the top 10 users who performed most login attempts, most password access and most password resets.

Least Active Users - Login/Access/Reset

The list of 10 users who performed least login attempts, least password access and least password resets.

User Activity Details

All details about users, including the total number of login attempts made, number of invalid attempts, number of passwords accessed, number of passwords reset are depicted.

This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation.

Ungrouped Users

Users in PAM360 can be grouped into user groups. Certain users may not be a part of any user group. Such users and the passwords owned by them are listed in this report.

Executive Report

This report provides a snapshot of all password access and user activities in the system.

It is a combined report of Password and User reports. It provides details, in summary, about the following:

Password Statistics, Password Activity, Password Policy, Password Expiry, Password Out of Sync, User Statistics and User Activity.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

PCI DSS Compliance Report

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard is comprised of 12 general requirements designed to:

• Build and maintain a secure network
• Protect cardholder data
• Ensure the maintenance of vulnerability management programs
• Implement strong access control measures
• Regularly monitor and test networks
• Ensure the maintenance of information security policies

This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/

This reports the violations in your network from the requirements of Payment Card Industry (PCI) Data Security Standard (DSS), relevant to the use and management practices of shared administrative, software and service account passwords of various systems.

PCI DSS requirements 2,3,7,8,10 & 12 are covered in this report.

Note: Requirements 1, 2, 3, 4, 5, 7, 8, 10 & 12 are covered in the PCI DSS report of version 4.0. This is only applicable from build 7200 onwards.

Note: In order to adhere to "all" the requirements of the PCI DSS standard completely, you will need other tools and security procedures to be implemented.

You have the option to generate separate compliance reports for each PCI DSS requirement 2,3,7,8,10 & 12. You can also generate a consolidated PCI DSS report too.

This report can be generated in the form of PDF and can be emailed to required recipients. Click the links "Export to PDF" and "Email this Report" to do the required operation.

ISO/IEC 27001 Compliance Report ISO/IEC 27001 is a specification developed to "provide a model for establishing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS). Simply put, ISO 27001 is a robust framework that helps you protect information such as financial data, intellectual property or sensitive customer information. The standard also stresses on the selection of adequate security controls that help protect information assets. In all, ISO 27001 has ten short clauses and also an Annex A. The Annex A alone specifies numerous control frameworks. Among them, A.9 deals with "Access Control." The clause basically requires the use of

• A robust information security policy is in effect to ensure only authorized users have access to critical systems.
• All users are uniquely identified and have established accountability for all privileged activities.
• Access is only allowed to systems through secure mechanisms.
• Sensitive information is protected with cryptographic controls.

This report communicates an organization's compliance level in relation to the control requirements as outlined in the clause A.9. The compliance will be based on various factors such as stringent password policies for privileged accounts in the enterprise, authentic audit records, strong authentication mechanisms, secure privileged access, and data security levels. A consolidated ISO/IEC 27001 compliance report will include information about the controls listed under A.9.1, A.9.1.1, A.9.1.2, A.9.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.5, A.9.2.6, A.9.3, A.9.3.1, A.9.4, A.9.4.1, A.9.4.2 and A.9.4.3. There are also option to generate separate compliance reports for requirements listed under each sections given above.

1. This report can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation.
2. These compliance reports help address requirements only in select clauses of each security standards. In order to adhere to "all" the requirements of ISO 27001 other tools and security procedures should be implemented.

NERC CIP Compliance Report The NERC CIP standards is a set of requirements designed to ensure the security and reliability of the power systems. The North American Electric Reliability Corporation (NERC) introduced the Critical Infrastructure Protection (CIP) standards mainly to protect the critical assets such as electric utilities generation and transmission systems in the power grid. Broadly, NERC CIP has nine sections that cover various physical, virtual, and organizational measures that must be enforced to secure the bulk power system. In particular, the clauses CIP-004-3a, CIP-005-3a, and CIP-007-3a mandate.

• A regular review of authorized personnel with access to critical systems.
• Granular access controls based on functional roles.
• Robust authentication methods.
• Comprehensive auditing of security events.
• Monitoring of user activity during privileged sessions.
• Use of strong passwords with reliable complexities.

This reports shows an organization's level of compliance with select requirements of clauses CIP-004-3a, CIP-005-3a, and CIP-007-3a. The report will help auditors understand the various security measures implemented in the concerned organization, such as privileged access control policies, authentication checks for privileged users, user activity auditing, privileged session recording & monitoring, and password policy enforcement. Apart from a consolidated NERC CIP report, there are also options to generate separate compliance reports for requirements specific to each clauses, i.e. CIP-004-3a, CIP-005-3a, and CIP-007-3a.

This reports can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links "Export to PDF"/Export to XLS and "Email this Report" to do the required operation. These compliance reports help address requirements only in select clauses of each security standards. In order to adhere to "all" the requirements of NERC CIP, other tools and security procedures should be implemented.

NIS2 Compliance Report

The NIS2 directive outlines over 140+ requirements that aim to strengthen cybersecurity and ensure the resilience of essential services in diverse sectors. These requirements can be broadly categorized as follows:

• Perform regular risk assessments and establish comprehensive information security policies for critical systems.
• Implement processes to assess continuously and monitor the effectiveness of security controls.
• Develop and enforce guidelines for cryptographic methods, including encryption where applicable.
• Establish a robust incident response plan to efficiently manage and mitigate security incidents.
• Ensure secure procurement, development, and operation of systems, including defined processes for vulnerability management and reporting.
• Deliver ongoing cybersecurity awareness training and promote strong cyber hygiene practices across the organization.
• Implement stringent access controls for employees handling sensitive data, ensuring effective data access policies and comprehensive asset management.
• Maintain a business continuity plan with regular, verified backups to ensure system availability during and after incidents.
• Enforce multi-factor authentication (MFA), continuous authentication, and encryption for all communication channels, including voice, video, messaging, and emergency communications, where appropriate.
• Enhance supply chain security by implementing tailored security measures for each supplier and conducting regular assessments of overall supply chain security.

The NIS2 compliance report highlights key areas like enforcing strict privileged access controls, ensuring secure credential management, and continuous monitoring of privileged activities. It emphasizes the importance of implementing least-privilege policies, securing supply chain access, and maintaining detailed audit trails to meet the directive’s cybersecurity requirements. Compliance ensures that privileged accounts in critical systems are properly managed and protected, reducing the risk of breaches and improving overall security posture.

These requirements emphasize a holistic approach to cybersecurity, ensuring that organizations maintain a proactive, resilient stance against both internal and external threats while promoting collaboration and compliance across their supply chains and workforce.

These reports can be generated in the form of PDF or spreadsheet and can also be emailed to required recipients. Click the links Export to PDF/Export to XLS/Email this Report to do the required operation.

These compliance reports help to address requirements only in a few NIS2 directives. To adhere to all the directive requirements of NIS2, other tools and security procedures should be implemented.