MySQL Forums
Forum List  »  Security

MySQL and HIPAA and Sarbanes Oxley
Posted by: Phil Williams
Date: November 10, 2005 04:07PM

Has anyone secured MySQL in regards to HIPAA and Sarbanes Oxley?

If so, can you detail the work you did.

How to create audit logs is of particular interest to me?

As well as:

The database must maintain an audit log of the following user access events:
(1) Successfully authenticated sessions including the user id along with login and logout times
(2) Failed authentications attempts, including account being accessed
(3) Accounts that are locked out due to too many failed logins
(4) Successful logins by privileged users including security administrators
The database must maintain an audit log of the following account administration events:
(1) The addition or removal of a user account
(2) The addition or removal of a group
(3) The change of privileges assigned to a user or group
(4) The disabling of an account
(5) Password resets
The database must maintain an audit log of the following application events:
(1) The creation, deletion or modification of a record including the responsible user id
(2) Attempts by a user id to access records for which they are not privileged
(3) use of system privileges
(4) changes to the database schema structure
Security events must trigger alerts that can be responded to immediately.
Security audit logs must be protected from unauthorized disclosure or modification.
Logging must be enabled.
Audit trails should be written to the database.
Time stamps must be enabled in logging

Options: ReplyQuote


Subject
Views
Written By
Posted
MySQL and HIPAA and Sarbanes Oxley
4118
November 10, 2005 04:07PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.