September 3rd, 2004 03:13 PM
Anyone here familiar enough with SARBANES-OXLEY to tell me if 128 bit SSL based encryption for file transfers (FTP) will satifsy or do you start with the IPSEC route and avoid SSL altogether?
I searched the rules (not line for line, used an index) and find vague guidelines but nothing
I just really want how SOX defines, not general opinion on encrypted file transfers.
September 3rd, 2004 03:40 PM
I don't have much experience with SOX, but you might want to post your question here:
Welcome to the Sarbanes-Oxley Forum. This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of this important legislation. It is also intended to act as a guide, offering useful resources and tips.
The forum comprises a number of useful areas, including an FAQ, a fully functional online forum, and a news section to which interested parties can submit their own experiences. These can be selected from the panel on the left. Registration to the portal is easy and free, and visitors are strongly encouraged to participate in this project.
Finally, please feel free to submit your feedback, recommendations, articles or any other useful information.... and of course... don't forget to vote in our current survey!
Or, if you want to spend some company ca$h...
YCASOX.com is a sarbox resource-highlighting YCA's capabilities for Sarbanes Oxley compliance, Sarbanes Oxley consultants, Sarbanes Oxley consulting, Sarbanes Oxley solutions, Sarbanes Oxley internal controls, Sarbanes Oxley training, and all the challenges facing Sarbanes Oxley.
That's Officer 11001001 to you...
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
September 3rd, 2004 03:53 PM
I don't believe it is enough..........if I remember correclty, 256 AES is the lowest encrypt you may go to satisfy.........but I'm not entirely sure........
September 3rd, 2004 03:59 PM
Will be going to similar routes for sure....
Thought it might be a fun thread in contrast to the many recent "xp sp2 sucks" threads...
September 3rd, 2004 07:14 PM
128 bit will be just fine as long as tests proove that you are using it and that your company's board will sign of that they understand that you use it and as far as they are aware (and your auditors) it is working as you describe. Your auditors will undoubtedly want to pass comment, but 128 bit should be fine.
SOX (to the best of my knowledge) does not set out specifc technical standards, its basically designed to ensure that Directors sign of (and therefore accept accountability) that controls are in place.
For specific criteria you would be better of looking at FDIC, BS7799 etc requirments.
Quis custodiet ipsos custodes