Linux.com

Fox in SOX

The Sarbanes-Oxley Act of 2002 has got to be a low point in our countries regulation history.  This miserable piece of legislation costs anyone who has to comply with it millions of dollars and provides nothing in return.  IT departments get hammered with insane requirements, and moronic auditors that eat up hours like it's cotton candy. " Screen shot this, prove that", and one ridiculous question after another until you want to stick a shank into all of them.  If your organization can avoid this hell, then it is worth it to do so.  How?  Stay private.  The instant you go public...you can join me and the auditors in our little version of purgatory.  Rant finished.

 Linux related question: 

How to prove that password policies are enforced on Linux systems?  

I have used ticketing systems to documentation steps, and severely limited access to my Linux systems in order to comply with this requirement, but auditors always want more.   They want an automated foolproof system that enforces policy and will take nobody's word for it.  I am looking into how to enforce such policies on my linux boxes now.  I have some reading to do and will publish my findings.

 

Comments

Subscribe to Comments Feed

Upcoming Linux Foundation Courses

  1. LFD331 Developing Linux Device Drivers
    25 Aug » 29 Aug - Virtual
    Details
  2. LFD411 Embedded Linux Development
    25 Aug » 29 Aug - Santa Clara, CA
    Details
  3. LFS422 High Availability Linux Architecture
    08 Sep » 11 Sep - Raleigh, NC
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board