The Gramm–Leach–Bliley Act (GLBA) is a modernization of certain aspects of the US financial system. It removed barriers that prevented a financial services organization from acting as a combination of an investment bank, a commercial bank, and as an insurance company.
As a result of the increased risk to personal data that would be caused by resulting corporate mergers, GLBA includes three requirements for personal data protection. These three requirements – the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Protection - are mandatory for all US financial institutions.
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Keep access to systems containing personal financial data to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Keeping group membership current is only a partial solution; you must ensure that permissions on systems holding personal financial data stay correct. Cygna Auditor's permissions reports enable you to be sure access is only what it needs to be.
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Cygna Auditor addresses topics in the FFIEC IT Examination Handbook, which includes both Tier I and Tier II Objectives and Procedures. Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.