Meet GLBA Compliance Requirements

Protecting Personal Financial Data of US Citizens

GLBA Enables Large Financial Services Organization Mergers

The Gramm–Leach–Bliley Act (GLBA) is a modernization of certain aspects of the US financial system. It removed barriers that prevented a financial services organization from acting as a combination of an investment bank, a commercial bank, and as an insurance company.

Mandatory Personal Data Requirements

As a result of the increased risk to personal data that would be caused by resulting corporate mergers, GLBA includes three requirements for personal data protection. These three requirements – the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Protection - are mandatory for all US financial institutions.

Monitor Activity on Systems Containing Personal Financial Data

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Activity on Systems Containing Personal Data
Monitor Relevant Group Membership

Monitor Relevant Group Membership

Keep access to systems containing personal financial data to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.

Monitor Secured System Permissions

Keeping group membership current is only a partial solution; you must ensure that permissions on systems holding personal financial data stay correct. Cygna Auditor's permissions reports enable you to be sure access is only what it needs to be.

Monitor Secured System Permissions
Real-Time Notification of Unusual Activity

Real-Time Notification of Unusual Activity

Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.

Examples of Addressed GLBA Compliance Requirements

Cygna Auditor addresses topics in the FFIEC IT Examination Handbook, which includes both Tier I and Tier II Objectives and Procedures. Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.

Tier I Objectives 2(4), 2 (6), 6 (3)
Tier II Procedures / A (Authentication and Access Controls): Access Rights Administration (1), (2), (4), (5), (6), (7)
Tier II Procedures / A (Authentication and Access Controls): Authentication (2), (4), (7)
Tier II Procedures / B (Network Security): (8), (12), (19)
Tier II Procedures / C (Host Security): (7), (9)
Tier II Procedures / D (User Equipment Security): (3), (6)
Tier II Procedures / G (Application Security): (1), (3), (7)
Tier II Procedures / L (Data Security): (2), (3)
Tier II Procedures / M (Security Monitoring): (1), (2), (5), (6), (7), (8), (9), (14), (18), (22)