Sun Launches Identity Audit Solution

Sun Microsystems, Inc. (www.sun.com), today announced Sun Java System Identity Auditor, a comprehensive identity audit solution for helping to improve audit and compliance performance.

Identity Auditor provides the most extensive feature set available today, can enable customers to create a secure identity audit trail and present a unified view of an individual's identity and system access activities.

In order to comply with legislative regulations, such as Sarbanes-Oxley and HIPAA, companies must be able to report on and manage who has access to critical information systems, such as financial applications or medical records.

In addition, companies must provide data on historical access privileges, as well as secure, auditable evidence that internal controls are in place. Identity Auditor helps automate the evaluation and enforcement of a company's internal identity and access controls so they can react quickly to any violations to minimize risk.

"Organizations today are struggling to implement effective security controls and the verification and auditing of these controls is often a fragmented and highly manual process," said Sara Gates, vice president identity management at Sun Microsystems, Inc.

Scheduled and Automated Notification of Control Violations The audit policy engine within Identity Auditor scans critical applications, flags audit policy violations and evaluates violation criteria, such as: segregation of duties, unauthorized access changes, and erroneous access privileges.

Identity Auditor includes a number of packaged compliance reports to provide extensive identity information on users' historical access activities and access privileges, as well as policy violations and resulting actions. Additionally, companies can use the Identity Auditor report wizard to build custom reports that meet their unique requirements.

Because Identity Auditor helps automate compliance activities, it can confirm a control is being met and facilitate the testing of those controls across the identity management infrastructure.