Sarbanes-Oxley Section 404 Compliance - Sarbanes-Oxley from VeriSign, Inc.

You Are Here: US Home > Solutions > Compliance Solutions > Regulatory Compliance Solutions > Sarbanes-Oxley Section 404 Compliance

Sarbanes-Oxley Section 404 Compliance

Business Solutions

Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) requires publicly-traded companies to establish and maintain internal controls of financial reporting processes. Security controls are one part of the General Computing Controls (GCC) assessed by auditors during annual 404 audits.

Contact Us

Select any of the services below for more information. To design a more comprehensive compliance solution for your business, contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.

Mapping to Standards

Most organizations map SOX standards and requirements to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework for internal controls. However, COSO does not address information technology controls. VeriSign applies standards based on the IT Governance Institute’s (ITGI) document, “IT Controls for Sarbanes-Oxley,” because it is used by many auditors to conduct their reviews.

SOX Requirements

VeriSign products and services help you address IT controls based on ITGI standards.

Required Controls

Applies To

How VeriSign Helps

Requires a variety of assessments to be performed on a regular basis

Systems, applications, and infrastructure that process financial information

Enterprise Compliance Assessments

Requires the capture, monitoring, response, and retention of file logs for at least one year.
  • Financial systems
  • Supporting controls

Log Management Service

Requires regular assessment of network and application level vulnerabilities.
  • Financial systems
  • Supporting controls

Vulnerability Management Service

Requires intrusion detection for network security with events stored for at least one year.

Intrusion prevention of financial reporting systems, both host and network-based

Intrusion Detection Management Service (IDS)

Requires firewalls with logs that are captured, monitored, and responded to, retained for at least one year.

Firewalls, proxies, gateways and network access control devices that protect financial reporting systems

Firewall Management Service

Best Practices

These solutions address industry best practices that can augment the above required controls.

Best Practice

Applies To

How VeriSign Helps

Two-factor authentication.

Access to any sensitive or regulated financial data

Unified Authentication

Encryption and non-repudiation

Sensitive or regulated financial data and the systems used for storage, processing or transmitting.

Learn More

Optimizing Enterprise Information Security Compliance

Learn more about how compliance can improve your business operations.

Security Certification Program Demo

See how our security certification program helps you manage audits and compliance

Compliance Solutions Overview Guide

An overall strategy for compliance with multiple regulations and requirements

IT Governance Institute

Learn more about the ITGI IT controls

COBIT

Learn more about Control Objectives for IT from ITGI and ISACA
Contact Us
Please contact sales at
650-426-5310 or
submit your inquiry online.
White Papers
Optimizing Enterprise Information Security Compliance White Paper
VeriSign(R) Compliance Solutions
Data Sheets
VeriSign(R) Security Certification Program Data Sheet
Security Solutions to Support HIPAA
Security Solutions to Support FDA 21 CFR Part 11
Security Solutions to Support Gramm-Leach-Bliley Act
Security Solutions to Minimize Risk of Breaches of Personal Information under CA SB 1386
Tours & Demos
VeriSign(R) Security Certification Program Flash Demo