Every major compliance regulation requires organizations to link access controls, role-based privileges, and user activity to named users. In cross-platform environments, establishing this accountability is a complex task given the existence of multiple identity silos such as NIS and LDAP databases, platform-specific proprietary directories, and local config files managed system by system.
Centrify addresses these IT security and compliance requirements with a Unified Identity Services solution: a single, integrated architecture for authentication, access control, privilege management, policy enforcement and compliance. See the topics below for details on how Centrify's unified approaches addresses specific compliance regulations.
Energy producers and distributors that make up the bulk electric system for North America have multiple IT security and compliance challenges, which range from protecting consumers' payment card data and complying with the Payment Card Industry Data Security Standard, to adhering to the general internal audit control and disclosure requirements under Sarbanes-Oxley. In addition, utilities and firms that fall under the authority of the Federal Energy Regulatory Commission (FERC) must meet the cybersecurity standards of the FERC's certified Electric Reliability Operator (ERO), the North American Electric Reliability Corporation (NERC). The NERC Critical Infrastructure Protection (CIP) standards for cybersecurity add specific mandates that overlap with other compliance regulations and also add unique controls, monitoring and audit requirements. In order to certify compliance, organizations must establish security controls and maintain auditing and continuous monitoring capabilities across heterogeneous systems in an organization's IT environment, including across Windows, UNIX and Linux systems.
Centrify solutions address many of the core technical requirements for Cybersecurity as outlined in NERC CIP Standards 002-009 by providing the critical authentication, access control, delegation, separation of duties, continuous monitoring and reporting required by the NERC standards and other associated guidance from NERC. Centrify solutions are essential to the security automation that is required to mitigate risk of malicious intrusion and insider threats, and to provide a centralized and robust infrastructure for proof-of-compliance reporting and monitoring. Just as surveillance tools such as video cameras are a critical part of physical security controls under NERC, Centrify provides the critical infrastructure to secure authentication, access control, granular privilege management and continuous monitoring of user activity across UNIX, Linux and Windows systems.
Specific requirements from NERC CIP 005, 004, 007 and 008 taken together establish a clear obligation that all electronic access be audited, monitored and archived in such a way that an organization can reproduce detailed privileged user sessions 24 hours per day, 7 days per week. This continuous monitoring requirement would be difficult to achieve with a combination of manual processes and system-level logs, which often do not tie actions to a unique identity. Centrify Suite — consisting of DirectControl, DirectAuthorize, DirectAudit, DirectSecure and DirectManage — is an integrated suite of solutions that ensures every user has a unique credential and enforces authentication for access so that all their actions can be tracked, monitored and reported on.
Centrify solutions provide tangible benefits for organizations requiring security and compliance to NERC CIP standards, including: