At Centrify we understand that many of our customers are bound by government regulations and industry mandates, which often requires them to prove that the products they deploy are built leveraging secure coding practices and that the vendors they interact with apply proper processes to match high standards in information security. In turn, Centrify invests heavily in maintaining relevant product and company authorizations, accreditations and certifications.
Centrify — Modern Privileged Access Management Solutions You Can Trust
The following list summarizes all authorizations, accreditations, and certifications Centrify and its Privileged Access Management solutions have received from government or industry governing bodies.
Centrify has received Agency Authorization for the U.S. Government's Federal Risk and Authorization Management Program (FedRAMP). Sponsored by the U.S. International Development Finance Corporation (DFC), this authorization allows government agencies to adopt Centrify’s cloud-ready solutions for Privileged Access Management (PAM) and bolster mission security as they migrate an increasing number of workloads to the cloud. Check out the FedRAMP Marketplace listing for more details.
Section 508, an amendment to the United States Workforce Rehabilitation Act of 1973, is a federal law mandating that all electronic and information technology developed, procured, maintained, or used by the federal government be accessible to people with disabilities. Centrify Privileged Access Management solutions are 508 compliant.
Certificate of Networthiness (CoN) from the U.S. Army Network Enterprise Technology (NETCOM) Command 9th Signal Command shows that products meet the U.S. Army's requirements such as network security, network impact, compatibility with the infrastructure, communications and information support. Centrify Privileged Access Management solutions are compliant with CoN.
The Common Criteria (ISO 15408) process establishes confidence that the security functionality of IT products earning certification and the assurance measures applied to these IT products meet the established Common Criteria evaluation requirements. Centrify Privileged Access Management solutions have achieved Common Criteria certification listed at Evaluation Assurance Level (EAL) 2+.
DIACAP is a United States Department of Defense process that means to ensure that companies and organizations apply risk management to information systems. Centrify Privileged Access Management solutions for role-based privilege management are useful in the accreditation process, particularly requirements for authorizing the operation of DoD information systems.
DITSCAP is a certification issued by the United States Department of Defense (DOD). Customers can obtain this certification from a security committee of the DOD that their systems are safe to operate in the intended operating environment, and that the system maintained accredited security posture throughout the life cycle. Systems using Centrify Privileged Access Management solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
The Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Centrify is validated FIPS 140-2 Level 1. FIPS 140-2 requires cryptographic modules in third-party software and hardware that federal agencies and regulated industries use for handling sensitive, non-classified information.
The National Information Assurance Certification and Accreditation Process formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership. Systems using Centrify Privileged Access Management solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
The Risk Management Framework is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology. The Centrify Privileged Access Management solutions assist in establishing step five of the RMF. Information system operations are authorized based upon an assessment of risk to organizational operations and assets, individuals, other organizations, and the nation.
The SOC 2 Type II report covers organizational and cloud security controls for the Security, Availability, and Confidentiality Trust Services Principles. The report provides a description of Centrify's controls and external audit testing procedures in order to provide customers with an independent assessment of Centrify's control environment. Customers can request access to the SOC 2 report under MNDA