Certifications

At Centrify we understand that many of our customers are bound by government regulations and industry mandates, which often requires them to prove that the products they deploy are built leveraging secure coding practices and that the vendors they interact with apply proper processes to match high standards in information security. In turn, Centrify invests heavily in maintaining relevant product and company authorizations, accreditations and certifications.

Centrify — Modern Privileged Access Management Solutions You Can Trust

The following list summarizes all authorizations, accreditations, and certifications Centrify and its Privileged Access Management solutions have received from government or industry governing bodies.

AUTHORIZATIONS
FedRAMP — Federal Risk and Authorization Program
Centrify has received Agency Authorization for the U.S. Government's Federal Risk and Authorization Management Program (FedRAMP). Sponsored by the U.S. International Development Finance Corporation (DFC), this authorization allows government agencies to adopt Centrify’s cloud-ready solutions for Privileged Access Management (PAM) and bolster mission security as they migrate an increasing number of workloads to the cloud. Check out the FedRAMP Marketplace listing for more details.
COMPLIANCE
508 Compliance
Section 508, an amendment to the United States Workforce Rehabilitation Act of 1973, is a federal law mandating that all electronic and information technology developed, procured, maintained, or used by the federal government be accessible to people with disabilities. Centrify Privileged Access Management solutions are 508 compliant.
ACCREDITATIONS AND CERTIFICATIONS
CoN — Certificate of Networthiness
Certificate of Networthiness (CoN) from the U.S. Army Network Enterprise Technology (NETCOM) Command 9th Signal Command shows that products meet the U.S. Army's requirements such as network security, network impact, compatibility with the infrastructure, communications and information support. Centrify Privileged Access Management solutions are compliant with CoN.
Common Criteria EAL2+
The Common Criteria (ISO 15408) process establishes confidence that the security functionality of IT products earning certification and the assurance measures applied to these IT products meet the established Common Criteria evaluation requirements. Centrify Privileged Access Management solutions have achieved Common Criteria certification listed at Evaluation Assurance Level (EAL) 2+.
DIACAP — U.S. Department of Defense Information Assurance Certification and Accreditation Process
DIACAP is a United States Department of Defense process that means to ensure that companies and organizations apply risk management to information systems. Centrify Privileged Access Management solutions for role-based privilege management are useful in the accreditation process, particularly requirements for authorizing the operation of DoD information systems.
DITSCAP — U.S. Department of Defense Information Technology Security Certification and Accreditation Process
DITSCAP is a certification issued by the United States Department of Defense (DOD). Customers can obtain this certification from a security committee of the DOD that their systems are safe to operate in the intended operating environment, and that the system maintained accredited security posture throughout the life cycle. Systems using Centrify Privileged Access Management solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
FIPS 140-2 Validated
The Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Centrify is validated FIPS 140-2 Level 1. FIPS 140-2 requires cryptographic modules in third-party software and hardware that federal agencies and regulated industries use for handling sensitive, non-classified information.
MARS-E logo
MARS-E — Minimum Acceptable Risk Standards for Exchanges The purpose of MARS-E is to provide a starting point for security guidance that Exchanges (State Health Insurance Exchanges) can use in implementing and operating their IT systems in support of the “Patient Protection and Affordable Care Act of 2010”, also known as ACA. The Exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI), or Federal Tax Information (FTI) of US Citizens. The secure handling of this information becomes very important. Systems using Centrify Privileged Access Management solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
NIACAP — U.S. Department of Defense Information Assurance Certification and Accreditation Process
The National Information Assurance Certification and Accreditation Process formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership. Systems using Centrify Privileged Access Management solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
RMF — The Risk Management Framework (replaces DIACAP)
The Risk Management Framework is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology. The Centrify Privileged Access Management solutions assist in establishing step five of the RMF. Information system operations are authorized based upon an assessment of risk to organizational operations and assets, individuals, other organizations, and the nation.
SOC 2 — Service Organization Control
The SOC 2 Type II report covers organizational and cloud security controls for the Security, Availability, and Confidentiality Trust Services Principles. The report provides a description of Centrify's controls and external audit testing procedures in order to provide customers with an independent assessment of Centrify's control environment. Customers can request access to the SOC 2 report under MNDA
TRUSTe
Centrify has been awarded the TRUSTe privacy Trustmark and is Privacy Shield compliant. Centrify is committed to privacy and transparency. The Centrify Privacy Policy can be viewed here. The TRUSTe mission, as an independent third-party, is to accelerate online trust among consumers and organizations globally. Through the process of achieving TRUSTe compliance, our Privacy Policy is scrutinized to ensure it is accurate with respect to our offered services. For more information please visit the TRUSTe website.

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us