Solutions

Federal Regulations

MISSION POSSIBLE: SECURE AND PRODUCTIVE COMPLIANCE WITH FEDERAL REGULATIONS.

Centrify Zero Trust Privilege helps federal agencies ― including both civilian and defense organizations ― address the specific requirements of key federal regulations, allowing them to control, audit and report on privileged access to sensitive data while reducing complexity and keeping privileged users productive.

Today's Threat and Compliance Challenges

TACKLE YOUR FEDERAL REGULATIONS WITH CENTRIFY

Regulation/Standard Purpose Centrify's Demonstrable Value-Add
DHS CDM Phase 2: Department of Homeland Security Continuous Diagnostic and Mitigation ProgramPhase 2

The Continuous Diagnostics and Mitigation Program by the U.S. Department of Homeland Security is a dynamic approach to fortifying the cyber security of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that:

  • Identify cyber security risks on an ongoing basis;
  • Prioritize these risks based upon potential impacts; and
  • Enable cyber security personnel to mitigate the most significant problems first.

Centrify Zero Trust Privilege solutions are the selected choice of federal agencies for CDM Phase 2 CRED, ensuring that all federal agency associates only have access to servers or network resources based on their unique role and responsibility within their organization. Centrify covers the following CDM Phase 2 CRED requirements:

  • Active Directory: The primary identity store for all agencies is Microsoft Active Directory with a full span of control encompassing accounts, networks, devices, and applications.
  • PIV Authentication Everywhere: Agency users’ primary credentials are PIV-based for both system authentication (login) and authorization (privilege elevation) while preventing password-based authentication.
  • Separation of Duties: Consolidate user accounts and groups into Active Directory and enforce separation of administrative duties.
  • Least Privileged Access: Account and credentials to be securely used and managed in dependent systems such that all authorized users only have the proper level of access necessary to perform their specific job duties.
  • Privilege Elevation Management: Eliminate the problem of too many users having too broad and unmanaged administrative power.
  • Session Auditing and Recording: Mitigate insider threats and meet compliance requirements with full audit trails and session capture of privileged user activity on Windows, Linux and UNIX servers.
  • Solution Brief: Addressing DHS CDM Phase 2 for Credentials and Authentication

FICAM: Federal Identity Credential Access Management Initiative

The Federal ICAM (FICAM) program, managed by GSA’s Office of Information Integrity and Access, provides collaboration opportunities and guidance on IT policy, standards, implementation and architecture, to help federal agencies implement ICAM.

Centrify Zero Trust Privilege solutions help federal agencies address FICAM IT policies and standards like NIST SP 800-53, including sections:

  • AC - Access Control
  • AU - Audit and Accountability
  • CM - Configuration Management
  • IA - Identification and Authentication

FISMA: Federal Information Security Management Act

US legislation that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats.

Centrify Zero Trust Privilege solutions help federal agencies address key FISMA provisions recommended in NIST SP 800-53, including sections:

  • AC – Access Control
  • AU – Audit and Accountability
  • CM – Configuration Management
  • IA – Identification and Authentication
HIPAA: Health Insurance Portability and Accountability Act US legislation that provides data privacy and security provisions for safeguarding medical information.

Centrify Zero Trust Privilege solutions help federal agencies address:

  • HIPAA Technical Safeguards (§ 164.312): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
HSPD-12: Homeland Security Presidential Directive 12 A strategic initiative intended to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy. It requires the development and implementation of a government-wide standard for secure and reliable forms of identification for federal employees and contractors.

Centrify Zero Trust Privilege solutions help federal agencies to deploy HSPD-12 compliant credential. Centrify brings Mac OS X and Red Hat Linux systems into compliance with HSPD-12 by supporting the Common Access Card (CAC) standard certified by the JITC.

NIST Special Publication 800-Series Set of documents (NIST SP 800-53, SP 800-171, SP 800-63) that describe US federal government computer security policies, procedures, and guidelines. In many cases, complying with NIST guidelines and recommendations will help state and local government agencies ensure compliance with other regulations, such as HIPAA and FISMA.

Centrify Zero Trust Privilege solutions help federal agencies address the NIST SP 800-Series in three key areas:

  • AC-3: Authorized Access Enforcement in Accordance with Applicable Policy
  • AC-5: Separation of Duties through Assigned Information System Access Authorization
  • AC-6: Least Privilege Enforcement: Allow only necessary access for users based on mission functions
  • Audit and Accountability
  • Security Assessment and Authorization
  • Identification and Authentication
  • Incident Response
OMB: Office of Management and Budget Identity Management Guidance by the Office of Management and Budget, including policies on encryption, multi-factor authentication, and digital signatures.

Centrify Zero Trust Privilege solutions help federal agencies to address the OMB policies by enabling server isolation and encryption of data-in-motion for UNIX and Linux systems. This addresses the OMB mandate for authenticated connections among systems and the encryption of data moving across IP networks (IPv6 Adoption).

PCI DSS: Payment Card Industry Data Security Standard Set of security standards designed to ensure that all government agencies that accept, process, store, or transmit credit card information maintain a secure environment.

Centrify Zero Trust Privilege solutions help federal agencies address six of the major PCI DSS requirements:

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Identify and authenticate access to system components
  • Requirement 10: Track and monitor all access to network resources and cardholder data

 

Proven Solutions and Expertise

Grappling to increase your compliance posture while minimizing your attack surface? Centrify can help. We deliver Zero Trust Privilege solutions, allowing you to reduce the possibility of access by bad actors while checking off your federal regulatory mandates.

Trusted by Top Government Agencies

Centrify allows us to adhere to HSPD-12 regulations with a government-certified solution. We don’t have to jump through hoops to configure something that will work with smart cards. 

Jeff Williams, Systems Integration Branch Chief, National Weather Service, Southern Branch

Centrify gives us the ability to resolve a finding from a DOI-OIG audit, and to conform to the requirement for PIV authentication.

IT Systems Analyst, U.S. Department of Interior, Enterprise Services

Ready to protect against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial