Certifications

At Centrify we understand that many of our customers are bound by regulatory mandates, which often requires them to prove that the products they deploy are built leveraging secure coding practices and that the vendors they interact with apply proper processes to match high standards in information security. In turn, Centrify invest heavily in maintaining relevant product and company authorizations, accreditations and certifications.

Centrify — Cloud-Ready Zero Trust Privilege Solutions You Can Trust

The following list summarizes all authorizations, accreditations, and certifications Centrify and its Zero Trust Privilege solutions have received from government or industry governing bodies.

AUTHORIZATIONS
 
FedRAMP — Federal Risk and Authorization Program
Centrify Privileged Access Service has received authorization by the U.S. Government's Federal Risk and Authorization Management Program (FedRAMP). Sponsored by the Overseas Private Investment Corporation (OPIC), this authorization allows government agencies to adopt Centrify’s cloud-ready service solutions for Privileged Access Management (PAM) and bolster mission security as they migrate an increasing amount of workloads to the cloud. Check out the FedRAMP Marketplace listing for more details.
 
 
ACCREDITATIONS AND CERTIFICATIONS
 
508 Compliance
Section 508, an amendment to the United States Workforce Rehabilitation Act of 1973, is a federal law mandating that all electronic and information technology developed, procured, maintained, or used by the federal government be accessible to people with disabilities. Centrify Zero Trust Privilege solutions are 508 compliant.
 
 
CoN — Certificate of Networthiness
Certificate of Networthiness (CoN) from the U.S. Army Network Enterprise Technology (NETCOM) Command 9th Signal Command shows that products meet the U.S. Army's requirements such as network security, network impact, compatibility with the infrastructure, communications and information support.Centrify Zero Trust Privilege solutions are compliant with CoN.
 
 
Common Criteria EAL2+
The Common Criteria (ISO 15408) process establishes confidence that the security functionality of IT products earning certification and the assurance measures applied to these IT products meet the established Common Criteria evaluation requirements. Centrify Zero Trust Privilege solutions have achieved Common Criteria certification listed at Evaluation Assurance Level (EAL) 2+.
 
 
DIACAP — U.S. Department of Defense Information Assurance Certification and Accreditation Process
DIACAP is a United States Department of Defense process that means to ensure that companies and organizations apply risk management to information systems. Centrify Zero Trust Privilege solutions for role-based privilege management are useful in the accreditation process, particularly requirements for authorizing the operation of DoD information systems.
 
 
DITSCAP — U.S. Department of Defense Information Technology Security Certification and Accreditation Process
DITSCAP is a certification issued by the United States Department of Defense (DOD). Customers can obtain this certification from a security committee of the DOD that their systems are safe to operate in the intended operating environment, and that the system maintained accredited security posture throughout the life cycle. Systems using Centrify Zero Trust Privilege solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
 
 
FIPS 140-2 Validated
The Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Centrify is validated FIPS 140-2 Level 1. FIPS 140-2 requires cryptographic modules in third-party software and hardware that federal agencies and regulated industries use for handling sensitive, non-classified information.
 
 
JITC Logo
JITC — U.S. Department of Defense Joint Interoperability Test Command Class 3 Public Key Infrastructure Public Key-Enabled
Centrify Zero Trust Privilege software is an JITC: Department of Defense Class 3 Public Key Infrastructure Public Key-Enabled application and holds a Joint Interoperability Test Command (JITC) certification for Centrify Zero Trust Privilege Services for Mac OS X solutions. In turn, Centrify can assure government agencies and those who interact with them that Centrify Zero Trust Privilege Services for Mac OS X meets the high standards established by the JITC, including support for Common Access Card (CAC) smart card login to Active Directory.
 
 
MARS-E Logo
MARS-E — Minimum Acceptable Risk Standards for Exchanges
The purpose of MARS-E is to provide a starting point for security guidance that Exchanges (State Health Insurance Exchanges) can use in implementing and operating their IT systems in support of the “Patient Protection and Affordable Care Act of 2010”, also known as ACA. The Exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI), or Federal Tax Information (FTI) of US Citizens. The secure handling of this information becomes very important. Systems using Centrify Zero Trust Privilege solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
 
 
NIACAP — U.S. Department of Defense Information Assurance Certification and Accreditation Process
The National Information Assurance Certification and Accreditation Process formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership. Systems using Centrify Zero Trust Privilege solutions for Federal Information Security Management Act of 2002 (FISMA) compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities. National Institute for Standards and Technology (NIST) Standard Publication (SP) 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
 
 
RMF — The Risk Management Framework (replaces DIACAP)
The Risk Management Framework is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology. The Centrify Zero Trust Privilege solutions assist in establishing step five of the RMF, which deals with the authorization of the information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.
 
 
SOC 2 — Service Organization Control
The SOC 2 report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. Centrify has passed the SOC 2 certification with zero findings and no remediation required for certification. Customers can request access to the SOC 2 report upon request.

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial