Federal Compliance Solutions for FISMA, HIPAA, NIST, DHS CDM

Mission Possible: Secure and Productive Compliance With Federal Regulations

Centrify Zero Trust Privilege helps federal agencies ― including both civilian and defense organizations ― address the specific requirements of key federal regulations, allowing them to control, audit and report on privileged access to sensitive data while reducing complexity and keeping privileged users productive.

Today's Threat and Compliance Challenges

PAM Solutions for Cyber Attacks, Hackers & Breaches

Big Targets for Cyber Attack

Cyber adversaries would love to get their hands on citizen and federal employee data as well as other sensitive information federal agencies manage.

Security Budgets Stretched Tight

Finding and keeping IT and security talent in federal government is difficult and gets even more challenging under tight budgets.

Your Next Audit is Just Around The Corner

Ever-changing federal regulations make it difficult to get and stay compliant.

Centrify allows us to adhere to HSPD-12 regulations with a government-certified solution. We don’t have to jump through hoops to configure something that will work with smart cards.
Jeff Williams, Systems Integration Branch Chief, National Weather Service, Southern Branch

TACKLE YOUR FEDERAL REGULATIONS WITH CENTRIFY

Regulation/Standard	Purpose	Centrify's Demonstrable Value-Add
DHS CDM Phase 2: Department of Homeland Security Continuous Diagnostic and Mitigation Program – Phase 2	The Continuous Diagnostics and Mitigation Program by the U.S. Department of Homeland Security is a dynamic approach to fortifying the cyber security of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that: Identify cyber security risks on an ongoing basis; Prioritize these risks based upon potential impacts; and Enable cyber security personnel to mitigate the most significant problems first.	Centrify Zero Trust Privilege solutions are the selected choice of federal agencies for CDM Phase 2 CRED, ensuring that all federal agency associates only have access to servers or network resources based on their unique role and responsibility within their organization. Centrify covers the following CDM Phase 2 CRED requirements: Active Directory: The primary identity store for all agencies is Microsoft Active Directory with a full span of control encompassing accounts, networks, devices, and applications. PIV Authentication Everywhere: Agency users’ primary credentials are PIV-based for both system authentication (login) and authorization (privilege elevation) while preventing password-based authentication. Separation of Duties: Consolidate user accounts and groups into Active Directory and enforce separation of administrative duties. Least Privileged Access: Account and credentials to be securely used and managed in dependent systems such that all authorized users only have the proper level of access necessary to perform their specific job duties. Privilege Elevation Management: Eliminate the problem of too many users having too broad and unmanaged administrative power. Session Auditing and Recording: Mitigate insider threats and meet compliance requirements with full audit trails and session capture of privileged user activity on Windows, Linux and UNIX servers. Solution Brief: Addressing DHS CDM Phase 2 for Credentials and Authentication
FICAM: Federal Identity Credential Access Management Initiative	The Federal ICAM (FICAM) program, managed by GSA’s Office of Information Integrity and Access, provides collaboration opportunities and guidance on IT policy, standards, implementation and architecture, to help federal agencies implement ICAM.	Centrify Zero Trust Privilege solutions help federal agencies address FICAM IT policies and standards like NIST SP 800-53, including sections: AC - Access Control AU - Audit and Accountability CM - Configuration Management IA - Identification and Authentication
FISMA: Federal Information Security Management Act	US legislation that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats.	Centrify Zero Trust Privilege solutions help federal agencies address key FISMA provisions recommended in NIST SP 800-53, including sections: AC – Access Control AU – Audit and Accountability CM – Configuration Management IA – Identification and Authentication
HIPAA: Health Insurance Portability and Accountability Act	US legislation that provides data privacy and security provisions for safeguarding medical information.	Centrify Zero Trust Privilege solutions help federal agencies address: HIPAA Technical Safeguards (§ 164.312): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
HSPD-12: Homeland Security Presidential Directive 12	A strategic initiative intended to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy. It requires the development and implementation of a government-wide standard for secure and reliable forms of identification for federal employees and contractors.	Centrify Zero Trust Privilege solutions help federal agencies to deploy HSPD-12 compliant credential. Centrify brings Mac OS X and Red Hat Linux systems into compliance with HSPD-12 by supporting the Common Access Card (CAC) standard certified by the JITC. Centrify's listing in the JITC directory Centrify's JITC certification letter
NIST Special Publication 800-Series	Set of documents (NIST SP 800-53, SP 800-171, SP 800-63) that describe US federal government computer security policies, procedures, and guidelines. In many cases, complying with NIST guidelines and recommendations will help state and local government agencies ensure compliance with other regulations, such as HIPAA and FISMA.	Centrify Zero Trust Privilege solutions help federal agencies address the NIST SP 800-Series in three key areas: AC-3: Authorized Access Enforcement in Accordance with Applicable Policy AC-5: Separation of Duties through Assigned Information System Access Authorization AC-6: Least Privilege Enforcement: Allow only necessary access for users based on mission functions Audit and Accountability Security Assessment and Authorization Identification and Authentication Incident Response
OMB: Office of Management and Budget	Identity Management Guidance by the Office of Management and Budget, including policies on encryption, multi-factor authentication, and digital signatures.	Centrify Zero Trust Privilege solutions help federal agencies to address the OMB policies by enabling server isolation and encryption of data-in-motion for UNIX and Linux systems. This addresses the OMB mandate for authenticated connections among systems and the encryption of data moving across IP networks (IPv6 Adoption).
PCI DSS: Payment Card Industry Data Security Standard	Set of security standards designed to ensure that all government agencies that accept, process, store, or transmit credit card information maintain a secure environment.	Centrify Zero Trust Privilege solutions help federal agencies address six of the major PCI DSS requirements: Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Identify and authenticate access to system components Requirement 10: Track and monitor all access to network resources and cardholder data

Proven Solutions and Expertise

Grappling to increase your compliance posture while minimizing your attack surface? Centrify can help. We deliver Zero Trust Privilege solutions, allowing you to reduce the possibility of access by bad actors while checking off your federal regulatory mandates.

Establish Identity Assurance

Consolidate identities to minimize the attack surface, apply multi-factor authentication everywhere and control access through risk-based factors.

Limit Lateral Movement

Establish access zones, grant access based on use of a secure admin environment, apply conditional access controls and minimize VPN access.

Enforce Least Privilege

Grant just enough privilege and move towards just-in-time privilege. In the same way as controlling broad access, automate the request for privilege elevation.

Audit Everything

Monitor sessions and analyze the risk of privileged access requests in real-time. Receive alerts and notifications on abnormal user access behavior.

Trusted by Top Government Agencies

Centrify gives us the ability to resolve a finding from a DOI-OIG audit, and to conform to the requirement for PIV authentication.
IT Systems Analyst, U.S. Department of Interior, Enterprise Services

Struggling with Other Regulatory Mandates?

CHECK CENTRIFY SOLUTIONS FOR INDUSTRY REGULATIONS

CHECK CENTRIFY SOLUTIONS FOR STATE AND LOCAL REGULATIONS

Federal Regulations