Industry Regulations

Achieve Industry Regulatory Compliance With Centrify Zero Trust Privilege

Centrify Zero Trust Privilege helps commercial customers address the specific requirements of key industry regulations, allowing them to control, audit and report on privileged access to sensitive data while reducing complexity and keeping privileged users productive.

Today's Threat and Compliance Challenges


Regulation/Standard Purpose Centrify's Demonstrable Value-Add

PCI DSS: Payment Card Industry Data Security Standard

Set of security standards designed to ensure that all businesses that accept, process, store, or transmit credit card information maintain a secure environment.

The card brands and banks, which can impose stiff fines, penalties and public disclosure, enforce PCI DSS including the suspension of payment card processing privileges. Any business that accepts payment cards or processes card data must validate their compliance with a PCI DSS yearly assessment.

Centrify Zero Trust Privilege solutions help commercial businesses address six of the major PCI DSS requirements:

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Identify and authenticate access to system components
  • Requirement 10: Track and monitor all access to network resources and cardholder data

SOX: Sarbanes-Oxley Act of 2002

Strict standards for financial reporting by U.S. public companies. SOX Section 404 mandates an annual assessment by an independent auditor of the effectiveness of a public company's control procedures. IT departments, who are usually tasked with managing these audits, need to ensure that systems holding financial data can be accessed only by those whose job function requires it, that privileges are limited just to those required by the job, and a record off all activity is kept.

Centrify helps IT organizations simplify their SOX auditing requirements with a cost-effective solution that leverages technology already in house: Microsoft Active Directory.

By leveraging an existing identity infrastructure, tools, processes and skill sets, Centrify Zero Trust Privilege solutions enable:

  • Consolidated and centralized management of privileged user identities and servers;
  • Privileged user authentication;
  • Role-based access control;
Session recording and reporting to meet compliance auditing requirements.
MAS: Monetary Authority of Singapore Technology Risk Management (TRM) Guidelines

A comprehensive set of IT security requirements not just for Financial Institutions (based in Singapore, but for any Financial Institution that is doing business in Singapore.

The MAS guidelines for Internet Banking and Technology Risk Management identify security and risk management issues in a comprehensive manner, covering everything from identity assurance and access controls to accountability and audit.

Centrify Zero Trust Privilege solutions help Financial Institutions directly address MAS TRM Guidelines in three critical areas:

  • Section 11: Access Control
  • Section 13: Payment Card Security
  • Section 14: IT Audit

NERC CIP: North American Electric Reliability Corporation Critical Infrastructure Protection Plan

Guidance that requires accountability throughout the authentication, access control, delegation, separation of duties, continuous monitoring and reporting of electronic access to critical infrastructure.

Requirements establish a clear obligation that all electronic access be audited, monitored and archived in such a way that an organization can reproduce detailed privileged user sessions 24 hours per day, 7 days per week.

Centrify Zero Trust Privilege solutions help energy producers and distributors to

  • Eliminate troublesome shared accounts and root passwords.
  • Quickly establish role-based granular access to systems based on business need-to-know using a dynamic rights model to secure privileged access and command execution.
  • Enforce delegated administration and separation of duties so only authorized users are granting secured access to critical systems and applications.
  • Generate detailed reports for NERC CIP compliance showing who has access to what resources, commands and applications.
  • Spot suspicious activity or improper procedures through continuous monitoring of privileged user access to critical cyber security assets.

Proven Solutions and Expertise

Grappling to increase your compliance posture while minimizing your attack surface? Centrify can help. We deliver Zero Trust Privilege solutions, allowing you to reduce the possibility of access by bad actors while checking off your industry regulatory mandates.

Trusted by over 2,000 Organizations, Worldwide

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us