State & Local Compliance for FISMA, CIS, FERPA, HIPAA

Mission Possible: More Security, More Compliance With State and Local Regulations

Centrify Zero Trust Privilege helps state and local governments in securing access to their ever-expanding attack surface while fulfilling the most stringent state and local compliance mandates. Centrify allows them to control, audit and report on privileged access to sensitive data while reducing complexity and keeping privileged users productive.

Today's Threat and Compliance Challenges

PAM Solutions for Cyber Attacks, Hackers & Breaches

Big Targets for Cyber-Attacks

Cyber adversaries would love to get their hands on citizen data and other sensitive information state and local governments manage.

Security Budgets Stretched Tight

Finding and keeping IT and security talent in state and local government is difficult and gets even more challenging under tight budgets.

You Next Audit is Just Around the Corner

Ever-changing federal as well as state and local regulations make it difficult to get and stay compliant.

TACKLE YOUR STATE AND LOCAL REGULATIONS WITH CENTRIFY

Regulation/Standard	Purpose	Centrify's Demonstrable Value-Add
CIS: Critical Security Controls for Effective Cyber Defense by SANS Institute	Recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.	Centrify Zero Trust Privilege solutions help state and local agencies address the CIS Critical Security Controls in eight key areas: CSC 3 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 5 – Controlled Use of Administrative Privilege CSC 6 – Maintenance, Monitoring, and Analysis of Audit Logs CSC 11 – Secure Configurations for Network Devices such as Firewalls, Routers, and Switches CSC 12 – Boundary Defense CSC 13 – Data Protection CSC 14 – Controlled Access Based on the Need to Know CSC 16 – Account Monitoring and Control
CJIS: Criminal Justice Information Services Security Policy	Security policies for protecting sensitive information like fingerprints and criminal backgrounds gathered by local, state, and federal criminal justice and law enforcement agencies.	Centrify Zero Trust Privilege solutions help state and local agencies address the CJIS Security Policy in the following areas: Policy Area 4 – Auditing and Accountability Policy Area 5 – Access Control Policy Area 6 – Identification and Authentication Policy Area 7 – Configuration Management
FERPA: Family Educational Rights and Privacy Act of 1974	Federal law that protects the privacy of student education records. It applies to all state and local schools that receive funds under an applicable program of the U.S. Department of Education.	Centrify Zero Trust Privilege solutions help state and local schools address FERPA in the following areas: Authentication of Records Requesters Limiting Access to School Officials’ Legitimate Educational Interest Control over Outsourcing Partners Data Security Guidelines in Accordance with NIST SP 800-Series and OMB Standards
FISMA: Federal Information Security Management Act	US legislation that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats.	Centrify Zero Trust Privilege solutions help state and local agencies address key FISMA provisions recommended in NIST SP 800-53, including sections: AC – Access Control AU – Audit and Accountability CM – Configuration Management IA – Identification and Authentication
HIPAA: Health Insurance Portability and Accountability Act	US legislation that provides data privacy and security provisions for safeguarding medical information.	Centrify Zero Trust Privilege solutions help state and local agencies address: HIPAA Technical Safeguards (§ 164.312): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
HITECH: Health Information Technology for Economic and Clinical Health Act	US legislation that widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.	Centrify Zero Trust Privilege solutions help state and local agencies address HITECH in the following major area: Subtitle D – Privacy, Part 1 Subtitle D – Privacy, Part 2
MARS-E: Minimum Acceptable Risk Standards for Exchanges	For enrollees of Administering Entities(AEs), MARS-E defines a minimum set of standards for acceptable security risk that the Health Insurance Exchanges must address and aims to facilitate compliance with the myriad of potentially applicable federal requirements under FISMA, HIPAA, HITECH, ACA, Tax Information Safeguarding Requirements, and state requirements.	Centrify Zero Trust Privilege solutions help ACA Administering Entities to address key MARS-E provisions: Security Controls such as AC- Access Control (i.e., AC-1 Access Control Policy and Procedures, AC-2 Account Management, AC-3 Access Enforcement, AC-5 Separation of Duties, AC-6 Least Privilege, AC-17 Remote Access) AU- Audit and Accountability (i.e., AU-1 Audit and Accountability Policy and Procedures, AU-2 Audit Events, AU-14 Session Audit) CA - Security Assessment and Authorization (i.e., CA-7 Continuous Monitoring) IA - Identification and Authentication (i.e., IA-1 Identification and Authentication Policy and Procedures, IA-2 Identification and Authentication of Organizational Users, IA-10 Adaptive Identification and Authentication) IR – Incident Response (i.e., IR-5 Incident Monitoring, IR-6 Incident Reporting) RA - Risk Assessment (i.e., RA-3 Risk Assessment) Privacy Controls such as AP - Authority and Purpose (i.e., AP-2 Purpose Specification) AR - Accountability, Audit, and Risk Management (i.e., AR-3 privacy Requirements for Contractors and Service Providers) FTI Safeguards as required by IRS Publication 1075
NIST Special Publication 800-Series	Set of documents (NIST SP 800-53, SP 800-171, SP 800-63) that describe US federal government computer security policies, procedures, and guidelines. In many cases, complying with NIST guidelines and recommendations will help state and local government agencies ensure compliance with other regulations, such as HIPAA and FISMA.	Centrify Zero Trust Privilege solutions help state and local agencies address the NIST SP 800-Series in three key areas: AC-3: Authorized Access Enforcement in Accordance with Applicable Policy AC-5: Separation of Duties through Assigned Information System Access Authorization AC-6: Least Privilege Enforcement: Allow only necessary access for users based on mission functions Audit and Accountability Security Assessment and Authorization Identification and Authentication Incident Response
PCI DSS: Payment Card Industry Data Security Standard	Set of security standards designed to ensure that all government agencies that accept, process, store, or transmit credit card information maintain a secure environment.	Centrify Zero Trust Privilege solutions help state and local agencies address six of the major PCI DSS requirements: Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Identify and authenticate access to system components Requirement 10: Track and monitor all access to network resources and cardholder data
Publication 1075: Tax Information Security Guidelines for Federal, State, and Local Agencies by the IRS Office of Safeguards	Safeguards for protecting federal tax returns and return information; aligned with NIST SP 800-53.	Centrify Zero Trust Privilege solutions help state and local agencies address the IRS Publication 1075 in one of the major aspects: Access Control Audit and Accountability Security Assessment and Authorization Identification and Authentication Incident Response

Proven Solutions and Expertise

Grappling to increase your compliance posture while minimizing your attack surface? Centrify can help. We deliver Zero Trust Privilege solutions, allowing you to reduce the possibility of access by bad actors while checking off your state and local regulatory mandates.

Establish Identity Assurance

Consolidate identities to minimize the attack surface, apply multi-factor authentication everywhere and control access through risk-based factors.

Limit Lateral Movement

Establish access zones, grant access based on use of a secure admin environment, apply conditional access controls and minimize VPN access.

Enforce Least Privilege

Grant just enough privilege and move towards just-in-time privilege. In the same way as controlling broad access, automate the request for privilege elevation.

Audit Everything

Monitor sessions and analyze the risk of privileged access requests in real-time. Receive alerts and notifications on abnormal user access behavior.

Trusted by State and Local Governments, Worldwide

There isn’t a regulation that Centrify hasn’t helped us to meet. Today, every time an administrator touches a server, I have a record of it. I can pull up a report, print it and hand it to the auditor.
Peter Manina, IT Specialist and UNIX Systems Architect State of Michigan Department of Technology, Management and Budget

Struggling with Other Regulatory Mandates?

CHECK CENTRIFY SOLUTIONS FOR FEDERAL REGULATIONS

CHECK CENTRIFY SOLUTIONS FOR INDUSTRY REGULATIONS

State and Local Regulations