Federal Certifications, Accreditations, and Authorizations for Centrify Solutions

Centrify ― Next-Gen Access Solutions You Can Trust

Centrify leverages existing infrastructure to centrally secure and audit heterogeneous systems and applications. With a single point of administration for accounts, access controls, privileges and policy for systems and workstations, IT managers can implement security levels appropriate to their individual organization's needs and more easily accomplish the reporting and auditing tasks required for certification and accreditation of their processes.

The following table summarizes some of the federal certifications, accreditations, and authorizations Centrify solutions have received:

Authorization Status Resources
FedRAMP: Federal Risk and Authorization Management Program The Centrify Application Services and Centrify Endpoint Services are built on Windows Azure, which is FedRAMP certified. Centrify's FedRAMP authorization is currently in process. Centrify Application Services

Centrify Endpoint Services
Certifications/Accreditations Status Resources
Common Criteria EAL2+ Centrify Server Suite has achieved Common Criteria certification listed at EAL (Evaluation Assurance Level) 2+. Certification Report
DIACAP: DoD Information Assurance Certification and Accreditation Process Centrify solutions for role-based privilege management is useful in the accreditation process, particularly requirements for authorizing the operation of DoD information systems. Centrify Role-Based Access Control
DITSCAP: Department of Defense Information Technology Security Certification and Accreditation Process Systems using the Centrify Suite for FISMA compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities.

NIST SP 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
FISMA Compliance & Auditing Solution

FISMA Compliance & Auditing White Paper
FDCC: Federal Desktop Core Configuration Centrify's desktop lockdown capabilities proactively develop FDCC-like security configurations for Mac systems. While Mac OS systems are not currently included in the FDCC, many agencies adopt it as a best practice. Mac OS Desktop Management Group Policy
Federal Information Processing Standard FIPS 140-2 Validated (Certificate #2844) Centrify is validated FIPS 140-2 Level 1. FIPS 140-2 requires cryptographic modules in third-party software and hardware that federal agencies and regulated industries use for handling sensitive, non-classified information. FIPS 140-2 Validated
MARS-E: Minimum Acceptable Risk Standards for Exchanges The Centrify Application Services and Centrify Endpoint Services are built on Windows Azure, which is FedRAMP certified. Centrify's FedRAMP authorization is currently in process.

Centrify complies with the Minimum Acceptable Risk Standards for Exchanges (MARS-E).

Currently, there is no formal authorization and accreditation process for MARS-E. However, the Centrify Application Services and Centrify Endpoint Services are undergoing independent FedRAMP audits at the Moderate Level and will be authorized according to FedRAMP standards. Although these standards do not specifically focus on MARS-E, the MARS-E control requirements and objectives are very closely aligned and serve to protect the confidentiality, integrity, and availability of data in the Centrify Application Services and Centrify Endpoint Services.
Centrify Application Services

Centrify Endpoint Services
NIACAP: National Information Assurance Certification and Accreditation Process Systems using the Centrify Suite for FISMA compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities.

NIST SP 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.

FISMA Compliance & Auditing Solution

FISMA Compliance & Auditing White Paper

RMF: The Risk Management Framework (replaces DIACAP) Centrify solutions assist in establishing step five of the RMF, which deals with the authorization of the information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.
SOC II: Service Organization Controls (AICPA) Centrify has passed the SOC II Certification with zero findings and no remediation required for certification.