Federal Compliance

Centrify Solutions for Federal Certification and Accreditation

Centrify leverages existing infrastructure to centrally secure and audit heterogeneous systems and applications. With a single point of administration for accounts, access controls, privileges and policy for systems and workstations, IT managers can implement security levels appropriate to their individual organization's needs and more easily accomplish the reporting and auditing tasks required for certification and accreditation of their processes.

The following table summarizes some of the federal certifications and accreditations Centrify helps government agencies to address. Also included are key certifications the Centrify solution has received.

CertificationCentrify's Demonstrable ComplianceResources
Common Criteria-EAL2+ Centrify Server Suite has achieved Common Criteria certification listed at EAL (Evaluation Assurance Level) 2+.  
SOC 2: Service Organization Controls (AICPA) Centrify has passed the SOC II Certification with zero findings and no remediation required for certification.  
FedRAMP: Federal Risk and Authorization Management Program The Centrify Identity Service is built on Windows Azure, which is FedRAMP certified. Centrify's FedRAMP certification is currently in-process. Centrify Identity Service
Federal Information Processing Standard FIPS 140-2 Validated (Certificate #1604) Centrify is validated FIPS 140-2 Level 1. FIPS 140-2 requires cryptographic modules in third-party software and hardware that federal agencies and regulated industries use for handling sensitive, non-classified information. FIPS 140-2 Validated
DITSCAP: Department of Defense Information Technology Security Certification and Accreditation Process

NIACAP: National Information Assurance Certification and Accreditation Process
Systems using the Centrify Suite for FISMA compliance find that the auditing and reporting features bolster the DITSCAP and NIACAP certification activities.

NIST SP 800-53's guidance for FISMA is also generally used to formulate the specifics of an information system's security posture for the purposes of gaining DITSCAP, NIACAP and similar certification.
FISMA Compliance & Auditing Solution

FISMA Compliance & Auditing White Paper
FDCC: Federal Desktop Core Configuration Centrify's desktop lockdown capabilities proactively develop FDCC-like security configurations for Mac systems. While Mac OS systems are not currently included in the FDCC, many agencies adopt it as a best practice. Mac OS Desktop Management Group Policy
DIACAP: DoD Information Assurance Certification and Accreditation Process Centrify solutions for role-based privilege management is useful in the accreditation process, particularly requirements for authorizing the operation of DoD information systems. Centrify Role-Based Access Control