Centrify Solutions for Federal Regulatory Compliance
Federal agencies — including both civilian and defense organizations – are subject to federal regulation. Centrify provides demonstrable compliance to Federal Information Security Management Act (FISMA) and best-practice guidance from agencies such as the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST). The following table summarizes many of the federal regulations Centrify helps government agencies to address.
CENTRIFY'S DEMONSTRABLE COMPLIANCE
FISMA: Federal Information Security Management Act
Centrify solutions help federal agencies address key FISMA provisions recommended in NIST SP 800-53, including sections:
Centrify addresses the NIST -800 series in three key areas:
AC-3: Authorized access enforcement in accordance with applicable policy.
AC-5: Separation of duties through assigned information system access authorizations.
AC-6: Least privilege enforcement - only necessary access for users, based on mission functions.
OMB: Office of Management and Budget
Centrify enables server isolation and encryption of data-in-motion for UNIX and Linux systems. This addresses the OMB mandate for authenticated connections among systems and the encryption of data moving across IP networks (IPv6 Adoption).
PCI-DSS: Payment Card Industry Data Security Standard
PCI is relevant to government agencies that process credit cards. Centrify addresses six (of twelve) major PCI DSS requirements: 1. Install a firewall to protect cardholder data 2. Do not use vendor supplied defaults for system passwords and other security parameters 4. Encrypt transmission of cardholder data 7. Restrict access to cardholder data 8. Assign a unique ID to each computer user 10. Track & monitor all access to network resources and cardholder data
HIPAA: Heath Insurance Portability and Accountability Act
Centrify Addresses HIPAA Technical Safeguards (§164.312): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
CDM: Continuous Diagnostic Monitoring
Centrify continuously monitors and centrally captures all activity by all users of critical systems, an essential component of Continuous Diagnostic Monitoring.