English

State and Local Government Solutions

Mission Possible: More Security. More Compliance with Zero Trust Security.

Centrify has an extensive history of helping state and local governments in securing access to applications, endpoints and infrastructure while fulfilling the most stringent compliance mandates.

Today’s Threat and Compliance Challenges

icons-cyberattacks.png
Big Targets for Cyber Attacks

Cyber adversaries would love to get their hands on citizen data and other sensitive information state and local governments manage.

icons-cost.png
Security Budgets Stretched Tight

Finding and keeping IT and
security talent in state and local government is difficult and gets even more challenging under tight budgets.

icons-audit.png
Your Next Audit is Just Around the Corner

Ever-changing federal as well as state and local regulations make it difficult to get and stay compliant.

Proven Solutions and Expertise

Grappling to increase your compliance posture while minimizing your attack surface? Centrify can help. We deliver Zero Trust Security through the power of Next-Gen Access solutions, allowing you to reduce the possibility of access by bad actors while checking off your regulatory mandates.

Establish Identity Assurance

Consolidate identities to minimize the attack surface, apply multi-factor authentication everywhere, enhance end user experience via Single Sign-On and control access through risk-based factors.

Limit Lateral Movement

Establish access zones, grant access based on use of trusted endpoints, apply conditional access controls, and minimize VPN access.

Enforce Least Privilege

Grant just enough privilege and move towards just-in-time privilege. In the same way as controlling broad access, automate the request for privilege elevation.

Audit Everything

Monitor sessions and analyze the risk of access requests in real-time. Receive alerts and notifications on abnormal user access behavior.

Tackle State and Local Compliance with Centrify

Regulation/
Standard

Purpose

Centrify’s Demonstrable Compliance Value-Add

CIS: Critical Security Controls for Effective Cyber Defense by SANS Institute

Recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.

Centrify solutions help state and local agencies address the CIS Critical Security Controls in nine key areas:

  • CSC 1 – Inventory of Authorized and Unauthorized Devices
  • CSC 3 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  • CSC 5 – Controlled Use of Administrative Privilege
  • CSC 6 – Maintenance, Monitoring, and Analysis of Audit Logs
  • CSC 11 – Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  • CSC 12 – Boundary Defense
  • CSC 13 – Data Protection
  • CSC 14 – Controlled Access Based on the Need to Know
  • CSC 16 – Account Monitoring and Control

CJIS: Criminal Justice Information Services Security Policy

 Security policies for protecting sensitive information like fingerprints and criminal backgrounds gathered by local, state, and federal criminal justice and law enforcement agencies.

Centrify solutions help state and local agencies address the CJIS Security Policy in the following areas:

  • Policy Area 4 – Auditing and Accountability
  • Policy Area 5 – Access Control
  • Policy Area 6 – Identification and Authentication
  • Policy Area 7 – Configuration Management
  • Policy Area 13 – Mobile Devices

FERPA: Family Educational Rights and Privacy Act of 1974

Federal law that protects the privacy of student education records. It applies to all state and local schools that receive funds under an applicable program of the U.S. Department of Education.

Centrify solutions help state and local schools address FERPA in the following areas:

  • Authentication of Records Requesters
  • Limiting Access to School Officials’ Legitimate Educational Interest
  • Control over Outsourcing Partners
  • Data Security Guidelines in Accordance with NIST SP 800-Series and OMB Standards

FISMA: Federal Information Security Management Act

US legislation that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats.

Centrify solutions help state and local agencies address key FISMA provisions recommended in NIST SP 800-53, including sections:

  • AC – Access Control
  • AU – Audit and Accountability
  • CM – Configuration Management
  • IA – Identification and Authentication

HIPAA: Health Insurance Portability and Accountability Act

US legislation that provides data privacy and security provisions for safeguarding medical information.

Centrify solutions help state and local agencies address:

  • HIPAA Technical Safeguards (§ 164.312): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.

HITECH: Health Information Technology for Economic and Clinical Health Act

US legislation that widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.

Centrify solutions help state and local agencies address HITECH in the following major area:

  • Subtitle D – Privacy, Part 1
  • Subtitle D – Privacy, Part 2

MARS-E: Minimum Acceptable Risk Standards for Exchanges

For enrollees of Administering Entities(AEs), MARS-E defines a minimum set of standards for acceptable security risk that the Health Insurance Exchanges must address and aims to facilitate compliance with the myriad of potentially applicable federal requirements under FISMA, HIPAA, HITECH, ACA, Tax Information Safeguarding Requirements, and state requirements.

Centrify solutions help ACA Administering Entities to address key MARS-E provisions:

Security Controls such as
  • AC- Access Control (i.e., AC-1 Access Control Policy and Procedures, AC-2 Account Management, AC-3 Access Enforcement, AC-5 Separation of Duties, AC-6 Least Privilege, AC-17 Remote Access)
  • AU- Audit and Accountability (i.e., AU-1 Audit and Accountability Policy and Procedures, AU-2 Audit Events, AU-14 Session Audit)
  • CA - Security Assessment and Authorization (i.e., CA-7 Continuous Monitoring)
  • IA - Identification and Authentication (i.e., IA-1 Identification and Authentication Policy and Procedures, IA-2 Identification and Authentication of Organizational Users, IA-10 Adaptive Identification and Authentication)
  • IR – Incident Response (i.e., IR-5 Incident Monitoring, IR-6 Incident Reporting)
  • RA - Risk Assessment (i.e., RA-3 Risk Assessment)
Privacy Controls such as
  • AP - Authority and Purpose (i.e., AP-2 Purpose Specification)
  • AR - Accountability, Audit, and Risk Management (i.e., AR-3 privacy Requirements for Contractors and Service Providers)
FTI Safeguards as required by IRS Publication 1075

NIST Special Publication 800-Series

Set of documents (NIST SP 800-53, SP 800-171, SP 800-63) that describe US federal government computer security policies, procedures, and guidelines. In many cases, complying with NIST guidelines and recommendations will help state and local government agencies ensure compliance with other regulations, such as HIPPA and FISMA.

Centrify solutions help state and local agencies address the NIST SP 800-Series in three key areas:

  • AC-3: Authorized Access Enforcement in Accordance with Applicable Policy
  • AC-5: Separation of Duties through Assigned Information System Access Authorization
  • AC-6: Least Privilege Enforcement: Allow only necessary access for users based on mission functions
  • Audit and Accountability
  • Security Assessment and Authorization
  • Identification and Authentication
  • Incident Response

PCI DSS: Payment Card Industry Data Security Standard

Set of security standards designed to ensure that all government agencies that accept, process, store, or transmit credit card information maintain a secure environment.

Centrify solutions help state and local agencies address six of the major PCI DSS requirements:

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Identify and authenticate access to system components
  • Requirement 10: Track and monitor all access to network resources and cardholder data

Publication 1075: Tax Information Security Guidelines for Federal, State, and Local Agencies by the IRS Office of Safeguards

Safeguards for protecting federal tax returns and return information; aligned with NIST SP 800-53.

Centrify solutions help state and local agencies address the IRS Publication 1075 in one of the major aspects:

  • Appropriate Management of Access Control to Information Systems Containing Federal Tax Information (FTI)
  • Adherence to NIST 800-53:
    • Access Control
    • Audit and Accountability
    • Security Assessment and Authorization
    • Identification and Authentication
    • Incident Response
Full Case Study

Centrify Next-Gen Access for Modern State and Local Governments

More Security. More Compliance with Zero Trust Security.

Contact Us