Cyber-Ark Publishes Steps to Implement NIST 800-53 Controls and Continuous Monitoring with a Special Focus on Privileged Account
Printer-friendly version
PDF version
Whitepaper Outlines the Recommended Security Controls for Federal Information Systems and Organizations and Related Steps Toward Gaining FISMA Compliance
NEWTON, Mass. - November 3, 2011 -
Cyber-Ark® Software, the leading global information security provider for protecting and managing critical applications, identities and sensitive information, today released an informative whitepaper for federal agencies, “Complying with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53.” With a special focus on establishing a proactive, preventative approach to privileged account management, the paper details how to implement the necessary controls described within NIST 800-53 to achieveFISMA compliance.
NIST 800-53 provides federal information systems and agencies with the recommended security controls to ensure ongoing situational awareness of the security of their IT systems. Cyber-Ark’s whitepaper was developed in conjunction with the increased focus that NIST 800-53 has placed on instilling controls to combat insider threats and the abuse of privileged accounts, while drawing attention to some of the shortcomings of traditional encryption-based approaches. In particular, it focuses on steps organizations can take to better manage across the privileged account management lifecycle, gain better control over shared accounts and institute real-time continuous monitoring solutions as part of a comprehensive risk management framework.
An Overview of Primary Security Controls and the Privilege Connection
While some aspects of Privileged Identity Management may be addressed procedurally, the majority of the necessary security controls outlined in NIST 800-53’s recommendations require a dedicated solution for the proactive management and audit of privileged users. Cyber-Ark’sPrivileged Identity Management SuiteandPrivileged Session Management Suiteenable an organization to execute the following controls to securely provide users and applications with the privileges needed in order to complete their role - and their role only:
Access Control:
As the foundation for the management of users and accounts, this control addresses the creation and assignment of privileges. According to NIST 800-53’s recommendations, particular attention must be paid to privileged accounts and their elevated access rights to the sensitive information stored in a variety of information systems. Cyber-Ark emphasizes the importance of controlling access across the privileged account lifecycle, encompassing steps for auto-discovery, management, policy definition and monitoring.
Audit and Accountability:
As NIST 800-53 suggests, this set of controls is critical when establishing a proactive approach to audit compliance and accountability. As detailed in the guidelines, auditable information must be available on demand. Without these built-in controls to continuously access sensitive information, log and monitor privileged actions, organizations will sacrifice accountability and fail to satisfy compliance requirements. Cyber-Ark’s Digital Vault provides tamper proof audit and log retention which is critical for ensuring the authenticity and safe keeping of all privileged audit information.
Identification and Authentication:
This control, according to NIST 800-53, asserts that “the information system uniquely identifies and authenticates organizational users.” This is especially critical for privileged and shared accounts - commonly utilized among the IT staff, diminishing an organization’s accountability while exposing password vulnerabilities. This control will establish a more effective password management program and accountability for shared accounts.
“With each release, NIST guidelines detail the most critical security controls that must be implemented to mitigate security vulnerabilities. With NIST 800-53, it is clear that privileged account management is moving to the top of the risk assessment priority list for many organizations,” said Adam Bosnian, Executive Vice President, Americas and Corporate Development, Cyber-Ark Software. “Combining the negative financial impact associated with non-FISMA compliance with rising internal and external threat awareness in the federal sector, this whitepaper provides specific advice organizations can use to enhance existing security solutions through policy-based automation and enhanced security controls around privileged account management.”
About Cyber-Ark
Privileged Identity Management
Sensitive Information Management
###
Copyright © 2011 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
Media inquiries:
Liz Campbell
fama PR (Cyber-Ark U.S.)
Phone: +1 617-986-5009
Email:cyber-ark@famapr.com
Susan Alves
Cyber-Ark Software, Inc.
Phone: +1 617-965-1544
Email:susan.alves@cyber-ark.com
Copy this html code to your website/blog and link to this press release.
More User Press Releases
- Cyber-Ark to Participate in Upcoming Events Where Privileged Account Activity Management and Cloud Security Take Center Stage
- Cyber-Ark Adds Privileged Account Management to the IT Security Discussion at MILCOM 2011
- Cyber-Ark Provides Proactive Security Protection for Private Clouds and Virtual Environments
- Cyber-Ark Provides Secure File Sharing for Mobile Devices with Enhanced File Protection
- Cyber-Ark to Present on Security Connections Panel at McAfee FOCUS 2011
- DBS Bank Extends Relationship with Cyber-Ark to Six Key Markets in Asia-Pacific
- Cyber-Ark Expands Into Irish Market through Zinopy Partnership
- Cyber-Ark Launches New Cloud Service for Secure Managed File Transfer
- Cyber-Ark Appoints Security Veteran Nick Lowe as VP of Sales, EMEA
- Cyber-Ark Demonstrates How to Control and Monitor Privileged Access to Hypervisors and Virtualized Environments at VMworld 2011
Facebook
Twitter
del.icio.us
LinkedIn
Digg
StumbleUpon
Forward
Google
Favorite
Favorite on Technorati