Federal agencies face the same security threats as private-sector organizations, as well as a heightened risk of attack by state-sponsored cybercriminals. In addition to following security best practices, federal agencies must adhere to laws, directives, and guidance that mandate various cybersecurity controls. Central to many of these regulations is a requirement for robust authentication and authorization of users attempting to access federal systems.
For example, the Federal Information Security Management Act (FISMA) requires agencies to meet a wide variety of computer security standards, such as ensuring proper password management by workers and restricting employee access to sensitive systems and data. The Homeland Security Presidential Directive 12 (HSPD-12) establishes standards for issuing identity credentials to federal employees and contractors and the use of those credentials as a common means of authenticating access to IT infrastructure.
Controlling privileged access is especially critical given that a large proportion of security breaches involve compromised privileged credentials. However, federal agencies face significant challenges managing privileged access across an ever-changing mix of systems and applications and geographically dispersed environments.
The CyberArk Core Privileged Access Security platform can help federal agencies protect privileged credentials, enforce least privilege access policies, and detect privileged account threats. Privileged credentials are secured within the CyberArk vault, where they can be rotated regularly without impacting the production environment. Users can be granted elevated privileges as needed and as allowed by agency policies, thereby enabling stronger security while minimizing operational bottlenecks.
CyberArk’s distributed software architecture is flexible and scalable, making it possible to extend privileged access controls to on-premises, cloud, mobile, and SCADA systems. CyberArk provides out-of-the-box policy templates for specific server types to simplify deployment.
Though the regulations increasingly emphasize an ongoing, risk-based approach to cybersecurity, federal agencies are still required to undergo periodic audits to test their compliance with regulatory requirements. CyberArk’s Privilege Session Monitoring enables agencies to continuously monitor, record, and track user activity and privileged user sessions on an unlimited number of target systems. Searchable logs and complete audit trails enable IT personnel to investigate who is accessing privileged accounts and what actions they are taking. Tamper-proof storage of logs and audit records prevents unauthorized modification and deletion.
Clango’s Cyber Analytics Reporting Tool (CART) facilitates the audit process by enabling auditors and other nontechnical users to view, search, analyze, and report on the operational data stored within the CyberArk vault. The intuitive, web-based interface uses a familiar spreadsheet paradigm that enables users to get up to speed quickly. Users have access to near-real-time information since CyberArk data is ingested into a database as often as every hour.
CART understands how the data in the CyberArk vault interconnects and provides configurable search and filter forms that make it easy to run complex logical queries. Within a matter of hours, users are able to create customized data views and reports without the need to engage software developers or database administrators. Datasets can also be pivoted to show summaries based on various parameters.
The CyberArk Privileged Account Security solution has been independently validated and awarded an Evaluation Assurance Level 2+ under the Common Criteria Recognition Agreement. It is also on the U.S. Department of Defense Unified Capabilities Approved Products List. The CyberArk-certified engineers at Clango can help federal agencies take full advantage of this powerful tool and readily tap CyberArk data for audits and reporting.
For more information about meeting audit and compliance requirements, please send us an email at (firstname.lastname@example.org).