ISO, NIST, HIPAA, HITRUST, national, regional, government and industry regulations create robust security frameworks to protect citizens and consumers. However, these constantly improving guidelines as well as changes and expansion of the business itself add an ever increasing pressure on commercial and government organizations to meet their compliance requirements.
Xton Access Manager provides an out-of-the-box solution to several crucial regulatory controls across multiple guidelines. It allows organizations to meet their compliance requirements in time and focus on their primary business.
Xton Access Manager for Compliance
European Union General Data Protection Regulation
EU GDPR Compliance is required by any company that deals with any European Union Citizen’s personal Identifiable information. Companies and Governments must comply by May 28, 2018 or face stiff fines that can be as high as 4% of global turnover. Auditors are specifically interested in protecting privileged account credentials because they contribute to the most number of security breaches of PII. There may be hundreds or thousands of these privileged accounts at a company or government and auditors want these passwords changed regularly and strengthened to be longer and more complex. XTAM can automate this task as well as monitor sessions using these accounts.
NIST 800-171
Developed by NIST as part of the Federal Information Security Modernization Act (FISMA) of 2014, NIST Special Publication 800-171 (PDF) is a framework that specifies how your information systems and policies need to be setup in order to protect Controlled Unclassified Information (CUI).
To learn about how Xton Access Manager can help your business comply with NIST 800-171, please continue reading here.
ISO 27001
Originally published by the International Organization for Standardization (ISO) in 2005 and subsequently updated in 2013, ISO 27001:2013 (link) specifies the requirements for establishing, implementing, maintaining, and continually improving an organization’s information security management system (ISMS).
NIST 800-53
As part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, NIST Special Publication 800-53 (link) covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements.
HITRUST
The Health Information Trust Alliance (HITRUST) is a privately held company located in the United States that has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.
PCI-DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
CIS Controls
Center for Internet Security (CIS) Controls are a prioritized set of actions to defend against the vast majority of the most common attacks.
ICS-CERT
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) mission is to guide a cohesive effort between government and industry to improve the cyber security posture of control systems within the nation’s critical infrastructure.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines what is required of healthcare organizations to ensure the portability of healthcare coverage and the privacy of patient records.
NERC-CIP
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
Sarbanes-Oxley
The Sarbanes-Oxley act (PDF) was enacted by the United States Congress in July 2002. It requires publicly traded companies to ensure that they are properly reporting financial information. One of the most critical sections is section 404, which requires internal control over the creation of financial reports, and mandates responsibility for access privileges.
FDA 21 CFR Part 11
Pharmaceutical and other biotech companies are subject to regulation by the food and drug administration (FDA). One of the FDA regulations, regarding electronic signatures and the integrity of electronic systems, is FDA 21 CFR 11.
GLB – Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley act, signed in 1999, applies to financial institutions and securities firms. It requires them to implement strict regulations to protect the privacy of customer data.