当前位置:主页 > DDOS防御 > 正文


06-11 DDOS防御

Industry News March 25th, 2019 Andrew Hickey Cutting Through the Federal Compliance Confusion Federal agencies and systems integrators are under immense pressure to comply with a host of various laws, policies and standards. Those regulations shift and evolve to accommodate the emergence of new security threats and technologies, such as cloud and mobility.Compliance regulations take two key forms: there are regulations agencies must ensure their vendors and solutions adhere to, and regulations they themselves must comply with.It is often so confusing that agencies use specialized consultants to determine whether a desired IT initiative will result in compliance issues. The Government Accountability Office (GAO) is specifically tasked with regularly auditing public sector organizations for compliance.Simply put: it’s challenging to navigate – all the letters and numbers create a sort of alphabet soup. Here, we’ll help you cut through the confusion and outline some of the key compliance regulations federal agencies must follow.FedRAMPThe Federal Risk and Authorization Management Program (FedRAMP) is a government standard that applies to cloud and SaaS IT solutions, like Duo, which must be FedRAMP Authorized to be used by federal agencies. FedRAMP is important as it mitigates risk associated with cloud-based solutions.Duo's now has two-factor authentication offerings that are FedRAMP Authorized and available in the FedRAMP Marketplace.NIST 800-63-3NIST 800-63-3 is billed as a set of Digital Identity Guidelines authored by the National Institute of Standards and Technology, which is part of the U.S. Department of Commerce. The guidelines provide technical requirements for federal agencies implementing digital identity services and cover identity proofing and authentication of users, including employees, contractors and private individuals. They define the technical requirements of identity proofing, registration, authenticators, management processes, authentication protocols, federation and related assertions. NIST 800-63-3 allows for commercial, off-the-shelf (COTS) IT solutions to stand in place of personal identity verification (PIV) cards and common access cards (CAC) for logical authentication.FIPSFederal Information Processing Standards (FIPS) are a set of standards developed by the federal government for use in computer systems by non-military government agencies and by government contractors and vendors who work with the agencies. FIPS standards describe document processing, encryption algorithms, cryptography and other IT standards.FARS-CUI, DFARS-CUI and NIST SP 800-171The [Defense] Federal Acquisition Regulation Supplement (FARS/DFARS) - Controlled Unclassified Information (CUI) regulation and NIST SP 800-171 apply to all non-government organizations (such as federal contractors) that process, store or transmit controlled unclassified information. It mandates "multi-factor authentication for local and network access to privileged accounts."CJISThe Criminal Justice Information Services (CJIS) Security Policy was designed to provide controls to protect the full lifecycle of criminal justice information in transit and at rest. It covers the hardware, software and infrastructure used by the criminal justice community and provides guidance for the creation, viewing, modification, transmission, dissemination, storage and destruction of criminal justice information. Duo helps with CJIS by protecting data at rest and in motion, providing strong two-factor authentication and through integrations with partners such as NetMotion, which helps protect data.HSPD-12Homeland Security Presidential Directive 12 (HSPD-12) requires a common identification standard for all federal employees (and most contractors), to be used for physical and logical access to federal facilities and resources.This requirement has primarily been met via PIV/CAC cards.How Duo HelpsThat’s just a small sampling of the myriad compliance regulations federal agencies and systems integrators must consider. It’s a lot for a small team, or an individual, to contend with, but all are necessary protections to ensure data privacy and security.Duo can help you overcome the compliance confusion by providing a strong authentication solution and the ability to set access policies to ensure compliance is maintained.For example, Duo offers FedRAMP Authorized authentication solutions, offline MFA functionality to help comply with DFARS-CUI and two-factor authentication to comply with NIST guidelines.Duo’s trusted access solution is wired for zero-trust security. We work with a broad ecosystem of partners, such as Yubico and its YubiKey hardware for strong two-factor authentication (2FA), and integrate with applications and systems to help agencies along their zero-trust journeys.With Duo, you get a trusted advisor to ensure your security infrastructure is up to snuff to achieve regulatory compliance and stay that way. We can be your guide through the compliance confusion.


版权保护: 本文由 DDOS防御专家 原创,转载请保留链接: http://www.ddosgb.com/ddos1/60315.html

  • 文章总数
  • 8066709访问次数
  • 建站天数