CyberArk to Lead NIST 800-53 Discussion at the Eighth Annual GFIRST National Conference

August 16, 2012

NEWTON, Mass. – August 16, 2012 – Cyber-Ark® Software today announced details of its presentation at the Eighth Annual Government Forum of Incident Response and Security Teams (GFIRST) National Conference. The event, affiliated with US-CERT, provides a forum for information security professionals and government officials to discuss cyber security trends and incident response strategies employed by government agencies, law enforcement, private sector and academia.

In his session, Automating NIST 800-53: Establishing a Preventative Approach to Privileged Account Management,” Cyber-Ark’s Adam Bosnian will define the scope of privileged account management and offer steps agencies can take to better manage the privileged account management lifecycle as part of a comprehensive cyber security risk management framework. Privileged identities, accounts and passwords are often exploited by both insiders and external hackers in order to gain access to and steal high-value data. NIST 800-53 provides a recommended framework to protect these commonly unguarded targets.

Who: Adam Bosnian, executive vice president Americas and corporate development, Cyber-Ark Software

What: NIST 800-53 provides federal information systems and agencies with the recommended security controls to ensure ongoing situational awareness of the security of their IT systems. Combining rising internal and external security threat awareness with the negative financial impact of non-FISMA compliance, privileged account management is moving to the top of the risk assessment priority list. This session, “Automating NIST 800-53: Establishing a Preventative Approach to Privileged Account Management,” will discuss the importance of instituting controls to combat insider threats and the abuse of privileged accounts within the context of NIST guidelines. The session will:

  • Identify common known and unknown privileged account vulnerabilities that could lead to unauthorized system access and understand the links to NIST 800-53 security control families.
  • Describe how advanced forensics and continuous monitoring via privileged account activity monitoring can help mitigate security threats through greater identity intelligence.
  • Define steps for developing a more granular audit trail for privileged accounts and highlight advantages such as shortening forensic analysis times and meeting regulatory compliance requirements.

When: The GFIRST Conference runs August 19-24. The Cyber-Ark session is scheduled for Tuesday, August 21 from 10:30-11:30 a.m.

Where: The event takes place at the Atlanta Marriott Marquis.

As an additional resource, Cyber-Ark has published an informative whitepaper for federal agencies, “Complying with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53.” With a special focus on establishing a proactive, preventative approach to privileged account management, the paper details how to implement the necessary controls described within NIST 800-53 to achieve FISMA compliance.

GFIRST is a group of technical and tactical practitioners from incident response and security response teams responsible for securing government information technology systems and providing private sector support. GFIRST members work together to understand and handle computer security incidents and to encourage proactive and preventative security practices across government agencies. GFIRST promotes cooperation among the full range of Federal, State and local agencies, including defense, civilian, intelligence and law enforcement.