Federal agencies are required by law to comply with the Federal Information Security Management Act (FISMA), which references the NIST SP 800-53 Recommendations. The long-awaited Revision 4 represents the first major review of the Recommendations in almost four years. These changes have important ramifications for agencies that need to be FISMA compliant.
A primary driver for updating the NIST Recommendations was to help organizations confront advanced persistent threats (APTs). Many controls and control enhancements were added to address APTs, including increased requirements for securing privileged accounts.
Privileged accounts are specifically targeted by APTs because they enable broad access to critical assets. When a privileged account is compromised, the attacker has the power to gain access to a vast amount of data, and their activity can be extremely hard to detect. The release of Revision 4 will prompt many agencies to focus on improving the security of privileged accounts.
CyberArk’s solutions can help agencies to effectively and efficiently meet the full range of requirements regarding privileged accounts. The solutions are enterprise-proven in large and mid-sized government and commercial organizations. CyberArk is the trusted expert in privileged account security and compliance.