It’s been nearly a decade since the Department of Defense (DoD) created the Department of Defense Information Network Approved Products List (DoDIN APL) to highlight tried and tested solutions that specifically address government security concerns. The APL was developed in an effort to maintain a single consolidated list of products that meet the demands of the nation and our growing need to protect and secure sensitive data and networks. Completing the certification process is an indication to agencies and government end users that all listed products have undergone rigorous DoD testing regulations; passing stringent information assurance (IA), interoperability (IO), Common Access Card (CAC)/Public Key Infrastructure (PKI), and IPv6 requirements.
U.S. government procurement for products that are on the DoD network is limited to only those solutions that have completed this strenuous testing process. The DoDIN APL now serves as the agency’s master list of readily available solutions that are approved to operate within the defense technology infrastructure.
We are happy to announce that the CyberArk Privileged Access Security Solution v10.4 has completed testing and was certified effective October 4, 2018 as a Cybersecurity Tools (CST) device type (Tracking Number (TN) 1712401).
We previously received both APL and Common Criteria (CC) designations for v9.1 of the CyberArk solution in early 2016 and are currently certifying v10.4 for CC under a National Information Assurance Partnership (NIAP) protection profile.
CyberArk’s Commitment to the Federal Government Agencies
The CyberArk Privileged Access Security Solution has been independently validated and awarded an Evaluation Assurance Level (EAL) 2+ under the Common Criteria Recognition Agreement (CCRA). We’ve received the U.S. Army Certificate of Networthiness (CoN) enabling the streamlined implementation of the CyberArk solution on the Army Enterprise Architecture/LandWarNet (LWN). You can visit the Army CoN website for more details on the CyberArk certification #201621511 (requires CAC for access). Prioritizing both obtaining and maintaining these certifications demonstrates CyberArk’s continued commitment to helping federal government agencies proactively protect privileged users and credentials across networks.
Here are a few ways in which CyberArk can help meet security and compliance requirements in federal government agencies:
- FISMA/NIST SP800-53 – CyberArk solutions help federal government agencies comply with requirements related to the “Access Control,” “Audit and Accountability” and “Identification and Authentication” control families.
- Department of Homeland Security CDM Program – Phase 2 of the Continuous Diagnostics and Mitigation (CDM) program features least privilege and infrastructure integrity requirements which can be addressed with CyberArk solutions.
- NERC – CIP – Requirements related to privileged access control, remote access management and access revocation in the regulation can be addressed with CyberArk solutions.
- HSPD-12 – The requirement to authenticate using a Personal Identity Verification (PIV) card can be easily implemented across all current and legacy systems with the seamless integration of CyberArk solutions and PIV cards.
You want Federal White Papers? We’ve got Federal White Papers:
- The CyberArk Privileged Access Security Solution for U.S. Federal Government Agencies
- NIST SP 800-53 Revision 4: Implementing Essential Security Controls with CyberArk Solutions
- Addressing the NIST SP 800-171 CUI Requirements with CyberArk
- Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Phase 2 Privilege Management Requirements
- A Risk-Based Approach to Insider Threat Detection for Federal Government Agencies
To learn more, visit https://www.cyberark.com/solutions/federal-government-solutions/.