Out-of-the-box compliance reports

Recent surges in cyber attacks have heightened security concerns and as a result, organizations today are required to adopt IT strategies that comply with various industry and government regulations. Standards set by the NIST, PCI-DSS, FISMA, HIPAA, NERC-CIP, ISO-IEC 27001, SOX, and other agencies demand organizations to deploy effective controls around their infrastructure and prove compliance through reports. Some of the basic security requirements of these regulations include the following:

• Identify critical infrastructure resources, inventory all associated privileged accounts, and establish clear ownership.
• Manage and limit resource access permissions with role-based controls, duly incorporated with separation of duties, and the principle of least privilege.
• Establish an IT security policy for enterprise-wide governance over privileged identities and their sharing practices.
• Change privileged passwords periodically for proactive protection against data leaks. Additionally, ensure use of strong, unique passwords.
• Provision remote access to internal roles and external parties on a need-basis with robust access controls.
• Track and audit all privileged operations in the organization with comprehensive activity logs, session recording, and real-time monitoring.
• Implement detective controls and remediation measures to identify attack targets and close security loopholes in a timely manner.

Password Manager Pro, as a complete solution to secure privileged accounts and manage remote access, helps organizations achieve IT compliance through strong vaulting mechanisms, robust user authentication, and provisioning. It also provides granular access controls, automatic password resets, privileged user activity monitoring, detection capabilities, and non-repudiation measures.

In addition, Password Manager Pro aids in various compliance audits by providing audit-ready reports that relay organizational security.

PCI-DSS compliance report.

Password Manager Pro helps address security requirements of the payment card industry as stated in sections 2, 3, 7, 8, 10, and 12 of PCI-DSS. In a nutshell, these sections necessitate protection of sensitive data with strong cryptography, changing system default passwords, restricting access to information on a "need to know" basis, using strong passwords along with periodic rotation, monitoring privileged access continuously, and enforcing an enterprise-wide policy to standardize information security practices.

ISO/IEC 27001 compliance report.

On a broader level, ISO/IEC 27001 requires establishing, maintaining, and continually improving an information security management system in an organization. Password Manager Pro helps achieve compliance with mandates specified under clause A.9 of the standard, which deal with "Access Control." The clause basically requires use of a robust information security policy to ensure only authorized users have access to critical systems, that all users are uniquely identified and have established accountability for all privileged activities, that access is only allowed to systems through secure mechanisms, and that sensitive information is protected with cryptographic controls.

Password Manager Pro's ISO/IEC 27001 compliance report communicates an organization's compliance level in relation to control requirements as outlined in the clause A.9.

NERC-CIP compliance report.

Organizations in the energy sector are required to comply with NERC-CIP, which lists standards focused on ensuring the security and reliability of the power systems. Password Manager Pro ensures compliance with select requirements of clauses CIP-004-3a, CIP-005-3a, and CIP-007-3a. In simple terms, the clauses mandate a regular review of authorized personnel with access to critical systems, granular access controls based on functional roles, robust authentication methods, comprehensive auditing of security events, monitoring of user activity during privileged sessions, and use of strong passwords with reliable complexities.