A Key Driver for
IAM Initiatives
Regulatory Compliance
Regulatory Compliance
A key driver for IAM initiatives is regulatory compliance. The reason is simple. The available IAM technologies are excellent at tackling these controls and in many cases, these tools were developed with that specific intent.
Identity Manager (IDM)
Automated management of identity lifecycle processes (i.e. new hires and terminations).
- Activate credentials on the start date
- Deactivate credentials on the termination date
- Workflows to manage immediate terminations
Application access management
- Role-based access assignments
- Request-based access assignments with approvals
- Complete audit trail of access requests and approvals
- Automated removal of access on terminations
HITRUST Control – 01.b User Registration – There shall be a formal documented and implemented user registration and de-registration procedure for granting and revoking access.
Other Frameworks Related Controls: CMSR (HIGH v2 IA-2(1), IRS Pub 1075 v2014 9.3.7.2, MARS-E v1 IA-2(1), NIST SP 800-53 R4 IA-2(1)
Web Access Management (WAM)
Controlled access to internal and external network services.
- Secure authentication mechanisms
- Separate authentication mechanisms based
on access sensitivity - Reduced use of passwords
- Internal and external authentication and access management
Password management
- Formal management process for passwords
- Request-based access assignments with approvals
- Simplified end-user password management
Users shall only be provided with access to internal and external network services that they have been specifically authorized to use. Authentication and authorization mechanisms shall be applied for users and equipment.
HITRUST Control – 01.r Password Management System
Systems for managing passwords shall be interactive and shall ensure quality passwords.
Other Frameworks Related Controls:
CMSR (HIGH) v2 IA-2(1), IRS Pub 1075 v2014 9.3.7.2, MARS-E v1 IA-2(1), NIST SP 800-53 R4 IA-2(1)
Identity Governance (IG)
Least privileged access rights.
- Manager based access reviews
- Decision audit trail
- Automated remediation
Event-based access reviews
- Automated access reviews for job transfers
- Custom triggers for access reviews
HITRUST Control – 01.e Review of User Access Rights – All access rights shall be regularly reviewed by management via a formal documented process.
Other Frameworks Related Controls: CMSR (HIGH) v2 IA-5(1), IRS Pub 1075 v2014 9.3.7.5, ISO/IEC 27002-2005 11.02.03, MARS-E v1 IA-5, NRS 603A-215.1
Data Access Governance
Access management for data (file systems, databases, etc.)
- Automated scanning for sensitive data
- Automated workflow for detected sensitive data
- Access reviews of access to unstructured data
HITRUST Control – 01.e Review of User Access Rights – To prevent unauthorized access to information held in application systems.
Other Frameworks Related Controls: ISO/IEC 27002:2005 11.05.06
Privileged Access Management (PAM)
Enhanced security for your most sensitive accounts
- Limited access to privileged accounts
- Elimination of shared passwords
- Secure vault for sensitive passwords with automated password rolling
HITRUST Control – 01.c Privilege Management
The allocation and use of privileges to information systems and services shall be restricted and controlled. Special attention shall be given to the allocation of privileged access rights, which allow users to override system controls.
Other Frameworks Related Controls
CMSR (HIGH) v2 AC-2(13), MARS-E v1 AC -2(2), NIST SP 800-53 R4 AC-2(1)
Stay Compliant with GCA
At GCA, we offer free workshop services to dig into the regulatory compliance controls your organization needs to meet. Schedule a 15-minute initial call to discuss how GCA can assist in meeting your controls today.
BUSINESS OUTCOMES
Enable Fast
Identity Audit Data
Setup reports or workflows to conveniently retrieve the Identity data your organization needs.
Setup Re-hires with Previous
Network IDs and Email Addresses
Maintain old account names and keep identities consistent.
Read-Only Application
Connectors for Access Reviews
Meet your regulatory compliance needs with little effort from application owners.
RECOMMENDED IAM CONTENT
View Who Has Sensitive
Access On-Demand
Leverage IDM reports providing critical intelligence in seconds.
Save Time with Access Reviews Focused on New Access
Find the middle ground between compliance regulations and time spent on access reviews.
Leverage IDM to Assign Ownership of Admin, Service, & Test Accounts
Self-service workflow to assist in assigning ownership of Active Directory admin, service, and test accounts.