SlideShare ist ein Scribd-Unternehmen logo

HyTrust-FISMA Compliance in the Virtual Data Center

H
HyTrust
TechnologieBusiness
1 von 11
Downloaden Sie, um offline zu lesen
FISMA Compliance in the Virtual Data Center Fulfilling NIST Requirements © 2012, HyTrust, Inc. www.hytrust.com 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com 1
NIST Directives on Virtualization Security “ Organizations should have the same security controls in place for virtualized operating systems as they have for the same operating systems running ” directly on hardware. “ Ensure that the hypervisor is properly secured. ” “ Restrict and protect administrator access to the virtualization solution. The security of the entire virtual infrastructure relies on the security of the virtualization management system that controls the hypervisor and allows the operator to start guest OSs, create new ” guest OS images, and perform other administrative actions. Neither physical data center security controls nor the basic controls provided by the virtualization platform were designed to fulfill these requirements for FISMA compliance. © 2012, HyTrust, Inc. www.hytrust.com 2
HyTrust Role in NIST/FISMA Compliance   6 of 18 NIST 800-53 control families IDENTIFIER FAMILY focus on controlling and tracking infrastructure access or ensuring configuration and system integrity   Compliance in virtual environments requires an approach that addresses the distinct attributes of virtual infrastructure access, configuration, and system integrity   HyTrust is purpose-built to control and log access activity, ensure compliant host configurations, and protect system integrity in virtual environments   HyTrust fills critical gaps in the virtualization platform’s NIST/FISMA Source: NIST Special Publication 800-53, Revision 3 compliance capabilities* * Platform capabilities mentioned in this document are believed to be accurate as of April, 2012, and are subject to revision © 2012, HyTrust, Inc. www.hytrust.com 3
HyTrust Enables Access Control (AC) Compliance AC Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Account Specify access privileges and grant access to • Supports single factor • Supports multi-factor authentication Management the system based on: (i) a valid access authentication only • Prevents root account sharing (AC-2) authorization; (ii) intended system usage; and • Allows root account sharing • Prevents use of default passwords (iii) other attributes as required by the • Allows default passwords • Enables limited access privileges based organization or associated missions/business • Defaults to admin privileges on intended system usage and other functions. for all operations attributes Access Enforce approved authorizations for logical • Enables broad access • Enforces authorization policy defined by Enforcement access to the system in accordance with privileges based on roles granular role-based and attribute-based (AC-3) applicable policy. only access privileges Information Enforce approved authorizations for • Allows unfiltered VM-to-VM • Enforces trust zone policies that Flow controlling the flow of information within the communications, constrain users’ ability to change Enforcement system and between interconnected systems unconstrained by policy information flows (AC-4) in accordance with policy. Separation of Implement separation of duties through • Provides limited ability to • Provides the authorization granularity Duties (AC-5) assigned information system access enforce access policies needed for effective separation of authorizations. separating duties duties • Provides no pre-defined • Provides 17 pre-defined, customizable roles besides administrator roles Least Privilege Employ the concept of least privilege, allowing • Defaults to super user • Allows only the operations and access to (AC-6) only authorized accesses for users which are privileges virtual resources users need to do their necessary to accomplish assigned tasks in jobs accordance with organizational mission. Security Support the binding of security attributes to • Provides no mechanism to • Enables object tagging with security Attributes information in storage, in process, and in tag virtual objects with attributes that enable robust and (AC-16) transmission. security attributes flexible access control © 2012, HyTrust, Inc. www.hytrust.com 4
HyTrust Enables Audit and Accountability (AU) Compliance (continued) AU Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Compliance Constraints/Gaps Virtual Environments Audit Review, Analyze and correlate audit records • Provides basic virtualization • Provides the thorough, fine-grained Analysis, and across different repositories to gain event data to SIEM solutions virtualization event data needed by Reporting (AU-6) organization-wide situational awareness that may not be detailed SIEM solutions for correlation with enough for correlation with similarly detailed physical data physical data center audit center records records Non-Repudiation Protect against an individual falsely • Allows admin anonymity via • Associates unique user ID with every (AU-10) denying having performed a particular sharing of root account event logged action. Audit Generation Provide audit record generation • Creates separate log files for • Consolidates and centrally manages (AU-12) capability for the list of auditable events vCenter and each host server logs covering vCenter and all hosts defined in AU-2. • Uses different log formats for • Uses a single, uniform format for Produce audit records in a standardized vCenter vs. hosts combined vCenter and host log data format. © 2012, HyTrust, Inc. www.hytrust.com 5
HyTrust Enables Security Assessment and Authorization (CA) Compliance CA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Continuous Establish a continuous monitoring strategy • Does not provide functionality • Continuously monitors hypervisor Monitoring (CA-7) and implement a continuous monitoring to continuously monitor and configurations for drift and policy program that includes: manage the hypervisor violations • a configuration management process for configuration • Determines the security impact of the information system • Does not provide functionality configuration changes by • a determination of the security impact of to determine the security continuously comparing changes to the information system impact of changes to the configuration states to baselines hypervisor configuration such as C.I.S. Benchmark • Can only implement standards, VMware Best permissions on virtual Practices, and other frameworks objects in a hierarchical • Can establish permissions and fashion; cannot implement policies that can follow the virtual meaningful permissions in a machine regardless of where it dynamic environment. resides in the environment © 2012, HyTrust, Inc. www.hytrust.com 6
HyTrust Enables Configuration Management (CM) Compliance CM Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Virtual Compliance Constraints/Gaps Environments Baseline Develop, document, and maintain under • Host Profiles functionality • Enables organization to define and automatically Configuration configuration control, a current baseline for maintaining baselines maintain a custom baseline configuration or a pre- (CM-2) configuration. not available with built baseline such as C.I.S. Benchmark standards, Employ automated mechanisms to Standard or Enterprise VMware Best Practices, or other frameworks maintain an up-to-date, complete, versions of platform • Does not require putting hosts in maintenance mode accurate, and readily available baseline • Requires hosts to be put in after remediating baseline variations configuration. maintenance mode and • Provides automated configuration maintenance for all VM’s to be moved to all versions of virtualization platform another host for the duration of the operation. Configuration Audit activities associated with • Logs changes for individual • Centrally logs all hypervisor configuration change Change configuration-controlled changes. hosts only, and may not event data, including specific user, action Control Employ automated mechanisms to capture unique user ID attempted (allowed or denied), source IP, (CM-3) implement changes to the current • Puts hosts in maintenance timestamp, target, etc. baseline and deploy the updated mode to deploy changes • Automates deployment of changes to the security baseline across the installed base. configuration of the hypervisor, without putting hosts in maintenance mode Access Enforce logical access restrictions • Enables broadly defined • Applies granular, user-specific role-based access Restrictions associated with changes to the system. role-based access controls to the hypervisor configuration and for Change Employ automated mechanisms to restrictions management interfaces (CM-5) enforce access restrictions and support • Does not log disallowed or • Automatically logs all allowed and denied operations auditing of the enforcement actions. failed operations on the hypervisor configuration • Does not support privileges Limit developer/ integrator privileges to • Enables enforcement of access restrictions tied to objects such as change hardware, software, and customized for roles such as developer and “production” VMs firmware and system information within integrator, and limitation of privileges on virtual a production environment. objects assigned a label such as “production” © 2012, HyTrust, Inc. www.hytrust.com 7
HyTrust Enables Configuration Management (CM) Compliance (continued) CM Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Configuration Monitor and control changes to configuration • Does not provide • Verifies, monitors, and controls Settings settings in accordance with organizational functionality that hypervisor configuration changes (CM-6) policies and procedures. verifies, monitors, or • Provides configuration change request Employ automated mechanisms to centrally controls hypervisor logs to SIEM solutions that can be manage, apply, and verify configuration settings. configurations used to trigger alerts Employ automated mechanisms to respond to • Does not provide means • Enables organization to check if a unauthorized changes to organization’s to generate alerts for configuration conforms with a configuration settings unauthorized customized configuration policy or configuration changes with guidance such as C.I.S. Demonstrate conformance to security configuration guidance (i.e., security checklists), • Is not able to check if a Benchmark standards, VMware Best prior to being introduced into a production configuration conforms Practices, or other frameworks environment. with policy or checklist Least Configure the information system to prohibit or • Enables some • Centrally enforces hypervisor access Functionality restrict the use of specified functions, ports, configuration of access policy via protocol (SSH, vSphere (CM-7) protocols, and/or services. restrictions on client, SOAP) and hypervisor IP individual hosts address controls on all hosts © 2012, HyTrust, Inc. www.hytrust.com 8
HyTrust Enables Identification and Authentication (IA) Compliance IA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Identification and Uniquely identify and authenticate • Permits root account • Requires a unique ID for access by Authentication organizational users, including organizational sharing, enabling an organizational user and (Organizational employees or individuals the organization anonymous access associates the unique ID with Users) deems to have equivalent status of employees • Requires password for every operation performed by (IA-2) (e.g., contractors, guest researchers, access; does not the user individuals from allied nations). support multi-factor • Supports multi-factor, replay- Use multifactor, replay-resistant authentication authentication resistant authentication such as for network and local access to privileged RSA SecurID and hardware accounts. For network accounts, one of the tokens for network and local factors is provided by a device separate from access to privileged accounts the information system being accessed. Allow the use of group authenticators only when used in conjunction with an individual/ unique authenticator. Identification and Uniquely identify and authenticate non- • Permits potential root • Requires a unique ID for access by Authentication (Non- organizational users. account sharing by non- a non-organizational user and Organizational Users) organizational users, associates the unique ID with (IA-2) enabling anonymous every operation performed by access the user © 2012, HyTrust, Inc. www.hytrust.com 9
HyTrust Enables System and Information Integrity (SI) Compliance SI Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Information Restricts the capability to input information • Does not restrict the ability to • Restricts the capability to input Input to the information system to authorized input information based on information, via any access method, Restrictions personnel. Restrictions may extend beyond specific operational/project using role-based authorization (SI-9) the typical access controls employed by the responsibilities sufficiently fine-grained to system and include limitations based on distinguish between users’ specific operational/project responsibilities. operational/project responsibilities © 2012, HyTrust, Inc. www.hytrust.com 10
HyTrust Fills Critical FISMA Audit Data Gaps Log Data Data for Allowed Data for Denied Usability and Provider Operation (example) Reconfig Attempt Productivity (example) Virtualization User: root none •  Separate log files for Platform Time/date vCenter and each host Target resource name, server URL Operation executed •  Different log formats for vCenter vs. hosts HyTrust All of the above, plus: •  User ID •  Consolidated, centrally •  User ID •  Date/time managed logs covering •  Source IP address •  Source IP address vCenter and all hosts •  Resource reconfigured •  Operation requested •  Previous resource state •  Operation denied •  Single, uniform format for •  New resource state •  Target resource name, combined vCenter and host •  Label (Production) IP address, port, and log data •  Required privileges protocol •  Evaluated rules/ •  Required privileges •  Logs sent to central constraints •  Missing privileges repository or SIEM via •  Evaluated rules/ syslog constraints © 2012, HyTrust, Inc. www.hytrust.com 11

Empfohlen

Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
C90 Security Service
C90 Security ServiceC90 Security Service
C90 Security Servicechristoboshoff
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC MagAlex Glushchenko
 
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani Enterprise Security Software
 
Windows Host Access Management with CA Access Control
Windows Host Access Management with CA Access ControlWindows Host Access Management with CA Access Control
Windows Host Access Management with CA Access Controlwebhostingguy
 
PCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management SuitePCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management SuiteHitachi ID Systems, Inc.
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 

Empfohlen

Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
C90 Security Service
C90 Security ServiceC90 Security Service
C90 Security Servicechristoboshoff
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC MagAlex Glushchenko
 
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani EpiForce Security Software Brochure
Apani EpiForce Security Software BrochureApani Enterprise Security Software
 
Windows Host Access Management with CA Access Control
Windows Host Access Management with CA Access ControlWindows Host Access Management with CA Access Control
Windows Host Access Management with CA Access Controlwebhostingguy
 
PCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management SuitePCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management SuiteHitachi ID Systems, Inc.
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesBulent Buyukkahraman
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheetjordagro
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionApani Enterprise Security Software
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platformabelsonp
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 
All About Virtualization
All About VirtualizationAll About Virtualization
All About VirtualizationEMC
 
G3sixty Overview
G3sixty OverviewG3sixty Overview
G3sixty Overviewtoharendi123
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesBulent Buyukkahraman
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheetjordagro
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platformabelsonp
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 

Was ist angesagt? (20)

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment ServicesAxoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancements
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
 

Ähnlich wie HyTrust-FISMA Compliance in the Virtual Data Center

All About Virtualization
All About VirtualizationAll About Virtualization
All About VirtualizationEMC
 
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufehVirtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufehjasdeep1153
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azurevivekbhat
 
Introduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptxIntroduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptxEshwarsk2
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...Andris Soroka
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
 
The Datacenter Of The Future
The Datacenter Of The FutureThe Datacenter Of The Future
The Datacenter Of The FutureCTRLS
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mwareReadWrite
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Cloud computing security plan for compliance
Cloud computing security plan for complianceCloud computing security plan for compliance
Cloud computing security plan for complianceIntel IT Center
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Sverige
 
Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...catherinewall
 

Ähnlich wie HyTrust-FISMA Compliance in the Virtual Data Center (20)

All About Virtualization
All About VirtualizationAll About Virtualization
All About Virtualization
 
G3sixty Overview
G3sixty OverviewG3sixty Overview
G3sixty Overview
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufehVirtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
 
Enterprise Security & SSO
Enterprise Security & SSOEnterprise Security & SSO
Enterprise Security & SSO
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azure
 
Introduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptxIntroduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptx
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
 
The Datacenter Of The Future
The Datacenter Of The FutureThe Datacenter Of The Future
The Datacenter Of The Future
 
Security for v mware
Security for v mwareSecurity for v mware
Security for v mware
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
Cloud computing security plan for compliance
Cloud computing security plan for complianceCloud computing security plan for compliance
Cloud computing security plan for compliance
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
 
Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...
 

Mehr von HyTrust

Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointHyTrust
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
S24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.veS24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.veHyTrust
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business ValueHyTrust
 
IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011HyTrust
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitectureHyTrust
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies HyTrust
 

Mehr von HyTrust (10)

Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End PointVirtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
 
S24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.veS24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.ve
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011
 
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference ArchitecturePCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
 
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
 

Kürzlich hochgeladen

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Kürzlich hochgeladen (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

HyTrust-FISMA Compliance in the Virtual Data Center

  • 1. FISMA Compliance in the Virtual Data Center Fulfilling NIST Requirements © 2012, HyTrust, Inc. www.hytrust.com 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com 1
  • 2. NIST Directives on Virtualization Security “ Organizations should have the same security controls in place for virtualized operating systems as they have for the same operating systems running ” directly on hardware. “ Ensure that the hypervisor is properly secured. ” “ Restrict and protect administrator access to the virtualization solution. The security of the entire virtual infrastructure relies on the security of the virtualization management system that controls the hypervisor and allows the operator to start guest OSs, create new ” guest OS images, and perform other administrative actions. Neither physical data center security controls nor the basic controls provided by the virtualization platform were designed to fulfill these requirements for FISMA compliance. © 2012, HyTrust, Inc. www.hytrust.com 2
  • 3. HyTrust Role in NIST/FISMA Compliance   6 of 18 NIST 800-53 control families IDENTIFIER FAMILY focus on controlling and tracking infrastructure access or ensuring configuration and system integrity   Compliance in virtual environments requires an approach that addresses the distinct attributes of virtual infrastructure access, configuration, and system integrity   HyTrust is purpose-built to control and log access activity, ensure compliant host configurations, and protect system integrity in virtual environments   HyTrust fills critical gaps in the virtualization platform’s NIST/FISMA Source: NIST Special Publication 800-53, Revision 3 compliance capabilities* * Platform capabilities mentioned in this document are believed to be accurate as of April, 2012, and are subject to revision © 2012, HyTrust, Inc. www.hytrust.com 3
  • 4. HyTrust Enables Access Control (AC) Compliance AC Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Account Specify access privileges and grant access to • Supports single factor • Supports multi-factor authentication Management the system based on: (i) a valid access authentication only • Prevents root account sharing (AC-2) authorization; (ii) intended system usage; and • Allows root account sharing • Prevents use of default passwords (iii) other attributes as required by the • Allows default passwords • Enables limited access privileges based organization or associated missions/business • Defaults to admin privileges on intended system usage and other functions. for all operations attributes Access Enforce approved authorizations for logical • Enables broad access • Enforces authorization policy defined by Enforcement access to the system in accordance with privileges based on roles granular role-based and attribute-based (AC-3) applicable policy. only access privileges Information Enforce approved authorizations for • Allows unfiltered VM-to-VM • Enforces trust zone policies that Flow controlling the flow of information within the communications, constrain users’ ability to change Enforcement system and between interconnected systems unconstrained by policy information flows (AC-4) in accordance with policy. Separation of Implement separation of duties through • Provides limited ability to • Provides the authorization granularity Duties (AC-5) assigned information system access enforce access policies needed for effective separation of authorizations. separating duties duties • Provides no pre-defined • Provides 17 pre-defined, customizable roles besides administrator roles Least Privilege Employ the concept of least privilege, allowing • Defaults to super user • Allows only the operations and access to (AC-6) only authorized accesses for users which are privileges virtual resources users need to do their necessary to accomplish assigned tasks in jobs accordance with organizational mission. Security Support the binding of security attributes to • Provides no mechanism to • Enables object tagging with security Attributes information in storage, in process, and in tag virtual objects with attributes that enable robust and (AC-16) transmission. security attributes flexible access control © 2012, HyTrust, Inc. www.hytrust.com 4
  • 5. HyTrust Enables Audit and Accountability (AU) Compliance (continued) AU Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Compliance Constraints/Gaps Virtual Environments Audit Review, Analyze and correlate audit records • Provides basic virtualization • Provides the thorough, fine-grained Analysis, and across different repositories to gain event data to SIEM solutions virtualization event data needed by Reporting (AU-6) organization-wide situational awareness that may not be detailed SIEM solutions for correlation with enough for correlation with similarly detailed physical data physical data center audit center records records Non-Repudiation Protect against an individual falsely • Allows admin anonymity via • Associates unique user ID with every (AU-10) denying having performed a particular sharing of root account event logged action. Audit Generation Provide audit record generation • Creates separate log files for • Consolidates and centrally manages (AU-12) capability for the list of auditable events vCenter and each host server logs covering vCenter and all hosts defined in AU-2. • Uses different log formats for • Uses a single, uniform format for Produce audit records in a standardized vCenter vs. hosts combined vCenter and host log data format. © 2012, HyTrust, Inc. www.hytrust.com 5
  • 6. HyTrust Enables Security Assessment and Authorization (CA) Compliance CA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Continuous Establish a continuous monitoring strategy • Does not provide functionality • Continuously monitors hypervisor Monitoring (CA-7) and implement a continuous monitoring to continuously monitor and configurations for drift and policy program that includes: manage the hypervisor violations • a configuration management process for configuration • Determines the security impact of the information system • Does not provide functionality configuration changes by • a determination of the security impact of to determine the security continuously comparing changes to the information system impact of changes to the configuration states to baselines hypervisor configuration such as C.I.S. Benchmark • Can only implement standards, VMware Best permissions on virtual Practices, and other frameworks objects in a hierarchical • Can establish permissions and fashion; cannot implement policies that can follow the virtual meaningful permissions in a machine regardless of where it dynamic environment. resides in the environment © 2012, HyTrust, Inc. www.hytrust.com 6
  • 7. HyTrust Enables Configuration Management (CM) Compliance CM Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Virtual Compliance Constraints/Gaps Environments Baseline Develop, document, and maintain under • Host Profiles functionality • Enables organization to define and automatically Configuration configuration control, a current baseline for maintaining baselines maintain a custom baseline configuration or a pre- (CM-2) configuration. not available with built baseline such as C.I.S. Benchmark standards, Employ automated mechanisms to Standard or Enterprise VMware Best Practices, or other frameworks maintain an up-to-date, complete, versions of platform • Does not require putting hosts in maintenance mode accurate, and readily available baseline • Requires hosts to be put in after remediating baseline variations configuration. maintenance mode and • Provides automated configuration maintenance for all VM’s to be moved to all versions of virtualization platform another host for the duration of the operation. Configuration Audit activities associated with • Logs changes for individual • Centrally logs all hypervisor configuration change Change configuration-controlled changes. hosts only, and may not event data, including specific user, action Control Employ automated mechanisms to capture unique user ID attempted (allowed or denied), source IP, (CM-3) implement changes to the current • Puts hosts in maintenance timestamp, target, etc. baseline and deploy the updated mode to deploy changes • Automates deployment of changes to the security baseline across the installed base. configuration of the hypervisor, without putting hosts in maintenance mode Access Enforce logical access restrictions • Enables broadly defined • Applies granular, user-specific role-based access Restrictions associated with changes to the system. role-based access controls to the hypervisor configuration and for Change Employ automated mechanisms to restrictions management interfaces (CM-5) enforce access restrictions and support • Does not log disallowed or • Automatically logs all allowed and denied operations auditing of the enforcement actions. failed operations on the hypervisor configuration • Does not support privileges Limit developer/ integrator privileges to • Enables enforcement of access restrictions tied to objects such as change hardware, software, and customized for roles such as developer and “production” VMs firmware and system information within integrator, and limitation of privileges on virtual a production environment. objects assigned a label such as “production” © 2012, HyTrust, Inc. www.hytrust.com 7
  • 8. HyTrust Enables Configuration Management (CM) Compliance (continued) CM Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Configuration Monitor and control changes to configuration • Does not provide • Verifies, monitors, and controls Settings settings in accordance with organizational functionality that hypervisor configuration changes (CM-6) policies and procedures. verifies, monitors, or • Provides configuration change request Employ automated mechanisms to centrally controls hypervisor logs to SIEM solutions that can be manage, apply, and verify configuration settings. configurations used to trigger alerts Employ automated mechanisms to respond to • Does not provide means • Enables organization to check if a unauthorized changes to organization’s to generate alerts for configuration conforms with a configuration settings unauthorized customized configuration policy or configuration changes with guidance such as C.I.S. Demonstrate conformance to security configuration guidance (i.e., security checklists), • Is not able to check if a Benchmark standards, VMware Best prior to being introduced into a production configuration conforms Practices, or other frameworks environment. with policy or checklist Least Configure the information system to prohibit or • Enables some • Centrally enforces hypervisor access Functionality restrict the use of specified functions, ports, configuration of access policy via protocol (SSH, vSphere (CM-7) protocols, and/or services. restrictions on client, SOAP) and hypervisor IP individual hosts address controls on all hosts © 2012, HyTrust, Inc. www.hytrust.com 8
  • 9. HyTrust Enables Identification and Authentication (IA) Compliance IA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Identification and Uniquely identify and authenticate • Permits root account • Requires a unique ID for access by Authentication organizational users, including organizational sharing, enabling an organizational user and (Organizational employees or individuals the organization anonymous access associates the unique ID with Users) deems to have equivalent status of employees • Requires password for every operation performed by (IA-2) (e.g., contractors, guest researchers, access; does not the user individuals from allied nations). support multi-factor • Supports multi-factor, replay- Use multifactor, replay-resistant authentication authentication resistant authentication such as for network and local access to privileged RSA SecurID and hardware accounts. For network accounts, one of the tokens for network and local factors is provided by a device separate from access to privileged accounts the information system being accessed. Allow the use of group authenticators only when used in conjunction with an individual/ unique authenticator. Identification and Uniquely identify and authenticate non- • Permits potential root • Requires a unique ID for access by Authentication (Non- organizational users. account sharing by non- a non-organizational user and Organizational Users) organizational users, associates the unique ID with (IA-2) enabling anonymous every operation performed by access the user © 2012, HyTrust, Inc. www.hytrust.com 9
  • 10. HyTrust Enables System and Information Integrity (SI) Compliance SI Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Information Restricts the capability to input information • Does not restrict the ability to • Restricts the capability to input Input to the information system to authorized input information based on information, via any access method, Restrictions personnel. Restrictions may extend beyond specific operational/project using role-based authorization (SI-9) the typical access controls employed by the responsibilities sufficiently fine-grained to system and include limitations based on distinguish between users’ specific operational/project responsibilities. operational/project responsibilities © 2012, HyTrust, Inc. www.hytrust.com 10
  • 11. HyTrust Fills Critical FISMA Audit Data Gaps Log Data Data for Allowed Data for Denied Usability and Provider Operation (example) Reconfig Attempt Productivity (example) Virtualization User: root none •  Separate log files for Platform Time/date vCenter and each host Target resource name, server URL Operation executed •  Different log formats for vCenter vs. hosts HyTrust All of the above, plus: •  User ID •  Consolidated, centrally •  User ID •  Date/time managed logs covering •  Source IP address •  Source IP address vCenter and all hosts •  Resource reconfigured •  Operation requested •  Previous resource state •  Operation denied •  Single, uniform format for •  New resource state •  Target resource name, combined vCenter and host •  Label (Production) IP address, port, and log data •  Required privileges protocol •  Evaluated rules/ •  Required privileges •  Logs sent to central constraints •  Missing privileges repository or SIEM via •  Evaluated rules/ syslog constraints © 2012, HyTrust, Inc. www.hytrust.com 11