Introducing Centrify DirectAuthorize - Cerberis

Regulations Require Authorization ControlsRegulationSarbanes-OxleySection 404Specific Authorization and Privilege Control Requirements... (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, ofthe effectiveness of the internal control structure and procedures of the issuer forfinancial reporting.Payment CardIndustry DataSecurity StandardHealthcareInsurancePortability andAccountability ActFederalInformationSecurityManagement Act of20027.1 Limit access to computing resources and cardholder information only to thoseindividuals whose job requires such access.7.2 Establish a mechanism for systems with multiple users that restricts access based ona user’s need to know and is set to “deny all” unless specifically allowed.SUMMARY: This rule includes standards to protect the privacy of individually identifiablehealth information.Section 164.508 describes the uses and disclosures for which an authorization isrequired.Title III - Information Security’s purpose is to provide a comprehensive framework forensuring the effectiveness of information security controls over information resourcesthat support Federal operations and assets.The combination of Federal Information Processing Standards (FIPS) documents and thespecial publications SP-800 series issued by NIST to define the standards and guidelinesrequired to support implementation and compliance with FISMA requirements.National IndustrialSecurity ProgramOperating Manual© 2004-2009 CENTRIFY CORPORATION. ALL RIGHTS RESERVED.8-606. Access Controls (Access). The IS shall store and preserve the integrity of thesensitivity of all information internal to the IS.8-607. Identification and Authentication (I&A). A) Requirements. Procedures thatinclude provisions for uniquely identifying and authenticating the users. B) An I&Amanagement mechanism that ensures a unique identifier for each user and thatassociates that identifier with all auditable actions taken by the user.SLIDE 5