FISMA Compliance NIST 800-53 Requirement

Xsuite

AC-1 Access Control Policy and Procedures

Supports the definition, creation, documentation and enforcement of access control policies for privileged users, passwords and application passwords.

AC-2 Account Management

Provides organizations with robust control over the management of privileged user access and passwords, and passwords associated with application-to-application interactions. This control extends management of login accounts beyond those associated with discrete individuals to role-based administrative accounts and to accounts where processes act on behalf of one or more users.

AC-3 Access Enforcement

Provides a complete workflow for evaluating, approving, implementing and enforcing authorizations to information systems, including support for dual authorizations.

AC-5 Separation of Duties

Xsuite supports the separation of duties for network security. Granular controls, to the level of individual commands, can be defined and enforced for users. This control is possible even in those cases where enforcing separation of duties has traditionally been difficult, or even impossible, because of shared administrative accounts. Individuals or groups can be provided with access only to those systems and commands permitted by organizational policies.

AC-6 Least Privilege

Fully supports the application and enforcement of least-privilege access control policies, allowing users to access only the processes that are authorized and necessary for accomplishing their assigned tasks in accordance with business functions.

AC-7 Unsuccessful Login Attempts

Enables the creation and enforcement of policy-based limits on passwords. These include a limit on the number of unsuccessful attempts to login to an account before it is deactivated.

AC-8 System Use Notification

Provides the capability to display a system use notification message before granting access to systems.

AC-17 Remote Access

Documents the allowed methods of access for remote systems, including usage restrictions, monitoring for unauthorized access, authorization processes, and enforcement of requirements for remote network access.

AU-10 Non-Repudiation

Eliminates the traditional requirement for the shared use of administrative accounts and application passwords. Since a one-to-one relationship between individuals and their actions is maintained, protection from repudiation is provided.

AU-12 Audit Generation

Provides detailed logging and reporting capabilities, detailing information and events surrounding granting access to systems, logins and logoffs by users, and full session recording.

AU-14 Session Audit

Provides real-time access monitoring and security alerting for attempted policy violations. Supports full session recording for Telnet, SSH and Serial Command Line activities and also allows for fully searchable playback of the recorded sessions. Detailed recording of password creation, modification, and use also is provided.

IA-2 Identification and Authentication (Organizational Users)

Uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users) on the network.

IIA-7 Cryptographic Module Authentication

Fully certified according to the standards of FIPS 140-2 Level 2.

IA-8 Identification and Authentication (Non-Organizational Users)

Provides comprehensive access controls for the identification and authentication of individuals (including vendors and other third parties), applications and other processes.

PS-4 Personnel Termination

Establishes the ability to comply with PS-4 Control A, by ensuring immediate termination of information system access by individuals. Support for controls C and D also is provided, because access to managed information systems is controlled by managers, not individuals.