Many laws, regulations and industry standards call for monitoring and controlling access to privileged accounts. As a result, companies have to increase their control over business processes, ensuring that only those employees who are authorized can access critical IT assets. Complying with the variety of regulations and standards can be costly.
Privileged Access Management can facilitate compliance with the following standards and regulations
The ISO27001 standard forms part of the ISO27000 series of standards published by the International Organization for Standardization. First published in 2005 and updated in 2013. The ISO27001 requirements sets up a framework for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS).
To learn more on the ISO 27001 download our paper here.
Organizations involved in payment card data management, including those that store, process, or transmit cardholder data are required to implement The Payment Card Industry (PCI) Data Security Standard (DSS). PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data.
To learn more on how to secure cardholder data from unauthorized access download or PCI specific white paper here.
To counter the growing threat posed by cybercriminals, the New York Department of Financial Services (NY DSF) has started a new cyber security program. The Regulation establishes the minimum cyber security requirements for all financial services conducting business in New York State or under the jurisdiction of NY DSF.
Find out more on how to secure access to information systems and nonpublic information by managing your privileged users here.
The General Data Protection Regulation (GDPR) was issued by EU Parliament on 14 April 2016. The regulation builds on the foundation laid down in Directive 95/46/EC but also featuring a set of additional requirements to protect collected and processed personal data of EU citizens.
To learn more about complying with the GDPR, download our white paper here.
All Healthcare providers involved in storing or transferring protected health information (PHI) or electronic protected health information (ePHI) must comply with the Health Insurance Portability and Accountability Act (HIPAA).
To learn more on HIPAA download our paper here.
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) functions as a sum of best practices and procedure recommendations for protecting organizations’ critical assets. It was influenced by regulations such as COBIT 5, NIST 800-53, ISO/IEC 27001:2013 and ISA 62443-2-1:2009. The purpose of the framework is to help organizations establishing and achieving cybersecurity development goals.
To learn more on NIST CSF download our paper here.