The defense industrial base (DIB) is a prime target for cyber-attacks. To protect national security information within the DIB - the U.S. Department of Defense designed the CMMC framework.
The Cybersecurity Maturity Model Certification (CMMC) is a designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared with contractors and subcontractors of the Department through acquisition programs.
The CMMC defines 17 security domains which are further classified into 171 security best practices. These security practices help organizations have a formal set of cybersecurity activities that are consistent and help mitigate data breaches.
The CMMC provides a certification to ensure that companies are keeping up with the required processes to be cybersecure. Generally, multiple software tools are used to keep up with requirements and also to obtain a higher certification by proving good cybersecurity posture.
Securden Unified PAM is a holistic privileged access management solution that has capabilities to help comply with multiple domains requirements under the CMMC framework. Companies that work with the government can secure their CMMC certification easier with Unified PAM.
CMMC Domain | Securden Unified PAM Capabilities |
---|---|
Access Control (AC) | |
The access control domain is regarding access controls, rights and authorization to access data and resources. It encapsulates account assignment and depicts how passwords and credentials are used. This domain also highlights provisioning and elevating access to privileged accounts. In summary it requires organizations to:
|
Securden Unified PAM can be utilized to satisfy all the access control recommendations related to managing privileged and administrative identities. This includes discovery and management of privileged accounts, and comprehensive auditing of sensitive access.
|
Asset Management (AM) | |
The asset management domain involves gathering insights on assets and keeping an asset inventory.
|
Securden Unified PAM helps with discovery of IT assets and create an inventory within the PAM solution. It also identifies certain attributes of these systems like their operating system (OS). Users can utilize PAM to directly launch connections to these assets. |
Audit and Accountability (AU) | |
The asset management domain involves gathering insights on assets and keeping an asset inventory.
|
Securden Unified PAM ensures that all system account activity can be traced back to the users who performed them. This holds them accountable for their actions
|
Identification and Authentication (IA) | |
The identification and authentication domain involves controls to verify user identities, devices and processes. It also enforces password complexity requirements and multi factor authentication to access privileged accounts.
|
Securden Unified PAM ensures that all users and shared accounts are identified through verification and passwords are complex and rotated.
|
Systems and Communications Protection (SC) | |
The system and communications protection domain is about securing systems and communications. It includes:
|
Securden Unified PAM helps by securing privileged sessions through encryption and secure tunneling to protect communication channels. Privilege elevation and delegation capabilities allow users to gain elevated privileges as and when needed. This prevents unauthorized access and mitigates the risk of breaches. |
Securden Unified PAM supports companies to comply with requirements to protect information by meeting CMMC security controls and suggested practices. This in turn helps safeguard unclassified information within the Department of Defense (DoD) supply chain.