Compliance alone does not ensure the real value an organization gains from NIST 800-53 compliance. Avatier Identity Management Software suite (AIMS) offers a holistic compliance management solution featuring IT automation coupled with self-service administration. AIMS automates FISMA and FIPS 200 compliance solutions to deliver a unified compliance management software solution.
| Code | Title | AIMS | Description |
|---|---|---|---|
| AC-1 | Access Control Policy | Identity Enforcer | Formalize procedures to facilitate the implementation of access control policies. |
| AC-2 | Account Management | Identity Enforcer | Manage system accounts, group memberships, privileges, workflow, notifications, deactivations, and authorizations. |
| AC-3 | Access Enforcement | Identity Enforcer | Enforce approved authorizations for access to systems in accordance with policy. |
| AC-4 | Information Flow Enforcement | Identity Enforcer | Enforce approved authorizations. Control information workflow between interconnected systems. |
| AC-5 | Separation of Duties | Identity Enforcer | Separate duties of individuals to prevent malevolent activity. automate separation of duties and access authorizations. |
| AC-6 | Least Privilege | Identity Enforcer | Automate least privilege. Allow only authorized accesses for users and processes which are necessary. |
| AC-7 | Unsuccessful Login Attempts | Password Station | Enforce a limit of consecutive invalid login attempts by a user. |
| AC-8 | System Use Notification | Password Station | Display approved system use notification prior to login and where appropriate. |
| AC-9 | Logon (Access) Notification | Password Station | Notify users upon successful logon of the date and time of logon. |
| AC-10 | Concurrent Session Control | Identity Enforcer | Limit and define the number of concurrent sessions for each system account by account type, account or a combination. |
| AC-11 | Session Lock | Password Station | Prevent further access to systems. Initiate session lock after inactivity or upon receiving a request from a user. |
| AC-14 | Actions without Authentication | Identity Enforcer | Identify specific user actions that can be performed on an information system without identification and authentication. |
| AC-16 | Security Attributes | Identity Enforcer | Support and maintains the binding of security attributes to information in storage, in process, and in transition. |
| AC-17 | Remote Access | Identity Enforcer | Authorize remote access systems prior to connection. Enforce remote connection requirements to information systems. |
| AC-18 | Wireless Access | Identity Enforcer | Authorize wireless access to systems prior to connection. Enforce wireless requirements for connecting to systems. |
| AC-19 | Mobile Device Access Control | Identity Enforcer | Authorize mobile device access to system prior to connection. Enforce mobile device system connection requirements. |
| AC-20 | External Information Systems | Password Station | Access information systems from external systems. Process, store and transmit information using external systems. |
| AC-21 | User Collaboration and Information Sharing | Group Requester | Facilitate information sharing. Enable authorized users to grant access to partners. |
| AC-22 | Publicly Accessible Content | Identity Enforcer | Designate individuals authorized to post information onto an organization's information system that is publicly accessible. |
| Code | Title | AIMS | Description |
|---|---|---|---|
| AU-1 | Audit Accountability Procedures | Compliance Auditor | Automate audit and accountability policy and procedures that addresses purpose, scope, roles, responsibilities, management, coordination and compliance. |
| AU-2 | Auditable Events | Compliance Auditor | Automate security audit function with other organizational entities. Enable mutual support of audit of auditable events. |
| AU-3 | Content of Audit Records | Identity Enforcer | Produce audit records that report what event occurred, when, where, the source, the outcome, and the identity. |
| AU-4 | Audit Storage Capacity | Compliance Auditor | Allocate audit record storage capacity and configure auditing to reduce the likelihood of such capacity being exceeded. |
| AU-5 | Response to Audit Processing Failures | Compliance Auditor | Alert designated organizational officials in the event of an audit processing failure and take appropriate action. |
| AU-6 | Audit, Review, Analysis and Reporting | Compliance Auditor | Integrate audit review, analysis, and reporting with processes for investigation and response to suspicious activities. |
| AU-7 | Audit Reduction and Report Generation | Compliance Auditor | Support for real-time audit review, analysis, and reporting requirements without altering original audit records. |
| AU-8 | Time Stamps | Identity Enforcer | Use internal system clocks to generate time stamps for audit records. |
| AU-9 | Protection of Audit Information | Compliance Auditor | Protect audit information & tools from unauthorized access, modification & deletion. |
| AU-10 | Non-Repudiation | Compliance Auditor | Protect against an individual falsely denying having performed an action. |
| AU-11 | Audit Record Retention | Compliance Auditor | Retain audit records for security investigations. Meet regulatory and organizational data retention requirements. |
| AU-12 | Audit Generation | Compliance Auditor | Audit events defined in AU-2. Allow trusted personnel to select which events to audit. Generate audit records for events. |
| AU-14 | Session Audit | Identity Enforcer | Capture, record and log user sessions. Remotely view all content related to a user session that starts at system start-up. |
| Code | Title | AIMS | Description |
|---|---|---|---|
| CA-1 | Security Assessment and Authorization | Identity Analyzer | Formalize security assessment. Implement security assessments of authorization policies and internal controls. |
| CA-2 | Security Assessments | Identity Analyzer | Assess security controls to determine effectiveness and produce security reports, documentation, and graphs. |
| CA-5 | Plan of Action Milestones | Identity Analyzer | Determine actions and milestones as part of a security assessment to reduce or eliminate system vulnerabilities. |
| CA-6 | Security Authorization | Identity Enforcer | Assign authorizing roles in systems and workflow for processing authorizations before commencing operations. |
| CA-7 | Continuous Monitoring | Identity Analyzer | Continuously monitor configuration management processes. Determine security impact, environment and operational risks. |
| Code | Title | AIMS | Description |
|---|---|---|---|
| IA-1 | Identification and Authentication | Identity Enforcer | Automate identity and authentication policies. Coordinate organizational entities. Streamline compliance operations. |
| IA-2 | Identification and Authentication (Org) | Identity Enforcer | Identify and authenticate organization users and processes. |
| IA-4 | Identifier Management | Identity Enforcer | Manage information system identifiers for users and devices. Automate authorizing and disabling users to prevent misuse. |
| IA-5 | Authentication Management | Identity Enforcer | Authenticate users and devices. Automate administrative control. Enforce restrictions. Protect against unauthorized use. |
| IA-6 | Authentication Feedback | Password Station | Obscure authentication feedback during authentication process. Protect authentication information from exploitation. |
| IA-7 | Cryptographic Module Authentication | Identity Enforcer | Authentication to a cryptographic module that meet applicable legal requirements. |
| IA-8 | Identification and Authenticate (Non-Org) | Identity Enforcer | Identify and authenticate non-organizational users and processes. |
| Code | Title | AIMS | Description |
|---|---|---|---|
| RA-1 | Risk Assessment Policy and Procedures | Balanced Scorecard | Track risk assessment policies that address purpose, scope, roles, management, and organizational compliance. |
| RA-2 | Security Categorization | Balanced Scorecard | Categorize information and system in accordance with applicable laws, Executive Orders, regulations and standards. |
| RA-3 | Risk Assessment | Balanced Scorecard | Assess risks and magnitude of unauthorized system access, use, disclosure, disruption, modifications, or destruction. |
| RA-5 | Vulnerability Scanning | Identity Analyzer | Scan for system vulnerabilities. Share vulnerability information and security controls that eliminate vulnerabilities. |
Avatier is the identity management company designed for business users. We automate and unify enterprise operations by standardizing business processes with an IT store. Our IT service catalog creates a single system of record for access requests and IT audit. Our easily extensible identity management system lowers operational cost and provides corporate governance visibility. Avatier automates workflow and compliance reviews to reduce IT security risks. Avatier is headquartered in the San Francisco Bay area with offices in Chicago, Dallas, New York, Washington DC, London, Munich, Singapore, Dublin, and Sydney. Our products operate globally for customers like Marriott, DHL, ESPN, Halliburton, Starbucks and hundreds more.
