Enviar pesquisa
Carregar
HyTrust-FISMA Compliance in the Virtual Data Center
•
1 gostou
•
841 visualizações
H
HyTrust
Seguir
Tecnologia
Negócios
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 11
Baixar agora
Baixar para ler offline
Recomendados
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
HyTrust
C90 Security Service
C90 Security Service
christoboshoff
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag
Alex Glushchenko
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software Brochure
Apani Enterprise Security Software
Windows Host Access Management with CA Access Control
Windows Host Access Management with CA Access Control
webhostingguy
PCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management Suite
Hitachi ID Systems, Inc.
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
Recomendados
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
HyTrust
C90 Security Service
C90 Security Service
christoboshoff
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
17702 HP-UX IIi SC Mag
17702 HP-UX IIi SC Mag
Alex Glushchenko
Apani EpiForce Security Software Brochure
Apani EpiForce Security Software Brochure
Apani Enterprise Security Software
Windows Host Access Management with CA Access Control
Windows Host Access Management with CA Access Control
webhostingguy
PCI-DSS Compliance Using the Hitachi ID Management Suite
PCI-DSS Compliance Using the Hitachi ID Management Suite
Hitachi ID Systems, Inc.
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust
Secure nets-and-data
Secure nets-and-data
Kevin Mayo
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
Bulent Buyukkahraman
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
jordagro
Regulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
Apani Enterprise Security Software
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
SafeNet
Od webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
Best Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
Novell
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Private Cloud
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
Healthcare it consolidated
Healthcare it consolidated
OracleIDM
Windows 7 security enhancements
Windows 7 security enhancements
Narenda Wicaksono
Defense Foundation Product Brief
Defense Foundation Product Brief
wdjohnson1
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
Tuan Phan
Cybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
abelsonp
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
All About Virtualization
All About Virtualization
EMC
G3sixty Overview
G3sixty Overview
toharendi123
Mais conteúdo relacionado
Mais procurados
Secure nets-and-data
Secure nets-and-data
Kevin Mayo
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
Bulent Buyukkahraman
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
jordagro
Regulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
Apani Enterprise Security Software
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
SafeNet
Od webcast-cloud-fraud final
Od webcast-cloud-fraud final
OracleIDM
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
OracleIDM
Best Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
Novell
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Private Cloud
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
Healthcare it consolidated
Healthcare it consolidated
OracleIDM
Windows 7 security enhancements
Windows 7 security enhancements
Narenda Wicaksono
Defense Foundation Product Brief
Defense Foundation Product Brief
wdjohnson1
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
Tuan Phan
Cybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
abelsonp
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
OracleIDM
Mais procurados
(20)
Secure nets-and-data
Secure nets-and-data
Axoss Network Vulnerability Assessment Services
Axoss Network Vulnerability Assessment Services
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
Regulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
Od webcast-cloud-fraud final
Od webcast-cloud-fraud final
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
Best Practices for Cloud Security
Best Practices for Cloud Security
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Healthcare it consolidated
Healthcare it consolidated
Windows 7 security enhancements
Windows 7 security enhancements
Defense Foundation Product Brief
Defense Foundation Product Brief
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
Cybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
Semelhante a HyTrust-FISMA Compliance in the Virtual Data Center
All About Virtualization
All About Virtualization
EMC
G3sixty Overview
G3sixty Overview
toharendi123
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
jasdeep1153
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azure
vivekbhat
Introduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptx
Eshwarsk2
Trend micro deep security
Trend micro deep security
Trend Micro
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
Andris Soroka
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
Graeme Wood
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
Booz Allen Hamilton
The Datacenter Of The Future
The Datacenter Of The Future
CTRLS
Security for v mware
Security for v mware
ReadWrite
Virtualization Security
Virtualization Security
syrinxtech
Cloud computing security plan for compliance
Cloud computing security plan for compliance
Intel IT Center
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Sverige
Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...
catherinewall
Semelhante a HyTrust-FISMA Compliance in the Virtual Data Center
(20)
All About Virtualization
All About Virtualization
G3sixty Overview
G3sixty Overview
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Virtuaization jwneilhw pehfpijwrhfipuwrhiwh iufhgipuhriph riup hiuefhv 9ufeh
Enterprise Security & SSO
Enterprise Security & SSO
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azure
Introduction to virtualization and Hypervisor.pptx
Introduction to virtualization and Hypervisor.pptx
Trend micro deep security
Trend micro deep security
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
The Datacenter Of The Future
The Datacenter Of The Future
Security for v mware
Security for v mware
Virtualization Security
Virtualization Security
Cloud computing security plan for compliance
Cloud computing security plan for compliance
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
Cloud Computing in Practice: Fast Application Development and Delivery on For...
Cloud Computing in Practice: Fast Application Development and Delivery on For...
Mais de HyTrust
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
HyTrust
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
HyTrust
S24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.ve
HyTrust
G12: Implementation to Business Value
G12: Implementation to Business Value
HyTrust
IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011
HyTrust
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
HyTrust
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
HyTrust
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
HyTrust
Mais de HyTrust
(10)
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
S24 – Virtualiza.on Security from the Auditor Perspec.ve
S24 – Virtualiza.on Security from the Auditor Perspec.ve
G12: Implementation to Business Value
G12: Implementation to Business Value
IBM X-Force 2010 Trend and Risk Report-March 2011
IBM X-Force 2010 Trend and Risk Report-March 2011
PCI Compliance and Cloud Reference Architecture
PCI Compliance and Cloud Reference Architecture
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Último
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Último
(20)
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Slack Application Development 101 Slides
Slack Application Development 101 Slides
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
HyTrust-FISMA Compliance in the Virtual Data Center
1.
FISMA Compliance in
the Virtual Data Center Fulfilling NIST Requirements © 2012, HyTrust, Inc. www.hytrust.com 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com 1
2.
NIST Directives on
Virtualization Security “ Organizations should have the same security controls in place for virtualized operating systems as they have for the same operating systems running ” directly on hardware. “ Ensure that the hypervisor is properly secured. ” “ Restrict and protect administrator access to the virtualization solution. The security of the entire virtual infrastructure relies on the security of the virtualization management system that controls the hypervisor and allows the operator to start guest OSs, create new ” guest OS images, and perform other administrative actions. Neither physical data center security controls nor the basic controls provided by the virtualization platform were designed to fulfill these requirements for FISMA compliance. © 2012, HyTrust, Inc. www.hytrust.com 2
3.
HyTrust Role in
NIST/FISMA Compliance 6 of 18 NIST 800-53 control families IDENTIFIER FAMILY focus on controlling and tracking infrastructure access or ensuring configuration and system integrity Compliance in virtual environments requires an approach that addresses the distinct attributes of virtual infrastructure access, configuration, and system integrity HyTrust is purpose-built to control and log access activity, ensure compliant host configurations, and protect system integrity in virtual environments HyTrust fills critical gaps in the virtualization platform’s NIST/FISMA Source: NIST Special Publication 800-53, Revision 3 compliance capabilities* * Platform capabilities mentioned in this document are believed to be accurate as of April, 2012, and are subject to revision © 2012, HyTrust, Inc. www.hytrust.com 3
4.
HyTrust Enables Access
Control (AC) Compliance AC Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Account Specify access privileges and grant access to • Supports single factor • Supports multi-factor authentication Management the system based on: (i) a valid access authentication only • Prevents root account sharing (AC-2) authorization; (ii) intended system usage; and • Allows root account sharing • Prevents use of default passwords (iii) other attributes as required by the • Allows default passwords • Enables limited access privileges based organization or associated missions/business • Defaults to admin privileges on intended system usage and other functions. for all operations attributes Access Enforce approved authorizations for logical • Enables broad access • Enforces authorization policy defined by Enforcement access to the system in accordance with privileges based on roles granular role-based and attribute-based (AC-3) applicable policy. only access privileges Information Enforce approved authorizations for • Allows unfiltered VM-to-VM • Enforces trust zone policies that Flow controlling the flow of information within the communications, constrain users’ ability to change Enforcement system and between interconnected systems unconstrained by policy information flows (AC-4) in accordance with policy. Separation of Implement separation of duties through • Provides limited ability to • Provides the authorization granularity Duties (AC-5) assigned information system access enforce access policies needed for effective separation of authorizations. separating duties duties • Provides no pre-defined • Provides 17 pre-defined, customizable roles besides administrator roles Least Privilege Employ the concept of least privilege, allowing • Defaults to super user • Allows only the operations and access to (AC-6) only authorized accesses for users which are privileges virtual resources users need to do their necessary to accomplish assigned tasks in jobs accordance with organizational mission. Security Support the binding of security attributes to • Provides no mechanism to • Enables object tagging with security Attributes information in storage, in process, and in tag virtual objects with attributes that enable robust and (AC-16) transmission. security attributes flexible access control © 2012, HyTrust, Inc. www.hytrust.com 4
5.
HyTrust Enables Audit
and Accountability (AU) Compliance (continued) AU Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Compliance Constraints/Gaps Virtual Environments Audit Review, Analyze and correlate audit records • Provides basic virtualization • Provides the thorough, fine-grained Analysis, and across different repositories to gain event data to SIEM solutions virtualization event data needed by Reporting (AU-6) organization-wide situational awareness that may not be detailed SIEM solutions for correlation with enough for correlation with similarly detailed physical data physical data center audit center records records Non-Repudiation Protect against an individual falsely • Allows admin anonymity via • Associates unique user ID with every (AU-10) denying having performed a particular sharing of root account event logged action. Audit Generation Provide audit record generation • Creates separate log files for • Consolidates and centrally manages (AU-12) capability for the list of auditable events vCenter and each host server logs covering vCenter and all hosts defined in AU-2. • Uses different log formats for • Uses a single, uniform format for Produce audit records in a standardized vCenter vs. hosts combined vCenter and host log data format. © 2012, HyTrust, Inc. www.hytrust.com 5
6.
HyTrust Enables Security
Assessment and Authorization (CA) Compliance CA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Continuous Establish a continuous monitoring strategy • Does not provide functionality • Continuously monitors hypervisor Monitoring (CA-7) and implement a continuous monitoring to continuously monitor and configurations for drift and policy program that includes: manage the hypervisor violations • a configuration management process for configuration • Determines the security impact of the information system • Does not provide functionality configuration changes by • a determination of the security impact of to determine the security continuously comparing changes to the information system impact of changes to the configuration states to baselines hypervisor configuration such as C.I.S. Benchmark • Can only implement standards, VMware Best permissions on virtual Practices, and other frameworks objects in a hierarchical • Can establish permissions and fashion; cannot implement policies that can follow the virtual meaningful permissions in a machine regardless of where it dynamic environment. resides in the environment © 2012, HyTrust, Inc. www.hytrust.com 6
7.
HyTrust Enables Configuration
Management (CM) Compliance CM Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Virtual Compliance Constraints/Gaps Environments Baseline Develop, document, and maintain under • Host Profiles functionality • Enables organization to define and automatically Configuration configuration control, a current baseline for maintaining baselines maintain a custom baseline configuration or a pre- (CM-2) configuration. not available with built baseline such as C.I.S. Benchmark standards, Employ automated mechanisms to Standard or Enterprise VMware Best Practices, or other frameworks maintain an up-to-date, complete, versions of platform • Does not require putting hosts in maintenance mode accurate, and readily available baseline • Requires hosts to be put in after remediating baseline variations configuration. maintenance mode and • Provides automated configuration maintenance for all VM’s to be moved to all versions of virtualization platform another host for the duration of the operation. Configuration Audit activities associated with • Logs changes for individual • Centrally logs all hypervisor configuration change Change configuration-controlled changes. hosts only, and may not event data, including specific user, action Control Employ automated mechanisms to capture unique user ID attempted (allowed or denied), source IP, (CM-3) implement changes to the current • Puts hosts in maintenance timestamp, target, etc. baseline and deploy the updated mode to deploy changes • Automates deployment of changes to the security baseline across the installed base. configuration of the hypervisor, without putting hosts in maintenance mode Access Enforce logical access restrictions • Enables broadly defined • Applies granular, user-specific role-based access Restrictions associated with changes to the system. role-based access controls to the hypervisor configuration and for Change Employ automated mechanisms to restrictions management interfaces (CM-5) enforce access restrictions and support • Does not log disallowed or • Automatically logs all allowed and denied operations auditing of the enforcement actions. failed operations on the hypervisor configuration • Does not support privileges Limit developer/ integrator privileges to • Enables enforcement of access restrictions tied to objects such as change hardware, software, and customized for roles such as developer and “production” VMs firmware and system information within integrator, and limitation of privileges on virtual a production environment. objects assigned a label such as “production” © 2012, HyTrust, Inc. www.hytrust.com 7
8.
HyTrust Enables Configuration
Management (CM) Compliance (continued) CM Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Configuration Monitor and control changes to configuration • Does not provide • Verifies, monitors, and controls Settings settings in accordance with organizational functionality that hypervisor configuration changes (CM-6) policies and procedures. verifies, monitors, or • Provides configuration change request Employ automated mechanisms to centrally controls hypervisor logs to SIEM solutions that can be manage, apply, and verify configuration settings. configurations used to trigger alerts Employ automated mechanisms to respond to • Does not provide means • Enables organization to check if a unauthorized changes to organization’s to generate alerts for configuration conforms with a configuration settings unauthorized customized configuration policy or configuration changes with guidance such as C.I.S. Demonstrate conformance to security configuration guidance (i.e., security checklists), • Is not able to check if a Benchmark standards, VMware Best prior to being introduced into a production configuration conforms Practices, or other frameworks environment. with policy or checklist Least Configure the information system to prohibit or • Enables some • Centrally enforces hypervisor access Functionality restrict the use of specified functions, ports, configuration of access policy via protocol (SSH, vSphere (CM-7) protocols, and/or services. restrictions on client, SOAP) and hypervisor IP individual hosts address controls on all hosts © 2012, HyTrust, Inc. www.hytrust.com 8
9.
HyTrust Enables Identification
and Authentication (IA) Compliance IA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment Constraints/Gaps for Virtual Environments Identification and Uniquely identify and authenticate • Permits root account • Requires a unique ID for access by Authentication organizational users, including organizational sharing, enabling an organizational user and (Organizational employees or individuals the organization anonymous access associates the unique ID with Users) deems to have equivalent status of employees • Requires password for every operation performed by (IA-2) (e.g., contractors, guest researchers, access; does not the user individuals from allied nations). support multi-factor • Supports multi-factor, replay- Use multifactor, replay-resistant authentication authentication resistant authentication such as for network and local access to privileged RSA SecurID and hardware accounts. For network accounts, one of the tokens for network and local factors is provided by a device separate from access to privileged accounts the information system being accessed. Allow the use of group authenticators only when used in conjunction with an individual/ unique authenticator. Identification and Uniquely identify and authenticate non- • Permits potential root • Requires a unique ID for access by Authentication (Non- organizational users. account sharing by non- a non-organizational user and Organizational Users) organizational users, associates the unique ID with (IA-2) enabling anonymous every operation performed by access the user © 2012, HyTrust, Inc. www.hytrust.com 9
10.
HyTrust Enables System
and Information Integrity (SI) Compliance SI Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for Constraints/Gaps Virtual Environments Information Restricts the capability to input information • Does not restrict the ability to • Restricts the capability to input Input to the information system to authorized input information based on information, via any access method, Restrictions personnel. Restrictions may extend beyond specific operational/project using role-based authorization (SI-9) the typical access controls employed by the responsibilities sufficiently fine-grained to system and include limitations based on distinguish between users’ specific operational/project responsibilities. operational/project responsibilities © 2012, HyTrust, Inc. www.hytrust.com 10
11.
HyTrust Fills Critical
FISMA Audit Data Gaps Log Data Data for Allowed Data for Denied Usability and Provider Operation (example) Reconfig Attempt Productivity (example) Virtualization User: root none • Separate log files for Platform Time/date vCenter and each host Target resource name, server URL Operation executed • Different log formats for vCenter vs. hosts HyTrust All of the above, plus: • User ID • Consolidated, centrally • User ID • Date/time managed logs covering • Source IP address • Source IP address vCenter and all hosts • Resource reconfigured • Operation requested • Previous resource state • Operation denied • Single, uniform format for • New resource state • Target resource name, combined vCenter and host • Label (Production) IP address, port, and log data • Required privileges protocol • Evaluated rules/ • Required privileges • Logs sent to central constraints • Missing privileges repository or SIEM via • Evaluated rules/ syslog constraints © 2012, HyTrust, Inc. www.hytrust.com 11
Baixar agora