Ensure Regulatory Compliance With SecureLink's Network Security Audit

FIPS 200

Access control

Admin-configurable
Restrict access by time, scope, function, and file
Granular user, group, and role-based access controls
Unilateral ability to terminate a session at any time

Audit and accountability

Detailed logs of each support connection session
Comprehensive historical reporting

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

FIPS 140-2, FIPS 197

Encrypted communications

Admin-configurable encryption
AES in 128, 192, and 256-bit modes
Uses FIPS 140-2 validated cryptographic modules #1747, 3151

NIST SP-800

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Audit events

Detailed logs of each support connection session
Complete historical reporting

Content of audit records

Session information and status
Owner registration code
Creation date, completion date, and session duration
Information on which support technicians participated during the session
What services the support technician accessed, what happened, and how long it took

Remote maintenance

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity

HIPAA

Access control, unique user identification, and automatic logoff

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Unique username/password combination for all logins
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time
Automatic logoff after 10 minutes of inactivity

Audit controls

Detailed logs of each support connection session
Complete historical reporting

Data integrity

Strict control of remote access to limit support related data corruption
Detailed audit to identify changes and enable corrections

Transmission security

Customer configurable encryption
AES in 128, 192, and 256-bit modes

SARBANES-OXLEY

Audit and accountability, management assessment of internal controls

Detailed logs of each support connection session
Complete historical reporting

GRAMM-LEACH-BLILEY

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Oversight of service provider arrangements

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time

PCI DSS

Password control

Unique username/password combination for all logins
Unique, randomly generated key for each connection

Secure data transmission

Customer configurable encryption
AES in 128, 192, and 256-bit modes

Unique ID

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Monitor network access

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Detailed logs of each support connection session
Complete historical reporting

CJIS

Auditing and user accountability

Administrators and users with the appropriate permissions have the ability to assign, then mask and pass, credentials for users connecting to a system
Detailed audit surrounding vendor access
Credentials used can then be viewed in an audit

Access controls

Users are given role-based least privileged access with granular permission controls
Vendors must verify employment every time they log in
SecureLink administrators can define the time period users will be enabled before access is granted

Identification and authentication

SecureLink administrators have the ability to define password requirements that meet or exceed CJIS requirements
SecureLink supports multi-factor authentication through email verification, SMS two-factor authentication, and SecureLink Authenticator

Encryption

The SecureLink Server, user, and client agents all employ FIPS-validated cryptographic modules utilizing at minimum AES 128-bit ciphers, for all encryption activity
Audit data at rest is encrypted at 256-bit AES

Auditing and user accountability	Administrators assign, then mask and pass, access credentials. SecureLink provides quick access to detailed audits of all vendor remote access.
Access controls	Users are given role-based least privileged access with granular permission controls. Vendor employment is verified with every login and defined time limits for remote access are easily established.
Identification and authentication	Administrators establish password complexity requirements meeting the most stringent regulations. Multi-factor authentication ensures the users’ identity is accurate.
Encryption	The SecureLink server, user, and client agents employ AES 128-bit ciphers, or greater, for all encryption. Audit data at rest is encrypted at 256-bit AES.

Top 5 questions about SecureLink for Enterprises

Top 5 questions about SecureLink for Vendors

SecureLink for healthcare

I need to...

I need to...

Energy sector ROI case study

Finance tech vendor ROI case study

Casino ROI infographic

Town of Gilbert, AZ testimonial

HIPAA and HITECH compliance

Legal enterprise ROI case study

SecureLink for manufacturing

Why vendor privileged access management should be a priority

Steward centralizes vendor management

Ensure HIPAA compliance with SecureLink for Healthcare

Data breach news

Resource library

SecureLink university

SecureLink company overview

SecureLink launches new offering to simplify management of privileged access for vendors and ensure HIPAA compliance

Our team

Life at SecureLink

Validated by the experts

Contact

Get in touch

We're here to help

SecureLink Gatekeeper informational video

Meet Compliance Requirements

Enforce security protocols and get full audit visibility

Problem

Solution

SecureLink aids users with compliance across major regulations.

Get coverage on major categories of system access compliance.

How SecureLink aids with compliance by regulation

FIPS 200

FIPS 140-2, FIPS 197

NIST SP-800

HIPAA

SARBANES-OXLEY

GRAMM-LEACH-BLILEY

PCI DSS

CJIS

Request a Demo

Related Resources

80% of hacking-related breaches leverage compromised credentials

Third-Party Remote Access Compliance Guide

Ultimate Guide to Third-Party Remote Access

Subscribe to our blog and get our news, products updates, and case studies: