Ensure Regulatory Audit Compliance With SecureLink

FIPS 200

Access control

Admin-configurable
Restrict access by time, scope, function, and file
Granular user, group, and role-based access controls
Unilateral ability to terminate a session at any time

Audit and accountability

Detailed logs of each support connection session
Comprehensive historical reporting

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

FIPS 140-2, FIPS 197

Encrypted communications

Admin-configurable encryption
AES in 128, 192, and 256-bit modes
Uses FIPS 140-2 validated cryptographic modules #1747, 3151

NIST SP-800

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Audit events

Detailed logs of each support connection session
Complete historical reporting

Content of audit records

Session information and status
Owner registration code
Creation date, completion date, and session duration
Information on which support technicians participated during the session
What services the support technician accessed, what happened, and how long it took

Remote maintenance

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity

HIPAA

Access control, unique user identification, and automatic logoff

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Unique username/password combination for all logins
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time
Automatic logoff after 10 minutes of inactivity

Audit controls

Detailed logs of each support connection session
Complete historical reporting

Data integrity

Strict control of remote access to limit support related data corruption
Detailed audit to identify changes and enable corrections

Transmission security

Customer configurable encryption
AES in 128, 192, and 256-bit modes

SARBANES-OXLEY

Audit and accountability, management assessment of internal controls

Detailed logs of each support connection session
Complete historical reporting

GRAMM-LEACH-BLILEY

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Oversight of service provider arrangements

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time

PCI DSS

Password control

Unique username/password combination for all logins
Unique, randomly generated key for each connection

Secure data transmission

Customer configurable encryption
AES in 128, 192, and 256-bit modes

Unique ID

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Monitor network access

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Detailed logs of each support connection session
Complete historical reporting

CJIS

Auditing and user accountability

Administrators and users with the appropriate permissions have the ability to assign, then mask and pass, credentials for users connecting to a system
Detailed audit surrounding vendor access
Credentials used can then be viewed in an audit

Access controls

Users are given role-based least privileged access with granular permission controls
Vendors must verify employment every time they log in
SecureLink administrators can define the time period users will be enabled before access is granted

Identification and authentication

SecureLink administrators have the ability to define password requirements that meet or exceed CJIS requirements
SecureLink supports multi-factor authentication through email verification, SMS two-factor authentication, and SecureLink Authenticator

Encryption

The SecureLink Server, user, and client agents all employ FIPS-validated cryptographic modules utilizing at minimum AES 128-bit ciphers, for all encryption activity
Audit data at rest is encrypted at 256-bit AES

Ensure Regulatory Audit Compliance

Enforce security protocols and get full network audit visibility

Problem

Solution

SecureLink aids users with compliance across major regulations.

Get coverage on major categories of system access compliance.

How SecureLink aids with compliance by regulation

FIPS 200

FIPS 140-2, FIPS 197

NIST SP-800

HIPAA

SARBANES-OXLEY

GRAMM-LEACH-BLILEY

PCI DSS

CJIS

Request a Demo

How User Access Reviews Manage Insider Threats

Third-Party Remote Access Compliance Guide

Ultimate Guide to Third-Party Remote Access

Auditing and user accountability	Administrators assign, then mask and pass, access credentials. SecureLink provides quick access to detailed audits of all vendor remote access.
Access controls	Users are given role-based least privileged access with granular permission controls. Vendor employment is verified with every login and defined time limits for remote access are easily established.
Identification and authentication	Administrators establish password complexity requirements meeting the most stringent regulations. Multi-factor authentication ensures the users’ identity is accurate.
Encryption	The SecureLink server, user, and client agents employ AES 128-bit ciphers, or greater, for all encryption. Audit data at rest is encrypted at 256-bit AES.

Ensure Regulatory Audit Compliance

Enforce security protocols and get full network audit visibility

Problem

Solution

SecureLink aids users with compliance across major regulations.

Get coverage on major categories of system access compliance.

How SecureLink aids with compliance by regulation

FIPS 200

FIPS 140-2, FIPS 197

NIST SP-800

HIPAA

SARBANES-OXLEY

GRAMM-LEACH-BLILEY

PCI DSS

CJIS

Request a Demo

Related Resources

How User Access Reviews Manage Insider Threats

Third-Party Remote Access Compliance Guide

Ultimate Guide to Third-Party Remote Access

Subscribe to our blog and get our news, products updates, and case studies: