Ensure Regulatory Audit Compliance

Enforce security protocols and get full network audit visibility

Problem

Vendors accessing your network expose your organization to security and non-compliance risks.

Solution

Ensure regulatory compliance by providing privileged access to individual vendor users and automatically capture detailed audit trails.

SecureLink aids users with compliance across major regulations.

Get coverage on major categories of system access compliance.

Auditing and user accountability	Administrators assign, then mask and pass, access credentials. SecureLink provides quick access to detailed audits of all vendor remote access.
Access controls	Users are given role-based least privileged access with granular permission controls. Vendor employment is verified with every login and defined time limits for remote access are easily established.
Identification and authentication	Administrators establish password complexity requirements meeting the most stringent regulations. Multi-factor authentication ensures the users’ identity is accurate.
Encryption	The SecureLink server, user, and client agents employ AES 128-bit ciphers, or greater, for all encryption. Audit data at rest is encrypted at 256-bit AES.

More features & options

How SecureLink aids with compliance by regulation

FIPS 200

Admin-configurable
Restrict access by time, scope, function, and file
Granular user, group, and role-based access controls
Unilateral ability to terminate a session at any time

Audit and accountability

Detailed logs of each support connection session
Comprehensive historical reporting

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

FIPS 140-2, FIPS 197

Encrypted communications

Admin-configurable encryption
AES in 128, 192, and 256-bit modes
Uses FIPS 140-2 validated cryptographic modules #1747, 3151

NIST SP-800

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Detailed logs of each support connection session
Complete historical reporting

Content of audit records

Session information and status
Owner registration code
Creation date, completion date, and session duration
Information on which support technicians participated during the session
What services the support technician accessed, what happened, and how long it took

Remote maintenance

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity

HIPAA

Access control, unique user identification, and automatic logoff

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Unique username/password combination for all logins
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time
Automatic logoff after 10 minutes of inactivity

Detailed logs of each support connection session
Complete historical reporting

Strict control of remote access to limit support related data corruption
Detailed audit to identify changes and enable corrections

Transmission security

Customer configurable encryption
AES in 128, 192, and 256-bit modes

SARBANES-OXLEY

Audit and accountability, management assessment of internal controls

Detailed logs of each support connection session
Complete historical reporting

GRAMM-LEACH-BLILEY

Identification and authentication

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Oversight of service provider arrangements

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Unilateral ability to terminate the session at any time

PCI DSS

Password control

Unique username/password combination for all logins
Unique, randomly generated key for each connection

Secure data transmission

Customer configurable encryption
AES in 128, 192, and 256-bit modes

Multi-factor authentication, including email verification, SMS, and TOTP Authenticator app integration
Both sides of the connection must authenticate
Unique username/password combination for all logins
Unique, randomly generated key for each connection

Monitor network access

Authorization, monitoring, and control of all remote access for remote maintenance and diagnostic activity
Customer configurable remote access control
Restrict access as to time, scope, function, and file
System or user-level access rights
Detailed logs of each support connection session
Complete historical reporting

CJIS

Auditing and user accountability

Administrators and users with the appropriate permissions have the ability to assign, then mask and pass, credentials for users connecting to a system
Detailed audit surrounding vendor access
Credentials used can then be viewed in an audit

Access controls

Users are given role-based least privileged access with granular permission controls
Vendors must verify employment every time they log in
SecureLink administrators can define the time period users will be enabled before access is granted

Identification and authentication

SecureLink administrators have the ability to define password requirements that meet or exceed CJIS requirements
SecureLink supports multi-factor authentication through email verification, SMS two-factor authentication, and SecureLink Authenticator

The SecureLink Server, user, and client agents all employ FIPS-validated cryptographic modules utilizing at minimum AES 128-bit ciphers, for all encryption activity
Audit data at rest is encrypted at 256-bit AES

Request a Demo

Request a demo to see how SecureLink helps companies keeps vendors compliant in your industry.

First Name*
Last Name*
Company Name*
Email Address*
Phone Number*
Job Title*
Country*
Message
CAPTCHA
Name
This field is for validation purposes and should be left unchanged.

©2021 SecureLink. All rights reserved.

©2020 SecureLink All Rights Reserved | Privacy Policy | License Agreement | Security Disclosure

.home-banner .bg-orange{transition:.9s;}.home-banner .bg-orange:hover{background:rgba(240,83,34,1);}.home-banner .bg-blue{transition:.9s;}.home-banner .bg-blue:hover{background:rgba(10,124,186,1);}html{scroll-behavior:smooth;}a.anchor{display:block;position:relative;top:-100px;visibility:hidden;}