Compliance Solutions

How UserLock can help you address NIST 800-53 compliance to keep federal data safe

The Federal Information Security Management Act of 2002 (FISMA) is US federal law applicable to federal agencies (including any legal body or police force) to protect government information, operations and assets.

In accordance with FISMA, the National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for information security, and outlines steps toward compliance with FISMA.

Specifically, NIST Special Publication 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations”, provides a catalogue of security controls, which are critical and explicit steps in meeting FISMA compliance.

IS Decisions’s software UserLock directly addresses two high-priority security control baselines of NIST 800-53, AC-9 Previous Logon (Access) Notification and AC-10 Concurrent Session Control.

NIST Compliance Logo

AC-9 Previous Logon (Access) Notification

« The information system must notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access), the number of unsuccessful logon (access) attempts since the last successful logon (access) and the location of the last logon. »

UserLock displays a welcome message to users at every logon, which includes information about previous connection events involving their credential. Your IT team can personalise this message.

  • Date and time of the last successful logon
  • Number of logons denied by UserLock and by Windows since the last successful logon
  • History of all logons denied by UserLock and Windows since the last successful logon including date, time, location and reason
Previous logon notification to user for NIST 800-53 AC-9

In addition, UserLock extends security further by warning users in real time of all connection events (successful or not) involving their credentials. When their own credentials are used somewhere else on the network, users receive a pop-up notification. This alert enables users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.

User warning for logon access notification

AC-10 Concurrent Session Control

« The information system must limit and enforce the number of concurrent sessions for each account. »

There is no way in Windows native functionality to limit a given user account from logging on at one computer or device at a time, which remains a serious security flaw and significantly increases network vulnerability.

With UserLock organisations can prevent or limit concurrent logins to a Microsoft Windows Server-based network, per user or user group and per session type (workstation, terminal, interactive, Wi-Fi/VPN or IIS). IT administrators can set granular limitations and can vary from one user to another or one group to another.

Concurrent session control for NIST 800-53

Many federal agencies and organisations already rely on UserLock to help reduce the risk of security breaches and ensure compliance with major regulations such as NIST 800-53.

Find out more for yourself with our FREE 30Day Fully Functional Trials

Download UserLock