IS Decisions logo

IS Decisions Blog

Addressing user access in IT security compliance

Regulators are placing more importance on the user side of security and are strengthening compliance requirements accordingly. UserLock helps you to go above and beyond many compliance requirements with specific, granular, and configurable user authentication rules and monitoring.

Published July 16, 2021
Does meeting compliance include file servers?

The risks of non-compliance are not worth taking. You can face fines and even imprisonment — not to mention a lawsuit like the recent SEC case against the CISO of Solarwinds. And obviously, non-compliance can lead to a serious data breach, resulting in business losses and damage to your reputation.

But addressing the murky waters of compliance has never been an easy task, and as regulators add more demands, the task gets ever more complex.

Regulators strengthen compliance requirements on the user side of security

Regulators are placing more importance on the user side of security and are strengthening compliance requirements accordingly. For example:

  • The National Institute of Standards and Technology Special Publication (NIST) 800-171 states that multi-factor authentication (MFA) should be used to identify user accounts for local and network access

  • The Payment Card Industry Data Security Standard (PCI DSS) and the Financial Conduct Authority (FCA) state that access to data should only be on a "need-to-know basis," and will put a MFA requirement in effect in March 2025.

  • The Health Insurance Portability and Accountability Act (HIPAA) in healthcare and the Federal Information Security Management Act (FISMA) in the legal sector both state that user actions must be identifiable to an individual.

  • The Gramm-Leach-Bliley Act (GLBA) requires all employees to log out of their workstation when they leave at the end of the day.

  • The Federal Trade Commission (FTC) revised Safeguards Rule requires MFA on any access to customer payment information.

And the list goes on.

How UserLock helps you address compliance

Compliance requirements are rigorous and detailed for a reason — to protect you. Therefore, your defenses need to be equally rigorous.

UserLock helps you to go above and beyond many compliance requirements with specific, granular, and configurable user authentication rules and monitoring.

For example, UserLock makes it easy to verify the identity of all Active Directory accounts with multifactor authentication on all local and remote access connections. Once authenticated, UserLock’s logon restrictions help further verify all users’ claimed identity and secure network access. It can restrict access to administrator-approved individuals on a job-role, device, workstation, time or location basis — so that only those who need access have access. And administrators can set UserLock to automatically log out workstations after a period of inactivity or at the end of the working day to close off windows of opportunity for attackers.

These features illustrate only a few of UserLock’s capabilities when addressing user security compliance issues — and we continually update the software to address the latest compliance requirements worldwide.

In essence, UserLock helps you to ensure that your data remains safe, your clients stay happy, your business is safe from fines, and your executives stay out of prison.

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial