H

Compliance Solutions
How UserLock can help you
address NIST 800-53 compliance
to keep federal data safe

The Federal Information Security Management Act of 2002 (FISMA) is U.S. law applicable to government agencies (including any legal body or police force) to protect government information, operations and assets.

In accordance with FISMA, the National Institute of Standards and Technology (NIST) is the government agency responsible for developing standards and guidelines for information security, and outlines steps toward compliance with FISMA.

Specifically, NIST Special Publication 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations,” provides a catalogue of security controls, which lay out critical and explicit steps for meeting FISMA compliance.

UserLock directly addresses three high-priority security control baselines of NIST 800-53:

  • IA-2 Identication and Authentication (organizational users)
  • AC-9 Previous Logon (Access) Notification
  • AC-10 Concurrent Session Control.

IA-2 Identification and Authentication (organizational users)

"The information system uniquely identifies and authenticates organizational users
(or processes acting on behalf of organizational users)."

  • IA-2 (1) The information system implements multifactor authentication for network access to privileged accounts.
  • IA-2 (2) The information system implements multifactor authentication for network access to non-privileged accounts.
  • IA-2 (3) The information system implements multifactor authentication for local access to privileged accounts.
  • IA-2 (4) The information system implements multifactor authentication for local access to non-privileged accounts.

 

UserLock makes it easy to enable MFA on Windows logon, RDP,VPN and offline connections for privileged and non-privileged users. UserLock supports MFA using authenticator applications or programmable hardware tokens. And, combined with SSO, UserLock verifies the identity of all Active Directory accounts to secure access to the network and cloud resources.

MFA at every logon

AC-9 Previous Logon (Access) Notification

"The information system must notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access), the number of unsuccessful logon (access) attempts since the last successful logon (access) and the location of the last logon."

 

UserLock displays a welcome message to users at every logon, which includes information about previous connection events involving their credentials. Your IT team can also personalize this message to include:

  • Date and time of the last successful logon
  • Number of logons denied by UserLock and by Windows since the last successful logon
  • History of all logons denied by UserLock and Windows since the last successful logon including date, time, location and reason

Previous logon notification to user for NIST 800-53 AC-9

 

In addition, UserLock extends security further by warning users in real time of all connection events (successful or not) involving their credentials. When their own credentials are used somewhere else on the network, users receive a pop-up notification. This alert enables users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.

User warning for logon access notification

AC-10 Concurrent Session Control

"The information system must limit and enforce the number
of concurrent sessions for each account."

 

There is no way in Windows native functionality to limit a given user account from logging on at one computer or device at a time, which remains a serious security flaw and significantly increases network vulnerability.

With UserLock organizations can prevent or limit concurrent logins to a Microsoft Windows Server-based network, per user or user group and per session type (workstation, terminal, interactive, Wi-Fi/VPN or IIS). IT administrators can set granular limitations and can vary from one user to another or one group to another.

Concurrent session control for NIST 800-53

Many federal agencies and organizations already rely on UserLock to help reduce the risk of security breaches and ensure compliance with major regulations such as NIST 800-53.

Find out more for yourself with our FREE Fully Functional Trial

Download UserLock