H

Compliance Solutions
How UserLock can help you
address NIST 800-53 compliance
to keep federal data safe

The Federal Information Security Management Act of 2002 (FISMA) is US federal law applicable to federal agencies (including any legal body or police force) to protect government information, operations and assets.

In accordance with FISMA, the National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for information security, and outlines steps toward compliance with FISMA.

Specifically, NIST Special Publication 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations”, provides a catalogue of security controls, which are critical and explicit steps in meeting FISMA compliance.

IS Decisions’ software UserLock directly addresses three high-priority security control baselines of NIST 800-53, IA-2 Identication and Authentication (organizational users), AC-9 Previous Logon (Access) Notification and AC-10 Concurrent Session Control.

NIST

Become NIST Compliant

Learn more

IA-2 Identification and Authentication (organizational users)

« The information system uniquely identifies and authenticates organizational users
(or processes acting on behalf of organizational users). »

  • IA-2 (1) The information system implements multifactor authentication for network access to privileged accounts.
  • IA-2 (2) The information system implements multifactor authentication for network access to non-privileged accounts.
  • IA-2 (3) The information system implements multifactor authentication for local access to privileged accounts.
  • IA-2 (4) The information system implements multifactor authentication for local access to non-privileged accounts.

 

UserLock makes it easy to enable MFA on Windows logon, RDP and VPN connections for privileged and non-privileged users. UserLock supports MFA using authenticator applications or programmable hardware tokens. This allows to verify the identity of all Active Directory accounts and secure access to the network.

MFA at every logon

AC-9 Previous Logon (Access) Notification

« The information system must notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access), the number of unsuccessful logon (access) attempts since the last successful logon (access) and the location of the last logon. »

 

UserLock displays a welcome message to users at every logon, which includes information about previous connection events involving their credential. Your IT team can personalise this message.

  • Date and time of the last successful logon
  • Number of logons denied by UserLock and by Windows since the last successful logon
  • History of all logons denied by UserLock and Windows since the last successful logon including date, time, location and reason

Previous logon notification to user for NIST 800-53 AC-9

 

In addition, UserLock extends security further by warning users in real time of all connection events (successful or not) involving their credentials. When their own credentials are used somewhere else on the network, users receive a pop-up notification. This alert enables users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.

User warning for logon access notification

AC-10 Concurrent Session Control

« The information system must limit and enforce the number
of concurrent sessions for each account. »

 

There is no way in Windows native functionality to limit a given user account from logging on at one computer or device at a time, which remains a serious security flaw and significantly increases network vulnerability.

With UserLock organisations can prevent or limit concurrent logins to a Microsoft Windows Server-based network, per user or user group and per session type (workstation, terminal, interactive, Wi-Fi/VPN or IIS). IT administrators can set granular limitations and can vary from one user to another or one group to another.

Concurrent session control for NIST 800-53

Many federal agencies and organisations already rely on UserLock to help reduce the risk of security breaches and ensure compliance with major regulations such as NIST 800-53.

Find out more for yourself with our FREE Fully Functional Trial

Download UserLock