WHITEPAPER
Aligning BeyondTrust Solution
Capabilities to NIST SP800-53 Controls
Executive Brief
Contents
Implementing NIST Information Security Standards and Controls ................................................ 2
BeyondTrust Alignment to NIST Controls ....................................................................................... 2
Unified Privileged Access Management to Reduce Risk ................................................................. 5
About BeyondTrust ......................................................................................................................... 6
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
1
© March 2017. BeyondTrust Software, Inc.
Implementing NIST Information Security Standards and Controls
US Government organizations operate highly complex information systems that are targets of extreme value to
malicious actors. Keeping these information systems secure is a critical task for agency information technology
professionals. Various mandates, like FISMA, have been implemented to achieve a level of cybersecurity
consistency across government systems, and to speed the adoption of best practices government wide.
To assist agencies in successfully navigating the complex task of securing their environments and achieving
compliance with these mandates, NIST has created a system of publications to guide organizations through
implementation of these best practices. Organizations first determining the agency security category through FIPS
199. Then, in a customized way, employing appropriate baseline security controls from NIST SP800-53 provides
agencies the flexibility to bring into line the implementation of these controls with their organizational missions,
business requirements and information systems. By following the guidance in these two publications organizations
will be on the path to achieving the mandatory FISMA standards as described in FIPS 200, “Minimum Security
Requirements for Federal Information and Information Systems”.
NIST notes that the security controls in NIST SP800-53 are technology and policy neutral. This means that the
security controls and control enhancements focus on the fundamental safeguards and countermeasures necessary
to protect information during processing, while in storage and during transmission1. This approach provides
agencies with the ability to select the solutions that best align to their organizational goals and needs.
BeyondTrust Alignment to NIST Controls
For the purpose of this brief we will explore a high-level overview of nine (9) NIST security control families and how
BeyondTrust capabilities support the adoption of the controls directly related to privileged access and vulnerability
management. Implementing NIST SP800-53 guidance is designed to be a strategic modular implementation of
controls and best practices. The information that follows is organized by control family so that you can easily
reference the area of most interest to your organization today, and reference back as you continue to implement
other control families.
The first control within each control family addresses the establishment of policy associated with the focus area of
the control. This policy in turn drives the detailed execution of the other controls in the family. BeyondTrust
Privileged Access Management and Vulnerability Management solutions provide several ways to support the
controlled implementation of policies, along with best practice and recommendations to control the policies as
they are being updated across these control families.
Various BeyondTrust solutions address multiple controls associated with privilege access management and
vulnerability management across these control families, helping agencies realize the benefits of a multi-tiered
security strategy to create information systems that are more resilient in the face of inside and external threats.
1
National Institutes of Technology Special Publication 800-53.r4 April 2013
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
2
© March 2017. BeyondTrust Software, Inc.
NIST Security Control
Families
Access Control (AC)
BeyondTrust Features and Capabilities
•
•
•
•
•
Audit and
Accountability (AU)
•
•
•
•
Security Assessment
and Authorization (CA)
•
•
•
•
•
The BeyondTrust IT Risk Management Platform provides visibility and knowledge
through granular host and network based access control across organizational
entities.
The platform allows strict management of access control within given
boundaries. This includes IP range system access and command control.
BeyondTrust privileged access management and vulnerability management
solutions are designed around the principle of least privilege. They provide the
controls required to dictate a user’s access rights, allowable application launches,
as well as the rights associated with those applications. In addition, all actions
attempted or taken by end-users can be reported for addition analysis and
forensics.
Patented privilege elevation capabilities grant privileges to applications and tasks
– not users – without providing administrator credentials. Apply policies across
Windows and Mac endpoints for maximum flexibility.
Role Based Access Controls (RBAC) can be implemented by roles based on
individual or group membership. Privileged role assignments may be monitored,
logged, and revoked when roles change within the organization
The BeyondTrust IT Risk Management Platform acts as a security information and
event management platform for BeyondTrust Privileged Access Management
and Vulnerability Management solutions, providing centralized logging with audit
and reporting capabilities.
With a fully integrated vulnerability scanner, the platform can also consume data
from other scanner tools. It offers an advanced threat analytics feature that
analyzes and pinpoints anomalies within the data collected from BeyondTrust
solutions as well as third party feeds. These clusters can help identify patterns
indicating malicious activity.
Once authenticated by the solution, all actions performed by an individual are
audited. These audit logs can be reviewed to quickly trace all actions that were
performed by that individual during that session or previous sessions.
The reporting feature allows for quicker and easier ways to summarize audit
data, targeting the most meaningful information quickly and easily based on
internal and external filters.
BeyondTrust privilege management solutions provide controls allowing or
denying a privilege task. Command control is based on a user's role within the
organization or through an internal or externalized workflow process.
The BeyondTrust IT Risk Management Platform, Retina, PowerBroker for Unix &
Linux and PowerBroker for Windows all allow for security compliance checks
before privilege commands or events are executed.
BeyondTrust privileged access management and vulnerability management
solutions provide control and audit across supported platforms and information
systems. This provides a detailed audit trail and detailed asset information to
assist in the security assessment.
These solutions provide a mechanism to perform continuous monitoring based
on the organization's defined metrics.
In addition, they include a comprehensive audit and reporting console to help
organizations determine what controls have been implemented and produce an
executive style report to assist in assessing security controls effectiveness.
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
3
© March 2017. BeyondTrust Software, Inc.
Configuration
Management (CM)
•
•
•
Identification and
Authentication (IA)
•
•
•
•
Incident Response (IR)
•
•
•
Risk Assessment (RA)
•
•
•
System and
Communication
Protection Policy and
Procedures (SC)
•
Retina, the BeyondTrust vulnerability management solution, can scan and report
against configuration compliance benchmarks. This can help validate changes
have been applied to systems.
This solution can scan and enumerate attributes about a system (i.e. Software,
software version, machine name, and more). The resulting information can be
used for tracking and reporting.
The PowerBroker PAM platform can be configured to allow/block the
execution/installation of applications based on their signature and can block the
execution of specifically unauthorized applications.
BeyondTrust privileged access management and vulnerability management
solutions associate a user with the actions taken by him/her. This user can be
uniquely identified and reported on for further analysis and/or forensics.
BeyondTrust PowerBroker Password Safe provides varied password policies,
taking into consideration complexity, lifetime as well as prohibiting re-use of old
passwords.
Passwords can also be managed long term with restricted access/use to
authorized individuals and services. Password Safe can ensure that the same
person, accessing multiple devices is issued separate passwords for each
respectively. Through policy, the user can be granted access with or without
knowledge of the current credentials.
BeyondTrust PowerBroker Identity Services can allow for single sign-on to
multiple systems across multiple platforms, reducing the risk and requirement
for multiple accounts.
BeyondTrust privileged access management and vulnerability management
solutions provide detailed session monitoring, including keystroke logging, to
record all actions attempted or taken by end-users. This level of detail supports
post incident forensics to determine the extent of impact and help identify steps
needed to remediate damage.
Solutions support systems such as syslog, Simple Network Management Protocol
(SNMP) and email alerting when certain events are reported. Event details are
included by default when alerts are generated.
The BeyondTrust support center helps with the configuration and interpretation
of events and alerts generated by BeyondTrust products.
The BeyondTrust IT Risk Management Platform includes an enterprise-class
network security scanner that incorporates a very broad and deep array of
vulnerabilities and target assets definitions.
The platform will perform vulnerability and access scans across an environment
and help tie risk scores to the various items found. Scans can be performed on a
scheduled basis and ad hoc.
The IT Risk Management Platform will process all information discovered by the
security scanner and will enumerate software, platform, and configurations, and
compare the findings against known vulnerabilities and best practices, as well as
provide a vulnerability impact report. Role-based access control is utilized when
disseminating reporting and analytic information.
BeyondTrust privileged access management and vulnerability management
solutions support implementation of granular, targeted policies to allow or
prohibit information system use and administration. Any allowed or prohibited
access can be audited and/or alerted on for further analysis.
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
4
© March 2017. BeyondTrust Software, Inc.
•
•
System and
Information Integrity
(SI)
•
•
•
•
•
•
These solutions work in-line with security isolation function and auditing, which
allows for a layered approach to security. BeyondTrust products can be used
independently (modular) or in unison, increasing the auditing and intelligence
data from one another.
PowerBroker Password Safe provides secure end-to-end session communication
between targeted systems utilizing one-time use session IDs to connect targeted
systems. This model prevents unauthorized or repetitive use of granted access.
The BeyondTrust IT Risk Management Platform collects vulnerability,
configuration, and privileged account usage information which can be used
during the implementation of the security assessment.
The platform can assist with the identification, reporting and remediation of
flaws in information systems and assist with the deployment of security patches.
It provides many vulnerability trending reports that assist in measuring time
between identification and remediation.
Advanced threat analytics features analyze and pinpoint anomalies within the
data collected from BeyondTrust Privileged Access Management and
Vulnerability Management solutions as well as third party feeds. These clusters
can help identify patterns indicating malicious activity
PowerBroker for Windows, together with The BeyondTrust IT Risk Management
Platform, evaluates all recorded application data for the presence of known
malicious code. This information is used in real-time, at application launch to
deny/quarantine and report on further attempts to execute this software
throughout the enterprise
BeyondTrust PowerBroker PAM solutions scan, monitor and alert on changes to
many attributes of the information system. This can be centrally managed via the
solution's central management console, the BeyondTrust IT Risk Management
Platform.
These solutions can help implement cryptographic mechanisms to protect the
confidentiality and integrity of remote access sessions.
Unified Privileged Access Management to Reduce Risk
Controlling and monitoring privileged access is extremely important to mitigating the risks posed by insider
threats, preventing data breaches, and meeting compliance requirements. But security and IT leaders have to walk
a fine line between protecting the organization’s critical data to ensure business continuity, and enabling users and
administrators to be productive. Disparate, disjointed tools deployed and managed in silos leave gaps in coverage
over privileged access. This legacy model is expensive, difficult to manage, and requires too much time to show
any meaningful risk reduction.
PowerBroker delivers the complete spectrum of privileged access management solutions. From establishing and
enforcing least privilege on endpoints and servers, to securing enterprise credentials, BeyondTrust unifies best-ofbreed capabilities into a single, integrated platform that acts as a central policy manager and primary reporting
interface. Leveraging vulnerability data from BeyondTrust’s Retina and other solutions provides a complete picture
of privileged system and asset security – including for network, cloud and virtual assets. This zero-gap coverage
reduces risk by ensuring that no assets are left unprotected.
This unified approach enables agencies to take advantage of a modular approach, adding products and capabilities
as each access control is implemented.
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
5
© March 2017. BeyondTrust Software, Inc.
BeyondTrust Privilege and Vulnerability Management solutions are unified by the BeyondTrust
management, reporting and threat analytics platform.
About BeyondTrust
BeyondTrust® is a global security company that believes preventing data breaches
requires the right visibility to enable control over internal and external risks.
We give you the visibility to confidently reduce risks and the control to take proactive,
informed action against data breach threats. And because threats can come from
anywhere, we built a platform that unifies the most effective technologies for addressing
both internal and external risk: Privileged Access Management and Vulnerability
Management. Our solutions grow with your needs, making sure you maintain control no
matter where your organization goes.
BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including
over half of the Fortune 100. To learn more about BeyondTrust, please visit
www.beyondtrust.com.
Aligning BeyondTrust Solution Capabilities
to NIST SP800-53 Controls
6
© March 2017. BeyondTrust Software, Inc.