+1-202-802-9399 (US)

FISMA NIST Mandates Privilege Management Best Practices

Do your privilege management practices stack up to FISMA NIST requirements?

To protect classified data and mission-critical government systems from cyber attack, the Federal Information Security Management Act (FISMA) mandates that federal agencies and government contractors develop, document, and implement a cyber security program.

The National Institute of Standards and Technology (NIST) outlines steps covered entities must take to comply with FISMA in NIST SP 800-53. It provides a framework for federal agencies and contractors to implement security controls.

Securing privileged accounts is a key component of federal cybersecurity standards

NIST SP 800-53 prioritizes privilege management controls designed to protect access to administrative credentials, service and application accounts as well as root access to critical systems. Access control and monitoring requirements outlined in FISMA NIST helps federal agencies and contractors detect and prevent devastating attacks on privileged credentials.

Get our guide to FISMA NIST compliance requirements

See How Thycotic’s Software Solution Maps to FISMA NIST Privilege Management Requirements

NERC CIP REQUIREMENT Helps Meet
Set, establish, manage, and control account access across information system.
Enact a security training policy.
Set auditing policy and procedures, content, events, security, recording, storage, monitoring, report generation, and analysis.
Establish a baseline configuration for each device that aligns with least privilege functionality.
Establish how users or devices will be given unique identifiers for local and network access.
Authorize access for maintenance personnel
Set procedures for removing access rights from terminated personnel, adjusting rights for people moving to different organizational roles, management of access agreements, establishing compliance and communications regarding third-party personnel access.