CyberArk earns U.S. Department of Defense UC APL Certification
By Loren Blinde
April 3, 2016
CyberArk of Newton, MA announced on March 29 that the CyberArk Privileged Account Security Solution has been added to the U.S. Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL). CyberArk has the only comprehensive privileged account security solution on the list.
The UC APL is administered by the Defense Information Systems Agency (DISA) and includes only those products approved for use with DoD agencies’ technology infrastructure. This designation identifies products that have undergone a rigorous testing process conducted by the DoD that assures acceptable levels of information assurance and interoperability capabilities.
The CyberArk Privileged Account Security Solution helps identify, lock down and secure existing privileged credentials across networks, and utilizes continuous monitoring of privileged credentials to help detect anomalous behavior and stop an attack early in the cycle to reduce damage. CyberArk was previously granted Common Criteria Evaluation Assurance Level EAL 2+ for the CyberArk Privileged Account Security Solution.
As evidenced by the U.S. Office of Personnel Management (OPM) breach, cyber attackers continue to evolve tactics to target, steal and exploit privileged accounts – the keys to successfully gaining access to an organization’s most sensitive and valuable data. The UC APL milestone is important for CyberArk as new federal mandates and directives emerge to strengthen cyber security controls.
For example, while multi-factor authentication methods like the Common Access Card (CAC) are mandated for validating user identities, there are limitations in securing accounts that do not support CAC authentication natively. CyberArk helps organizations meet these mandates by enabling CAC card authentication to all systems and applications managed by a privileged account security solution – even applications that cannot directly support public key infrastructure (PKI) or two-factor authentication.
“Being added to the UC APL is a significant accomplishment that accelerates CyberArk’s ability to deliver innovative cyber security solutions to the federal sector. CyberArk is on an exclusive list of DoD-approved solutions that reinforces CyberArk as a trusted solutions provider for their most critical cyber security initiatives,” said Kevin Corbett, director of U.S. Federal Business at CyberArk. “This achievement will assist DoD security decision making by demonstrating the ability to help close security gaps associated with enforcing multi-factor authentication across all system types.”
Corsec Security, a global leader in product hardening through security certifications and validations, was CyberArk’s strategic advisor in the UC APL processes. “By completing STIG and JITC testing, CyberArk surpassed all information assurance and interoperability requirements set forth by the U.S. DoD. Following its Common Criteria certification, the UC APL listing is further evidence of CyberArk’s commitment to product security,” said Darcy Dinga, executive vice president, Corsec.
Source: CyberArk
