Anthropic-Cybersecurity-Skills/skills/implementing-privileged-access-management-with-cyberark/references/standards.md

Standards and References - Privileged Access Management with CyberArk

NIST Standards

• NIST SP 800-53 Rev 5: Security and Privacy Controls
  • AC-2: Account Management
  • AC-5: Separation of Duties
  • AC-6: Least Privilege
  • AC-6(7): Review of User Privileges (Privileged Accounts)
  • AU-14: Session Audit
  • IA-5: Authenticator Management
• NIST SP 800-171: Protecting CUI - 3.1.5 Least Privilege, 3.1.7 Privileged Functions
• NIST SP 800-63B: Digital Identity Guidelines - Authentication
• NIST Cybersecurity Framework: PR.AC (Identity Management, Authentication, Access Control)

CyberArk Documentation

• CyberArk NIST 800-53 Rev 5 Whitepaper: https://www.cyberark.com/resources/white-papers/nist-sp-800-53-revision-5-implementing-essential-security-controls-with-cyberark-solutions
• CyberArk Privilege Cloud: SaaS PAM platform
• CyberArk Conjur: Application secrets management
• CyberArk EPM: Endpoint privilege management

Industry Standards

• CIS Controls v8: Control 5 - Account Management, Control 6 - Access Control Management
• MITRE ATT&CK: T1078 (Valid Accounts), T1003 (OS Credential Dumping)
• PCI DSS 4.0: Requirement 7 (Restrict Access), Requirement 8 (Identify and Authenticate)
• SOX: Section 404 - Internal controls for privileged access
• ISO 27001: A.9 Access Control

Compliance Frameworks

• FISMA: Federal compliance requiring NIST 800-53 controls
• HIPAA: Access controls for PHI systems
• GDPR: Article 32 - Security of processing