Federal agencies, state agencies and the military, like other organizations, have widely adopted virtualization in order to take advantage of not only the increased agility but also the greater efficiency and cost savings that virtualization and the cloud bring to IT.
While virtualization does enhance the agility and cost effectiveness of IT, it also creates a very high value target – the hypervisor. Where in the past you might have a larger number of physical servers devoted to a particular mission, it is now possible to have a larger number of virtual machines hosted on a single hypervisor supporting that mission. This of course means that any compromise of the hypervisor or hyper administrator account will have larger implications for the overall mission that the compromise of any single machine would have in the past.
HyTrust can help with a variety of solutions and challenges. Read more:
- Boundary Control – HyTrust BoundaryControl powered by Intel® TXT.
- Webinar – Protecting the .Gov and .Mil Cloud with Gordon Graylish from Intel®.
- FIPS-140-2 – HyTrust DataControl Encryption is FIPS-140-2 Level 1 Certified and listed on the NIST 140 Validation Page so you can be confident that even in the cloud your data is safe.
- FISMA – the Federal Information Security Management Act (FISMA) is intended to ensure that computer systems used by the federal government all meet certain basic requirements. Part of the act was to call upon NIST to create some guidelines with regard to security, including NIST SP 800-53 rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. 6 of 18 NIST 800-53 control families focus on visibility into and control over access, configuration and system integrity, all areas where HyTrust helps fill gaps between FISMA/NIST requirements and native virtualization platform capabilities.
- FedRAMP – HyTrust supports at least 27 core FedRAMP controls central to the hypervisor and management plane, simplifying certification and reducing training and staffing costs. Learn More
- HIPAA/HITECH – HIPAA (Health Insurance Portability and Accountability Act) and the follow-on HITECH (Health Information Technology for Economic and Clinical Health) Act are both intended to help protect the integrity of electronic protected health information (ePHI). Learn More
- CJIS – the FBI’s Criminal Justice Information Systems Compliance Specification, version 5.3, sets the standard for information security for criminal justice organizations in the US. Of the 13 Policy Areas of the specification, HyTrust can directly help with seven, including Incident Response, Auditing and Accountability, Access Control, Identification and Authentication, Configuration Management, Systems and Communications Protection and Information Integrity and Formal Audits. Learn More. See also CJIS Compliance with HyTrust, VMware and Intel.
- HyTrust/Intel® Federal Blog – we have a blog with content for government agencies and organizations from .mil to .gov, which we invite you to view HERE.
YES! I'm interested.
I would like to speak to a Federal Sales Representative about HyTrust Solutions for Government
Honorable Larry Delaney
Former Secretary of the U.S. Air Force
“Security is understandably top of mind in this environment.”
Principal at PTH Ventures and former CIO, J-6, SOCOM
“Just as there’s so much innovation in technology development in private sector leaders like HyTrust, there must be corresponding adoption of those technologies in government agencies that provide vital services.”
Ambassador Robert Gelbard
Former U.S. State Department Career Diplomat
“Every agency within the US government fully understands the need to rapidly deploy virtualization technologies and strategies to enhance the ability to respond to market forces while continuing to reduce costs. I look forward to working with HyTrust to address the demanding security needs of this vital sector while enabling full innovation.”
The Criminal Justice Information Systems (CJIS) Compliance Specification v5.3 prescribes “Access Controls”, “Configuration Management”, and “Systems Protection and Data Integrity” as critical control objectives. This document summarizes how HyTrust software can simplify CJIS compliance, by automating VM encryption and administrative controls in a virtualized datacenter running VMware vSphere on Intel processors.
Government, military, and major national civilian agencies make enticing targets for cyber crime and cyber espionage. To combat this reality, significant measures have been implemented or are underway to make networks and data safe in the federal government, the military, state and local governments, and large national organizations such as airports. Yet, there are still numerous challenges blocking an ultimate victory over cyber crime at every level.
ESG’s Jon Oltsik outlines the vulnerability gap that exists between server virtualization and the requirements to secure these dynamic and mobile infrastructures. Jon outlines how new BoundaryControls from HyTrust and Intel can help security professionals address this gap.
In this paper we will explore background topics around FISMA, NIST and NIST Special Publication 800-53. We will then examine specific security controls called out by 800-53 and we will map how those controls are addressed by HyTrust.
Compliance, including HIPAA and HITECH, need to get in the way of virtualization. We explore further in this informative webinar.
As more organizations virtualize their clinical and ePHI applications, their virtual servers must now be brought into compliance with HIPAA/HITECH. The native capabilities in virtualization platforms such as VMware vSphere are not sufficient to meet all HIPAA/HITECH control requirements.
Healthcare enterprises have achieved major cost savings, operational benefits, and great ROI from virtualizing lower tier workloads. However, many of these organizations are finding that further data center transformation presents new and daunting challenges.
“The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust added key administrative control and visibility into our virtual infrastructure, along with comprehensive and granular auditing. I wish deployments with all vendors went as smoothly as ours did with HyTrust.”
– Randall Poole, VP Cloud Services