Section 508
Legal Resources
We invest significant resources in ensuring that our solutions and products comply with existing government certifications and mandates.
A security and compliance architect assesses the security capabilities of all our products using a detailed checklist. The architect cross-references those capabilities to the categories specified by National Institute of Standards and Technology (NIST) in publication 800-53. These internal assessments are available upon request to customers who wish to review the security capabilities of a product. Publication 800-53 serves as the basis for most FISMA controls, meaning our product capabilities also map to FISMA requirements.
We have a long history of working with federal agencies, and are committed to achieving working government security standards—including the requirements of FIPS Publications 140/201, FISMA, and other information assurance processes. We use technologies that comply with FIPS 140-2 to protect data and limit system access. It provides documentation to help agencies determine if products meet their unique security requirements, and assists agency efforts to perform Certification & Accreditation (C & A) of our solutions.
Some of our products have received Federal Desktop Core Configuration (FDCC) certifications. Others are certified under the Cryptographic Algorithm Validation Program (CAVP). Additionally, our R&D organization uses NIST-certified Security Content Automation Protocol (SCAP) vulnerability scanning and certification technologies.
Compliance is an ongoing effort in a changing landscape. We commit to staying as current as possible with our certifications so that your organization can confidently leverage our solutions to save time and money across physical, virtual and cloud environments.
Section 508 & VPATs
In recognition and support of the “Electronic and Information Accessibility Standards” defined by Section 508 of the Rehabilitation Act, we publish accessibility self-assessments of our products using Voluntary Product Accessibility Templates (VPATs). The VPAT criteria influence the product roadmaps, and our Research and Development teams update the VPATs for their products during each major release cycle to reflect accessibility improvements contained in the latest release.
Below you will find VPATs for our software solutions. If the software VPAT you seek is not listed below, please contact us.
- Active Roles
- Active Roles add-on for Recovery Manager for Active Directory
- Authentication Services
- Defender
- Defender ADFS Adaptor
- Identity Analytics and Intelligence
- Identity Manager
- Identity Manager as a Service
- Identity Manager – Cloud HR Systems Module
- Identity Manager – Database Systems Integration Module
- Identity Manager – Health Care Systems Module
- Identity Manager – ServiceNow Connector Module
- Identity Manager – Starling Connector Module
- Identity Manager Data Governance Edition DGE
- One Identity Cloud Access Manager
- One Identity Safeguard
- Password Manager
- Privilege Manager
- Privilege Manager for Sudo
- Privilege Manager for Unix
- Quick Connect for Active Directory
- Quick Connect for Base Systems
- Quick Connect for for Cloud Services
- Quick Connect Management Shell
- Quick Connect Sync Engine
- Safeguard as a Service
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
- Starling Connect
- Starling Governance
- Starling Two-Factor Desktop Login
- Starling Two-Factor Authentication
- Starling Two-Factor AD FS Adapter
- Starling Two-Factor HTTP Module
- Starling Two-Factor RADIUS Agent
- Stat
- syslog ng Premium Edition
- syslog-ng Store Box
C&A
Certification & Accreditation (C&A) is a requirement for all federal IT systems. C&A applies to complete systems – hardware and software – in a specific environment, associated with specific policies and procedures. Certification is the technical evaluation of the system components as they relate to security, and accreditation is the formal acceptance of that system in its specific environment.
Since C&A is environment-specific, no software, including our solutions, can be generically certified and accredited, but must go through that process for each environment in which it is installed. Upon request, we will provide copies of our products and assist organizations in their specific C&A efforts for our solutions.
This page was last updated on May 06, 2019