Request demo

Pass IT audits, enforce policies and stay compliant

Heavily-regulated industries need to cope with a number of regulations, meet strict compliance demands and pass IT audits. Learn how we can help with SSH governance and IT audit success.


NIS directive for OES/DSP providers

The EU's NIS directive on the security of network and information systems requires Operators of essential (OES) services and key digital service providers (DSP) to notify serious security incidents to the authorities. In addition, they need to be able to provide:

  • Access control policies, including descriptions of roles, groups, access rights, and procedures for granting and revoking access
  • Logs from privileged account usage
  • Segregation of duties control matrices

PCI DSS card data compliance

PCI DSS (Payment Card Industry Data Security Standard) sets standards for controlling access to valuable cardholder data (CHD) and Cardholder Data Environments (CDE). To meet PCI DSS requirement you must be secure against external and insider threats: 

  • Encrypt traffic between end points to protect cardholder data (CHD) in transit
  • Provide secure access to CDEs for application developers and administrators
  • Authenticate users and servers to ensure authorized user access to CHD 
  • Log a proper audit trail of all access
Learn about lean PAM and IT audit success with PrivX >>>

ISO 27001 standard

ISO 27001 is one of the most fundamental standards in information security. It has a special section on access control (A.9.1.1) stating, for example, that businesses must:

  • Know who needs to access and use information along with clearly defined procedures and responsibilities
  • Take care of the proper management of privileged access rights (e.g. super users/administrators controls) and enforce periodic reviews

FIPS 140-2 for smartcards

FIPS 140-2 is a U.S. government computer security standard for approving cryptographic modules, including smartcards, like U.S. Federal Government Personal Identity Verification (PIV) and Common Access Card, (CAC) cards.

NISTIR 7966 SSH Key governance

NISTIR (National Institute of Standards and Technology Interagency Report) 7966 governs the security of interactive and automated access management using Secure Shell (SSH). It helps organizations understand the basics of  interactive and automated SSH access, focusing on the management of SSH user keys. It explains:

  • The hidden risks of poorly managed SSH identities
  • Why NIST is focuses on the SSH protocol
  • How to adopt best practices for SSH Key management
  • How to map NIST 7966 against industry best practice controls

More on SSK Key compliance and UKM >>> 


Sans-CIS security controls

The SANS CIS Critical Security Controls (CSCs) are recommendations on how to prevent cyber attacks and protect critical assets, infrastructure and information. Topics include:

  • Asset inventory, purpose and owner  – who owns your digital keys, how are they used and how many are there? 
  • Protection of information – take control of root access keys, shared credentials, rogue digital keys and any unmonitored access
  • Network access controls – session-level control over network access and eliminate unmanaged digital keys 
  • Vulnerability scanning and security analysis – scanning for SSH Key strength, age, OS version, SSH version, known vulnerabilities and policy violations

HIPAA and SSH governance

The HIPAA (Health Insurance Portability and Accountability Act) Security Rule addresses  safeguards that secure individuals’ Electronic Protected Health Information (ePHI), including Electronic medical records (EMRs) and Electronic health records (EHRs). Core components of include:

  • Workforce security – secure access should be monitored, auditable and guard against violation of segregation of duties 
  • Information access management – corporate identity and access management policies should prevent SSH tunneling
  • IT Audit controls – systematic access configuration and monitoring should include remediation of legacy SSH Keys and integration of SSH Key management into the Security Operations Center (SOC) and risk systems
  • Transmission security – prevent man-in-the-middle attacks with proper SSH governance 

Read more about UKM and IT audits >>>



The General Data Protection Regulation (GDPR) requires organizations to protect the privacy and personal data of EU citizens if these organizations operate within EU member states. The compliance act enforces responsibilities on both organizations that own the data and on outside organizations that use that data. These rules apply to private and public organizations alike. Important aspects include obligations to:

  • report breaches – applies to all organizations in the supply chain
  • inform customers about their rights under GDPR
  • demonstrate consistent data management processes
  • restrict access to critical and sensitive data to selected roles and/or individuals – including personally identifiable information (PII), IP address, cookie data, and health and biometric data 
  • understand how vendors, 3rd parties and consultants manage data
More on 3rd party access management with PrivX >>>

Our portfolio



PrivX is the next-generation Privileged Access Management solution featuring unparalleled ease-of-use, cost-efficiency and automation.

PrivX is perfect for securing, managing and tracking superuser and power user access in the hybrid cloud.




Universal SSH Key Manager™ is the leading full lifecycle SSH Key management solution trusted by many of the world's largest enterprises.

UKM manages and automates the lifecycle of millions of digital keys for risk mitigation and audit success.




NQX is an ultra-secure quantum-ready encryption solution for transporting Ethernet and IP traffic across any network, private or public.

Software-based NQX feature matchless performance and security using cost-effective off-the-shelf hardware.




Tectia is the gold standard in secure remote access and file transfers featuring industry-leading security, efficiency, and speed.

Tectia is available for all major operating systems, including Windows, Unix, Linux and z/OS.