Book Demo!

PAM Compliance simplified.

ISO, NIST, HIPAA, HITRUST, national, regional, government and industry regulations create robust security frameworks to protect citizens and consumers. However, these constantly improving guidelines as well as changes and expansion of the business itself add an ever increasing pressure on commercial and government organizations to meet their compliance requirements.

Xton Access Manager provides an out-of-the-box solution to several crucial regulatory controls across multiple guidelines. It allows organizations to meet their compliance requirements in time and focus on their primary business.

Xton Access Manager Compliance Solutions
Xton Access Manager Solutions for Compliance
PAM Solutions for Compliance

Xton Access Manager for Compliance


European Union General Data Protection Regulation

EU GDPR Compliance is required by any company that deals with any European Union Citizen’s personal Identifiable information. Companies and Governments must comply by May 28, 2018 or face stiff fines that can be as high as 4% of global turnover. Auditors are specifically interested in protecting privileged account credentials because they contribute to the most number of security breaches of PII. There may be hundreds or thousands of these privileged accounts at a company or government and auditors want these passwords changed regularly and strengthened to be longer and more complex. XTAM can automate this task as well as monitor sessions using these accounts.


NIST 800-171

Developed by NIST as part of the Federal Information Security Modernization Act (FISMA) of 2014, NIST Special Publication 800-171 (PDF) is a framework that specifies how your information systems and policies need to be setup in order to protect Controlled Unclassified Information (CUI).
To learn about how Xton Access Manager can help your business comply with NIST 800-171, please continue reading here.


ISO 27001

Originally published by the International Organization for Standardization (ISO) in 2005 and subsequently updated in 2013, ISO 27001:2013 (link) specifies the requirements for establishing, implementing, maintaining, and continually improving an organization’s information security management system (ISMS).

To learn about compliance with the ISO 27001 standard, please continue reading here.


NIST 800-53

As part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, NIST Special Publication 800-53 (link) covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements.



The Health Information Trust Alliance (HITRUST) is a privately held company located in the United States that has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.



The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.


CIS Controls

Center for Internet Security (CIS) Controls are a prioritized set of actions to defend against the vast majority of the most common attacks.



The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) mission is to guide a cohesive effort between government and industry to improve the cyber security posture of control systems within the nation’s critical infrastructure.



The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines what is required of healthcare organizations to ensure the portability of healthcare coverage and the privacy of patient records.



The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.



The Sarbanes-Oxley act (PDF) was enacted by the United States Congress in July 2002. It requires publicly traded companies to ensure that they are properly reporting financial information. One of the most critical sections is section 404, which requires internal control over the creation of financial reports, and mandates responsibility for access privileges.


FDA 21 CFR Part 11

Pharmaceutical and other biotech companies are subject to regulation by the food and drug administration (FDA). One of the FDA regulations, regarding electronic signatures and the integrity of electronic systems, is FDA 21 CFR 11.


GLB – Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley act, signed in 1999, applies to financial institutions and securities firms. It requires them to implement strict regulations to protect the privacy of customer data.


    Have questions about other standards or regulations?
    Let us know below and we will gladly follow up with details.

    What other standard or regulation are you interested in discussing?


    Xton Access Manager Features

    Account Management
    Protect your privileged accounts from being shared or abused by inside and outside threats.

    Learn More ›

    Session Management
    Restrict, observe and record privileged sessions, block rogue operations from being executed and create a full audit trail of events.

    Learn More ›

    Job Management
    Define policies that will automate password resets and repetitive administrative activities and jobs.

    Learn More ›


    Copyright © 2020 Xton Technologies, LLC. All rights reserved.