Lockheed Martin Achieves NIST SP 800-171 Compliance for Privileged Access with Netwrix Privilege Secure for Discovery
It’s rare to find a simple solution that simultaneously improves compliance, operations, and security. Granting full administrator rights, Just-In-Time, to individual systems, improves administrator support coverage while drastically limiting lateral movement risk. Netwrix Privilege Secure for Discovery builds on the solution by offering multi-factor authentication, continuous admin inventory, full logging of when individuals access specific systems, and enterprise scalability.
Chad Anderson, Cyber Mitigations Architect at Lockheed Martin
- As a contractor/subcontractor of Department of Defense (DoD) who stores, processes, or transmits “covered defense information” Lockheed Martin was required to comply with 110 security controls defined in NIST Special Publication 800-171, with emphasis on network access and administrator privileges. The customer decided to establish a company-wide program to meet the DoD requirements under (DFARS) 252.204-7012.
- Lockheed Martin needed a highly scalable solution that coupled multi-factor authentication (MFA) and dynamic privileged access and could meet compliance requirements while also minimizing impact to ongoing operations.
- “When seeking a PAM solution that could meet our requirements, ease of integration, reliability, and scale were all critical, and we couldn’t afford to compromise in any of those areas,” said Mike Gordon, Deputy Chief Information Security Officer at Lockheed Martin.
The vendor worked an aggressive timeline and a full-life cycle implementation across the global enterprise to provide added security for our desktop administrators. We call it ‘Instrumented Compliance’, which means not only being compliant but, more importantly, being able to continue to assure our customers and employees that we are protecting their critical data.
Joel Johnson, Cyber DFARS Program Manager at Lockheed Martin
Password vault solutions, which were already in use across some parts of the company, did not provide dynamic privileged access. Building an in-house solution was an expensive and time-consuming process that would distract from other security priorities in the near-term and build in an ongoing cost to the department. During POC, Netwrix Privilege Secure for Discovery proved to be easier to deploy, more secure and able to continuously inventory the distribution of privileged access across Lockheed Martin’s systems.
With Netwrix Privilege Secure for Discovery, Lockheed Martin got the following benefits:
- Just in time access to privileged accounts
Lockheed Martin managed to stop lateral movement, as Netwrix Privilege Secure for Discovery takes a fully dynamic approach, assigning privileged access solely to the endpoints the administrator needs, and only for a specific period. Even if administrator usernames or passwords are stolen, the zero-privilege baseline for protected endpoints ensures that compromised accounts cannot be used to access systems, nor move laterally through the network.
- Smooth roll-out with minimum business downtime
With Netwrix Privilege Secure for Discovery, Lockheed Martin now easily protects privileged access with MFA and continuously detects any unauthorized privileged access. The solution was deployed within several weeks with minimal disruptions to Lockheed Martin’s 150,000+ endpoints due to its agentless nature.
- Fast learning curve
Lockheed Martin didn’t need to spend a lot of time to adopt a new process. Netwrix Privilege Secure for Discovery is extremely easy to use, including a responsively-designed web interface and API-first architecture that is easy for DevSecOps, operations and information security teams to manage.
- Continuous detection of unauthorized access
- Improved traceability of data access
- Compliance to vertical regulations
- Improved operational security
Headquartered in Bethesda, Maryland, Lockheed Martin Corporation is a global security and aerospace company that employs approximately 114,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services.