Is Your Agency Subject to
the Requirements Specified
in Army Regulation 25-2?
Chris Boswell
Executive Summary
3
Section 1:
4
AR 2502 Detailed Requirements
Section 2:
10
CA Technologies Solutions
Section 3:
14
About the Author
Challenge
Army Regulation 25-2 includes a number of technical, administrative and operational safeguards designed
to protect unclassified, sensitive, or classified information stored, processed, accessed, or transmitted by
information systems. Compliance with this policy is mandatory for active Army, Army National Guard and
U.S. Army Reserve personnel, as well as all users of Army information systems, including related agencies
such as Department of Defense, sister services such as U.S. Army Corps of Engineers and any contractors
working on Army information systems pursuant to Army contracts.
Opportunity
CA Technologies provides a number of critical capabilities which address key requirements within Army
Regulation 25-2. This white paper will explore those requirements in detail as well as the solutions
developed to help achieve and maintain compliance going forward.
Benefits
AR 25-2 outlines a number of controls that must be in place to protect Army Information Systems. The
majority of these controls are outlined in Chapter 4 Information Assurance Policy. CA Technologies provides
a number of security solutions to address the more technical requirements described in this chapter, as
highlighted in the figure below:
Policy Requirement
CA Technologies
Facilitates Compliance
Section 1 General Policy 4
Section 2 Software Security 4
Section 3 Hardware, Firmware, and Physical Security
Section 4 Procedural Security 4
Section 5 Personal Security
Section 6 Information Systems Media
Section 7 Network Security 4
Section 8 Incident and Intrusion Reporting
Section 9 Information Assurance Vulnerability Mangement Section 10 Miscellaneous Provisions
Section 1:
AR 2502 Detailed Requirements
Section I: 4-5 Minimum Information Assurance Requirements
#
Requirement
CA Technologies Solutions
4-5.9.a Disabling or removing security or protective software and their mechanisms and their associated logs from information systems.
CA Privileged Identity Manager host based agents allow
organizations to build and establish a trusted computing base that can be leveraged to help ensure that security or protective software is not tampered with, even by root or other privileged users. 4-5.9.c IA personnel will implement system
and device access controls using the principle of least privilege (POLP) via automated or manual means to actively protect the IS from compromise, unauthorized use or access, and manipulation.
CA Privileged Identity Manager fine grain access control policies allow organizations to enforce the principle of least privilege (POLP) and maintain separation of duties, even when users are accessing privileged accounts.
4-5.9.c.4 Verify systems are configured to automatically generate an auditable record or log entry for each access granted or attempted.
CA Privileged Identity Manager provides its own centrally managed, secure and digitally signed log that will serve as an authoritative source for all access attempts. IA personnel can access CA Privileged Identity Manager reports to monitor and report system activity and demonstrate compliance with agency mandates.
4-5.9.c.5 Validate that systems identify users through the user’s use of unique user identifications (USERIDs)
The CA Privileged Identity Manager Shared Account Management capability helps control access to shared system service accounts and other privileged user accounts by forcing users to formally check out accounts and uniquely identify themselves before gaining access to systems. For *NIX systems, CA Privileged Identity Manager also provides a PAM Kerberos module that can be implemented to allow users to sign onto systems using their Active Directory USERIDs. This streamlines and simplifies security, operations and information assurance because it removes the need to store and manage USERID’s locally on each *NIX server individually. As a result, important tasks such as deprovisioning become much easier to manage and report against.
4-5.9.c.6 Validate that systems authenticate users through the use of the CAC as a two-factor authentication mechanism. The CAC has certificates on the integrated circuit chip (ICC), and will be used as the primary user identifier and access authenticator to systems.
CA Privileged Identity Manager achieves CAC integration through integration with CA Single Sign-On.
4-5.9.c.9 Validate that system configurations prohibit anonymous accesses or accounts (for example, Student1, Student2, Patron1, Patron2, anonymous).
The CA Privileged Identity Manager Shared Account Management capability forces users to formally check out accounts and uniquely identify themselves before gaining access to systems. As a result, users are not able to sign on to systems anonymously.
#
Requirement
CA Technologies Solutions
4-5.9.c.10 Prohibit the use of generic group accounts. Permit exceptions only on a case-by-case basis when supporting an operational or administrative requirement such as watch- standing or helpdesk accounts, or that require continuity of operations, functions, or capabilities. IAMs will implement procedures to identify and audit users of group accounts through other operational mechanisms such as duty logs.
CA Privileged Identity Manager can lock down and generally prohibit the use of generic group accounts. In those situations where support, operations or administration personnel require access, CA Privileged Identity Manager can require formal workflow request and approval before access is granted. When the session has ended the account password will be automatically revoked and CA Privileged Identity Manager will provide an auditable record of the individual who actually used the group account.
4-5.9.c.11 Verify that system configurations limit the number of user failed log-on attempts to three before denying access to (locking ) that account, when account locking is supported by the IS or device. If IS-supported, the system will prevent rapid retries when an authenticator is incorrectly entered and gives no indications or error messages that either the authenticator or ID was incorrectly entered (for example, implement time delays between failed attempts).
CA Privileged Identity Manager centrally manages and enforces the number of failed log-on attempts allowed as well as lockout duration across disparate platforms.
4-5.9.c.12 Verify that system configurations generate audit logs, and investigate security event violations when the maximum number of authentication attempts is exceeded, the maximum number of attempts from one IS exceeded, or the maximum number of failed attempts over a set period is exceeded.
CA Privileged Identity Manager provides its own centrally managed, secure and digitally signed log that will serve as an authoritative source for IA personnel to investigate and report against violations where the maximum number of authentication attempts is exceeded.
4-5.9.c.14 If documented in the C&A package and authorized by the DAA, time-based lockouts (that is, access is restricted based on time or access controls based on IP address, terminal port, or combinations of these) and barriers that require some time to elapse to enable bypassing may be used.
CA Privileged Identity Manager provides the ability to restrict user access based on time, IP address, terminal port or combination of these.
4-5.9.c.14.a Implement mandatory audit trails to record all successful
and unsuccessful log-on attempts. CA Privileged Identity Manager provides its own centrally managed, secure and digitally signed log that will serve as an authoritative source for IA personnel to investigate and report against successful and unsuccessful log-on attempts.
4-5.9.c.17 Create and enforce access auditing, and protect physical access control events (for example, card reader accesses) and audit event logs for physical security violations or access controls to support investigative efforts as required.
CA Privileged Identity Manager enforces access auditing and provides its own centrally managed, secure and digitally signed log that will serve as an authoritative source for IA personnel to investigate and report against successful and unsuccessful log-on attempts.
#
Requirement
CA Technologies Solutions
4-5.9.f.8 Upon acceptance for operational use (whether developmental, GOTS, or COTS), keep software under close and continuous CM controls to prevent unauthorized changes
CA Privileged Identity Manager provides a “Watchdog” service that allows users to create a Trusted
Computing Baseline and monitor it on a continuous basis for unauthorized changes. This capability directly supports the agency’s continuous monitoring efforts. 4-5.9.h. SAs will configure ISs to automatically log all access attempts. Audits
of IS will be either automated or by manual means. SAs will implement audit mechanisms for those ISs that support multiple users.
1. Use audit servers to consolidate system audit logs for centralized review to remove the potential for unauthorized editing or deletion of audit logs in the event of an incident or compromise.
2. Commands, organizations, tenants, activities, and installations will support centralized audit server implementations in the enterprise. 3. Centralized audit servers logs will be maintained for a minimum of 1 year. 4. Conduct self-inspections by the respective SA/NA or IA manager. 5. Enable and refine default IS logging capabilities to identify
abnormal or potentially suspicious local or network activity–— a. Investigate all failed login attempts or account lockouts. b. Maintain audit trails in sufficient detail to reconstruct events
in determining the causes of compromise and magnitude of damage should a malfunction or a security violation occurs. Maintain system audit logs locally for no less than 90 days. c. Retain classified and sensitive IS audit files for 1 year (5 years for SCI systems, depending on storage capability). d. Provide audit logs to the ACERT, Army–Global Network
Operations and Security Center (A–GNOSC), LE, or CI personnel to support forensic, criminal, or counter-intelligence
investigations as required.
e. Review logs and audit trails at a minimum weekly, more frequently if required, and take appropriate actions.
The CA Privileged Identity Manager User Activity Reporting Module (UARM) aggregates and correlates log information from a variety of sources and provide mechanisms which consolidate auditing activity into a centrally managed location. IA managers can leverage UARM to conduct their own inspections, investigate failed login attempts and account lockouts and reconstruct events to support security and operations personnel.
4-5.9. j.1 Implement safeguards to detect and minimize unauthorized access and inadvertent, malicious, or non-malicious modification or destruction of data.
CA Privileged Identity Manager provides fine grain, resource- based access controls which can be leveraged to build policies to protect data integrity. Because of its low-level integration with the operating system kernel, CA Privileged Identity Manager is uniquely capable of preventing unauthorized access and inadvertent, malicious or non-malicious modification or destruction of data, even from privileged users defined within the system. 4-5.9. j.6 Protect data at rest (for example, databases, and files) to the
classification level of the information with authorized encryption and strict access control measures implemented.
Even encryption does not provide absolute protection from privileged users and internal threats. CA Privileged Identity Manager provides fine grain, resource-based access controls that can help protect data at rest from even the most powerful administrators.
#
Requirement
CA Technologies Solutions
4.6.a IA personnel will implement controls to protect system software
from compromise, unauthorized use, or manipulation. CA Privileged Identity Manager provides fine grain access control capabilities to scope who has access to system software. Features include the ability to restrict program access by privileged users such as administrator and root, as well as the ability to create Program ACLs (PACLs) which would prevent software from being modified by other setuid or setgid programs. CA Privileged Identity Manager also includes a “Watchdog” service that allows users to create a Trusted Computing Baseline and performs file integrity monitoring to prevent and detect unauthorized software changes.
4.6.f Program managers and DAA will restrict systems used or designated as “test platforms” from connecting to operational network. PM and DAAs can authorize temporary connections to conduct upgrades, download patches, or perform vulnerability scans when off-line support capabilities are insufficient and protections have been validated. Remove the “test platform” IS immediately upon completion of the action until it has been operationally accredited and is fully compliant.
CA Privileged Identity Manager can be used to tag and label systems in virtual environments and prevent those systems from connecting to operational networks based upon labels. This functionality is completely automated to enhance security and streamline the software development process.
4.6.i Use of data assurance and operating systems integrity products (for example, public key infrastructure (PKI),
Tripwire, Internet protocol security (IPSec), transmission control protocol/Internet protocol ( TCP/IP) wrappers) will be included in product development and integrated into end-state production systems.
CA Privileged Identity Manager provides file monitoring and network security capabilities analogous to Tripwire, IPTables and TCP Wrappers, but also provides additional data assurance capabilities such as password vaulting, session recording, Kerberos Pluggable Authentication Module for UNIX systems and fine grain access controls. 4.6. j IAMs and developers will transition high-risk services such as, but not
limited to, ftp or telnet to secure technologies and services such as secure ftp (sftp) and secure shell (ssh).
CA Privileged Identity Manager provides host-based capabilities to help enforce not only the mechanisms used to access systems but the systems, locations and users authorized to access those systems as well.
4.7.h The System Owner will place databases on isolated and dedicated servers with restricted access controls. DBAs will not install other vulnerable servers or services (for example, web servers, ftp servers) that may compromise or permit unauthorized access of the database through another critical vulnerability identified in the additional servers or services.
CA ControlMinder’s fine grain access policies can effectively scope the privileges of database administrators so that vulnerable servers or services cannot be installed, even if the user assumes root or administrator privileges.
4.7. j.7 Control measures to protect database(s) servers and interfaces from direct, unauthorized, or un-authenticated Internet access using filtering and access control devices or capabilities (for example, firewalls, routers, ACLs).
The CA Privileged Identity Manager provides host-based network access capabilities analogous to TCP Wrappers and IPTables to provide a central mechanism for protecting database servers and interfaces from direct, unauthorized or un-authenticated Internet access.
Section II: 4-6, 4-7- Software Security Controls and Database Management
#
Requirement
CA Technologies Solutions
4-12 a. Implement two-factor authentication techniques as the access control mechanism in lieu of passwords. Use CAC as the primary access credential, or biometric or single-sign on access control devices when the IS does not support CAC.
b. The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. c. The holder of a password is the only authorized user of that
password.
d. The use of one-time passwords is acceptable, but organizations must transition to secure access capabilities such as SSH or secure sockets layer (SSL). See remote access requirements in para 4–5d. e. SAs will configure ISs to prevent displaying passwords in the clear
unless tactical operations (for example, headsup displays while an aircraft is in flight) pose risks to life or limb.
f. IAMs will approve and manage procedures to audit password files and user accounts for weak passwords, inactivity, and change history. IAMs will conduct quarterly auditing of password files on a stand-alone or secured system with limited access.
g. Deployed and tactical systems with limited data input capabilities will incorporate password control measures to the extent possible. h. IAMs and SAs will remove or change default, system, factory
installed, function-key embedded, or maintenance passwords. i. IAMs and SAs will prohibit automated scripts or linkage capabilities,
including, but not limited to, Web site links that embed both account and authentication within the unencrypted link. j. SAs/NAs, with DAA approval, will implement procedures for user
authentication or verification before resetting passwords or unlocking accounts in accordance with the C&A package. k. SAs/NAs will conduct weekly auditing of service accounts for
indications of misuse.
l. The use of password generating software or devices is authorized as a memory aid when it randomly generates and enforces password length, configuration, and expiration requirements; protects from unauthorized disclosure through authentication or access controls; and presents a minimal or acceptable risk level in its use.
CA Privileged Identity Manager provides fine grain access control capabilities to scope who has access to system software. Features include the ability to restrict program access by privileged users such as administrator and root, as well as the ability to create Program ACLs (PACLs) which would prevent software from being modified by other setuid or setgid programs. CA Privileged Identity Manager also includes a “Watchdog” service that allows users to create a Trusted Computing Baseline and performs file integrity monitoring to prevent and detect unauthorized software changes.
#
Requirement
CA Technologies Solutions
4-20.e.3 Employ identification, authentication, and encryption
technologies when accessing network devices CA Privileged Identity Manager provides a password vaulting mechanism for privileged credentials that enables secure access to network devices. Once deployed, CA Privileged Identity Manager effectively converts existing systems to a one-time password authentication mechanism for privileged accounts in your environment, allowing users to rotate passwords as credentials are checked out (or in) for use. CA Privileged Identity Manager can also be deployed to enforce how users are accessing network devices For example, CA Privileged Identity Manager can be deployed so that passwords are not displayed to the end user at all, but authorized mechanisms such as SSH are used to automatically log users into network devices.
4-20.f.1. Configure ISs to use encryption when available or as part of the global enterprise to secure the content of the email to meet the protection requirements of the data.
CA Data Protection provides content inspection of email messages and can enforce encryption of messages based on the sensitivity of the content and the protection requirements of the data.
4-20.f.5 All personnel will employ Government owned or provided e-mail systems or devices for official communications.
The use of commercial ISP or e-mail accounts for official purposes is prohibited.
CA Privileged Identity Manager can prevent the use of third party commercial email accounts for official purposes.
4-20.f.6 Auto-forwarding of official mail to non-official accounts or
devices is prohibited. CA Data Protection can prevent official mail from being forwarded to non-official accounts and devices. 4-20.f.7 Permit communications to vendors or contractors for official
business and implement encryption and control measures appropriate for the sensitivity of the information transmitted.
CA Data Protection content inspection technology can enforce encryption of messages to vendors or contractors to help ensure information is securely transmitted. 4-20.g.5 Network management and IA personnel will implement and
enforce local area management access and security controls. Publicly accessible web sites will not be installed or run under a privileged- level account on any web server. Non-public web servers will be similarly configured unless operationally required to run as a privileged account, and appropriate risk mitigation procedures have been implemented.
CA Privileged Identity Manager provides fine grain access control capabilities that can be used to lock down both public and non-public web servers. In the event that certain web servers require privileged accounts to run,
CA Privileged Identity Manager can effectively jail the application and scope the privileges of the account to limit the impact of account or service compromise
4-20.g.8 Extranet and intranet servers will provide adequate encryption
and user authentication. CA Single Sign-On delivers robust access and authorization controls, as well as session management to protect web-based resources.
#
Requirement
CA Technologies Solutions
4-20.g.10 Network managers and IA personnel will configure all servers (including Web servers) that are connected to publicly accessible computer networks such as the Internet, or protected networks such as the SIPRNET, to employ access and security controls (for example, firewalls, routers, host-based IDSs) to ensure the integrity, confidentiality, accessibility, and availability of DOD ISs and data.
CA Single Sign-On delivers robust access and authorization controls, as well as session management to protect web-based resources. CA Privileged Identity Manager provides robust fine grain access controls to protect underlying systems hosting Army applications.
4-20.g.14 All private (non-public) Army Web sites that restrict access with password protection or specific address filtering will implement SSL protocols utilizing a Class 3 DOD PKI certificate as a minimum. NETCOM/9th SC (A) issues and manages these certificates.
CA Single Sign-On delivers robust access and authorization controls, as well as session management to protect web-based resources utilizing Class 3 DOD PKI certificates. 4-20.i All personnel will use only IA security software listed on the
IA tools list on Army systems and networks. The list of Army approved IA tools is available through the IA Web site. Requests for consideration and approval for additional security software packages to be added to the IA tools list must be submitted through NETCOM/9th SC (A) channels ATTN: NETC–EST–I, ATTN: OIA&C to CIO/G–6.
CA Technologies security solutions are actively being used throughout the Army today and are either listed on the approved IA tools list or are in the process of being recertified to reflect the latest versions available.
Section 2:
CA Technologies Solutions
CA Privileged Identity Manager
CA Privileged Identity Manager is an IT resource protection and privilege management security solution. It
is a mature product that has been in service in the Federal government and commercial and private sector
for many years. In addition to AR 25-2, CA Privileged Identity Manager also maps to NIST 800-53 across a
variety of control areas providing the security enforcement, centralized management, and repeatable
processes that an organization must have to enable compliance. CA Privileged Identity Manager can make
IT security a standardized process that provides continuity of operations and helps reduce risk.
CA Privileged Identity Manager helps to mitigate both internal and external risk by controlling how business
or privileged users access and use enterprise data. The result is a higher level of security, a lower level of
administrative costs, easier audit/compliance processes and a better user experience.
CA Privileged Identity Manager is designed to provide a comprehensive solution to privileged user
management, protecting servers, applications and devices across platforms and operating systems.
CA Privileged Identity Manager operates at the system level to enable efficient and consistent enforcement
across systems— including Windows, UNIX, Linux and virtualized environments. By distributing server
security policies to endpoint devices, servers, and applications via an advanced policy management
capability, you can control privileged users and provide a proactive approach to securing sensitive
information and critical systems without impacting normal business and IT activities. Moreover, you can
securely support auditing of each policy change and enforcement action in order to be able to comply with
Federal (IRS) regulations.
CA Privileged Identity Manager provides a holistic approach to access management as it includes key
capabilities to protect and lock down critical data and applications, manage privileged identities, centralize
UNIX authentication with Microsoft Active Directory and provide a secure auditing and reporting infrastructure.
CA Privileged Identity Manager Key features:
• Regulates and audits access to your critical servers, devices, and applications consistently across platforms
• Manages privileged user passwords
• Allows you to proactively demonstrate fine-grained control over privileged users and system accounts
• Helps enforce your internal and regulatory compliance requirements by creating and reporting on server
access policies
• Helps reduce administrative costs by centrally managing security policies across your globally
distributed enterprise
• Enables you to authenticate UNIX & Linux privileged users from a single Active Directory user store
• Hardens the operating system which reduces external security risks and facilitates operating
environment reliability
• Integrates OOTB with an auditing infrastructure that produces in-depth regulation specific reports
CA Single Sign-On
The Web is open for business around-the-clock, and CA Single Sign-On reliably and effectively enables your
organization’s online presence to be secure, available and accessible to the right users. Recognized for
having the most advanced security management capabilities and enterprise-class site administration,
CA Single Sign-On can scale to support millions of users and thousands of protected resources.
CA Single Sign-On allows organizations to meet the challenge of deploying resources via the Web while
maintaining high performance and high availability. It controls who is able to access which applications
and under what conditions, improves users’ online experiences and simplifies security administration. By
enforcing policies and monitoring and reporting online activities and user privileges, CA Single Sign-On also
eases regulatory compliance.
CA Single Sign-On provides a broad range of benefits including:
•
Ensure the Right Users have the Right Access: With CA Single Sign-On, the secure management of
identities across diverse web systems means the system controls access by leveraging the user’s context
to the business (partner, consultant, customer, etc.) and their rights to each application. CA Single Sign-On
WAM enables users to connect to the information and applications they need to do their jobs, place an
order or otherwise transact business.
•
Increase Security to Mitigate Risks: CA Single Sign-On reduces the risk of unauthorized access to critical
resources and sensitive information, protecting the content of an entire web portal or set of applications.
Centralized security enforcement and FIPS certified cryptographic algorithms means that there are no
holes left open in a CA Single Sign-On secured web environment.
•
Provide Users with a Positive Online Experience: CA Single Sign-On lets a user sign on once to access
web applications, engaging them in a unified, personalized online experience rather than frustrating them
with multiple logins.
•
Increase Business Opportunities: CA Single Sign-On allows organizations to securely deploy web
applications to multiple different user communities, enabling increased business opportunities that can
enhance revenue. Extend CA Single Sign-On with identity federation and your organization can improve
collaboration with partners, further enhancing relationships to increase revenue, manage cost and
mitigate risk.
•
Manage Costs: CA Single Sign-On mitigates IT administration costs. It also reduces the security burden
on users and thus the burden on the help desk caused by lost or forgotten credentials. It also reduces
redundant security-related application development and maintenance costs.
•
Ease Regulatory Compliance: Central policy management, enforcement, reporting and auditing support
your ability to comply with IT impacting regulations.
CA Single Sign-On provides a centralized security management foundation that enables the secure use of
the Web to deliver applications and cloud services to customers, partners, and employees. CA Single Sign-On is a
WAM solution, and as such it enables Web single sign-on (SSO), centralized user authentication and authentication
management, policy-based authorization, enterprise-level manageability, auditing, and reporting.
CA Single Sign-On provides the central point of integration and management through which specific
authentication technologies and credentials can be used for login to some or all Web applications and user
communities that CA Single Sign-On is being used to protect; thereby eliminating the need to code or
integrate these technologies with the underlying applications. This capability allows organizations to
increase security without impacting their existing applications or the user experience.
Finally, CA Single Sign-On has been recognized as the market leader for WAM, having the most advanced
security management features and capabilities, and proven experience scaling to support millions of users
and thousands of protected web sites/resources. CA Single Sign-On was first WAM product to be placed in
the Gartner Magic Leadership Quadrant, where it has remained since 2001. CA Single Sign-On is the most
widely-deployed WAM solution in the industry (over 1,500 deployed customers) and is used to protect some
of the largest Web sites and portals in the world, including over 83 Million users at one customer, over
3,000 protected web sites at another customer, and approximately 40 million authentications and
authorizations a day at a third customer.
CA Data Protection
CA Data Protection allows organizations to take better control of information. CA Data Protection is an
information protection and control solution that helps minimize the accidental, negligent and malicious
misuse of data while helping to comply with various data protection standards and regulations. Through
the delivery of broad information and communication coverage, precise policy enforcement and
Content-Aware Identity and Access Management (IAM), organizations are able to take a comprehensive approach
to reducing risk to their most critical assets while enabling critical business processes.
CA Data Protection allows the organization to define configurable business and regulatory policies,
accurately detect sensitive but complex data, and monitor known and unknown business processes in order
to enforce appropriate employee behavior. It provides this with a customizable level of control at various
essential locations: Endpoints, Network, Message Servers and Stored Data. It then securely delegates
violations for review while measuring key performance metrics over time to drive ongoing program
improvement. This is delivered through a central management platform that provides an executive
dashboard, detailed and customizable reporting and seamless workflow capabilities.
• Discover where your sensitive information resides, classify it according to its level of sensitivity, and
enforce policies on its use.
• Protects data wherever it resides—at the endpoint, on the message server, on the network or stored within
a file system.
• Identity aware DLP allows policies to be enforced based on the identity of the user; policies can also be
changed dynamically based on the user’s role.
• Provide robust actions to block, warn, quarantine, redirect, encrypt, move, delete, replace, monitor and
apply digital rights to data being accessed.
Policy Requirement
CA Single
Sign-On
CA Data
Pr
otec
tion
CA Privileged
Identit
y Manager
Section 1 General Policy 4
Section 2 Software Security 4
Section 4 Procedural Security 4
Section 3:
About the Author
Chris Boswell has over 13 years of experience developing and implementing security, risk and compliance
solutions. During his tenure at CA Technologies, Chris has held a variety of technical and management
positions across our security services, product management and sales organizations. His work in the
governance, risk and compliance domain has led to several patent filings for CA Technologies. Chris currently
coordinates sales activities for our information protection and control solutions, CA Data Protection and
CA Data Protection, and works closely with product and development teams on behalf of customers to
address emerging security, risk and compliance challenges.
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables
them to seize the opportunities of the application economy. Software is at the heart of every business,
in every industry. From planning to development to management and security, CA is working with
companies worldwide to change the way we live, transact and communicate – across mobile, private
and public cloud, distributed and mainframe environments. Learn more at
ca.com.
Copyright © 2014 CA. All rights reserved Microsoft Windows and Microsoft Active Directory are eitherregistered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. UNIX is a registered trademark of The Open Group. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, “Laws”), referenced herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations. CS200_94652_1114
