Introduction and Purpose

From the Federal Risk and Authorization Management Program (FedRAMP) website regarding the Secure Configuration Guide (SCG) Mandatory Balance Improvement Release (BIR):

Executive Order 14144, Strengthening and Promoting Innovation in the Nation’s Cybersecurity, Section 3(d), as amended by Executive Order 14306, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, Section 3(b), states that “the Administrator of General Services, acting through the Director of the Federal Risk and Authorization Management Program (FedRAMP), in coordination with the Secretary of Commerce, acting through the Director of NIST, and the Secretary of Homeland Security, acting through the Director of CISA, shall develop FedRAMP policies and practices to incentivize or require cloud service providers in the FedRAMP Marketplace to produce baselines with specifications and recommendations for agency configuration of cloud based systems in order to secure Federal data based on agency requirements.”

As a result of these Executive Orders, the FedRAMP Project Management Office (PMO) has issued additional requirements for all Cloud Service Providers (CSPs) in the form of the Mandatory Secure Configuration Guide (SCG) Balance Improvement Release (BIR).

To comply with the requirements listed in the SCG BIR, Ivanti has created this document. This guide explains, in simple and clear steps, how to manage administrator accounts in Ivanti Neurons for ITSM in environments that follow Federal Risk and Authorization Management Program (FedRAMP) security requirements.

This document is intended to help customers using the Ivanti Neurons for ITSM environment to:

•Set up and configure administrator accounts.

•Access administrator accounts and understand the types of administrator accounts available.

•Use and manage administrator accounts.

•Decommission (delete) administrator accounts securely when they are no longer needed.