Capability Domains met by Fortinet Federal

Establish System Access Requirements

FortiGate supports Network access control (NAC) helps administrators implement policies to control the devices and users that have access to their networks. A NAC policy can use user or detected device information, such as device type or OS, to put traffic into a specific VLAN or apply specific port settings. FortiGate also supports a customizable captive portal per-interface and per-policy, which can be configured with custom disclaimers for privacy and security notices. FortiNAC assists with bring-your-own-device (BYOD) policies and a means to safely accommodate headless IoT devices in the network. FortiNAC enables three key capabilities to secure IoT devices: nnNetwork visibility to see every device and user as they join the network; nnNetwork control to limit where devices can go on the network; nnAutomated response to speed the reaction time to events from days to seconds.

Control Internal System Access

FortiGate identity and application aware policies limit activity between authorized users and applications to only permitted activity. FortiGate can also capture packets and other forensic data when a violation occurs. FortiGate device-based policies control how mobile device connect and where they can go on the network.

Fortinet wireless technologies can deploy DTLS to encrypt the data channel and EAP-TLS to provide PKI authentication between Wi-Fi clients and authentication server. FortiGate wireless technologies can perform monitoring of rogue APs and actively prevent users from connecting to them. When suppression is activated against an AP, the FortiGate WiFi controller sends deauthentication messages to the rogue AP's clients, posing as the rogue AP, and also sends deauthentication messages to the rogue AP, posing as its clients.

FortiNAC assists with bring-your-own-device (BYOD) policies and limit where devices can go on the network.

FortiSIEM provides complete detail of user's access to resources from across all devices and applications.

FortiAuthenticator account policies can enable user account lockout for failed login attempts based on maximum number of allowed failed attempts. FortiAuthenticator account policies can terminate sessions after organization-defined periods of user inactivity, targeted responses to certain types of incidents, time-of-day restrictions on information system use.

Control Remote System Access

FortiGate as the remote access concentrator manages all sessions and can provide layer 7 inspection over all activity from remote access users to protected resources. The FortiGate operating system, FortiOS, undergoes FIPS validation for every minor release. Additionally, all FortiGate models are FIPS affirmed so customers have the ability to choose any model in the portfolio. The FIPS validated crypto is used in both management and data plane communications e.g. HTTPS, IPSec VPN, SSL VPN, etc.

FortiGate as the remote access concentrator includes the ability to execute remote user posture validation and take into account users' risk factors from external threat intelligence sources. FortiGate supports AAA to strictly define the commands that users are authorized to access. FortiGate dynamic DNS allows customers to advertise remote access control points easily to remote users.

Limit Data Access to Authorized Users & Processes

FortiGate identity and application aware policies limit activity between authorized users and external applications to only permitted activity. FortiGate data leak prevention can ensure that CUI does not get transmitted in unauthorized flows.