Electrosoft helps customer organizations to implement comprehensive Identity, Credential and Access Management (ICAM) programs to achieve compliance with Federal laws and directives including FISMA, HSPD-12 and OMB M-11-11. Our ICAM support services help to improve workforce productivity and promote access to digital government services; improve the cyber risk posture of the enterprise; enable trust and interoperability and reduce complexity and cost through consolidation of ICAM services. Electrosoft is a highly-respected thought-leader in the Homeland Security Presidential Directive-12 (HSPD-12) / ICAM arena with over 15 years of experience in identity and access management initiatives including co-authorship of key NIST Personal Identity Verification (PIV) publications; supporting VHA in security and privacy architecture development; initiating and operating the FIPS 201 Evaluation Program and implementing ICAM solutions at multiple agencies.
Electrosoft helps customers implement the necessary security controls to prevent and detect unauthorized access to Federal information systems, networks, and data. Effective management of digital identities, related identity credentials and allocation of access privileges for authenticated users comprise the foundational elements of an agency’s cybersecurity posture.
We assist our customers to improve authentication strength for individuals and devices on their network, increase the use of privacy-enhancing technologies, and extend the availability of robust online services. We also work with our customers to improve the physical security of federally-controlled facilities.
Personal Identity Verification (PIV), HSPD-12
Electrosoft has been helping Federal customers with HSPD-12 compliance and PIV card implementations since 2006. Our employees helped to develop significant sections of FIPS 201 and are named co-authors of nearly every PIV-related NIST guidelines including SPs 800-73-4, 800-79-2, 800-85A&B-4,800-116 Rev 1, 800-156, 800-157 and 800-166. We developed and operated the GSA FIPS 201 Evaluation Program laboratory over a six year period and were instrumental in adding hundreds of products on the FIPS 201 Approved Products List (APL). We supported a number of Federal agencies in their HSPD-12 and PIV issuance capabilities and performed independent assessments of the PIV issuance capabilities for several other agencies.
We assist agencies in understanding, implementing and complying with HSPD-12, FIPS 201 and related Special Publications and OMB memoranda. We work with agencies to develop plans, policies, procedures, architectures and implementation strategy for PIV Card issuance as well as PIV Card integration with logical and physical access control systems.
Enterprise Logical and Physical Access Control (LACS and PACS)
The intersection of digital identities (and associated attributes), credentials (including PKI, PIV, and other authentication tokens), and access control, into one comprehensive management approach is made official by the formalization of their interdependence in the Federal Identity, Credential and Access Management (FICAM) roadmap. Based on our experience with implementing logical and physical access systems, we can help our customers to understand the integration and configuration challenges faced when performing such deployments.
The integration of physical and logical access systems requires a deep knowledge of the components and data models and we are very knowledge of the inner workings of such systems. Our preferred vendor of choice is the Oracle Identity and Access Management Suite and we are also resellers of the Quantum Secure physical access solution. One of the benefits to our customers of a logical and physical access implementation is the increase in protection of personally identifiable information (PII) by consolidating and securing identity data, which is accomplished by locating identity data, improving access controls, proliferating use of encryption, and automating provisioning processes.
Public Key Infrastructure (PKI)
Our experience with PKI technology products, including certification authorities, directories, validation authorities and online certificate status protocol (OCSP) responders enables us to understand the technical implementation of complex PKI systems developed from various components. We conduct audits of PKI systems, including certification authorities and registration authorities, to confirm that the technical configuration and operational procedures comply with the stipulation of the certification practices statement and other requirements documents. We comply with the Federal Triennial Compliance Audit Requirements and perform initial audits, first year audits or triennial audits. We also perform zero-day audits of pre-operational systems and witness key generation ceremonies. We are experienced in developing Certificate Policy Traceability Analysis to ensure that certification practice statements correctly conform to the required certificate policy. We use the X.509 certificate policies for the DoD, the Federal Bridge Certificate Authority, the common Federal policy, and a number of policies from commercial entities.
Identity Federation, Attribute Exchange
Electrosoft’s customers benefit from our experience and expertise with helping large Aerospace and Defense organizations in deploying Identity Federation on programs involving thousands of participants, spread across hundreds of organizations, and operating in multiple countries. Electrosoft develops specifications to enable the technical interoperability between organizations and to allow participants to trust each other’s operations.
Our customers benefit from our Identity Federation solutions by:
- Reducing the Costs of Credential Management
- Increasing the Identity Assurance of End Users
- Sharing Information beyond Organizational Boundaries
- Increasing the Accessibility of User Attributes Required for Authorization Decisions
- Simplifying the Login Experience for End Users
Encryption and Digital Signature Solutions
Electrosoft works with customers to design, implement and operate cryptographic solutions that address specific business problems. We apply encryption technology to protect customer data from unauthorized access and digital signature technologies to provide sender and/or source authentication and data/message integrity. We use both symmetric and asymmetric cryptographic techniques to enable online business functions and services.