Electrosoft helps organizations implement comprehensive Identity, Credential and Access Management (ICAM) programs to achieve compliance with Federal laws and directives, especially FISMA, HSPD-12 and OMB M-11-11. Our ICAM support services help increase workforce productivity and promote access to digital government services; improve the cyber risk posture of the enterprise; enable trust and interoperability; and reduce complexity and cost through consolidation of ICAM services.
Electrosoft is a highly-respected thought leader in the Homeland Security Presidential Directive-12 (HSPD-12)/ICAM arena. We possess over 15 years’ experience in in this specialized area, including co-authorship of key NIST Personal Identity Verification (PIV) publications; work on behalf of the Veterans Health Administration (VHA) addressing security and privacy architecture development; Federal Information Processing Standards (FIPS) 201 Evaluation Program initiation and operation; and ICAM solution implementation at multiple Federal agencies.
Electrosoft helps customers implement the necessary security controls to prevent and detect unauthorized access to Federal information systems, networks and data. We do so fully aware that effective management of digital identities, related identity credentials and allocation of access privileges for authenticated users comprise the foundational elements of an agency’s cybersecurity posture. Thus, we focus on improving authentication strength for individuals and devices on networks, increasing the use of privacy-enhancing technologies and extending the availability of robust online services. We also work to improve the physical security of federally-controlled facilities.
Personal Identity Verification (PIV), HSPD-12
Since 2006, Electrosoft has helped numerous Federal customers with HSPD-12 compliance and personal identity verification (PIV) card implementations. Furthermore, Electrosoft has helped develop significant sections of FIPS 201 and our employees are named co-authors on nearly every PIV-related NIST guideline including SPs 800-73-4, 800-79-2, 800-85A&B-4,800-116 Rev 1, 800-156, 800-157 and 800-166. We developed and operated the GSA FIPS 201 Evaluation Program Laboratory for six years and were instrumental in adding hundreds of products to the FIPS 201 Approved Products List (APL). We supported many Federal agencies relative to HSPD-12 and PIV issuance capabilities and performed independent assessments of PIV issuance capabilities for several others.
We play an important role in helping agencies understand, implement and comply with HSPD-12, FIPS 201 and related Special Publications and OMB memoranda. We work with agencies to develop plans, policies, procedures, architectures and implementation strategies for PIV card issuance as well as PIV card integration with logical and physical access control systems.
Enterprise Logical and Physical Access Control (LACS and PACS)
The intersection of digital identities (and associated attributes), credentials (including PKI, PIV, and other authentication tokens) and access control in one comprehensive management approach is made official by the formalization of their interdependence in the Federal Identity, Credential and Access Management (FICAM) roadmap. Based on our experience with implementing logical and physical access systems, we can help our customers understand the integration and configuration challenges faced when performing such deployments.
The integration of physical and logical access control systems (LACS and PACS) requires in-depth knowledge of the components and data models. Electrosoft knows the inner workings of such systems well. Our preferred vendor is the Oracle Identity and Access Management Suite; we also are resellers of the Quantum Secure physical access solution.
A logical and physical access control implementation reaps many benefits. One of the most important is increased protection over personally identifiable information (PII). Electrosoft consolidates and secures identity data by locating it, improving access controls, proliferating the use of encryption and automating provisioning processes.
Public Key Infrastructure (PKI)
Our experience with Public Key Infrastructure (PKI) technology products, including certification authorities, directories, validation authorities and Online Certificate Status Protocol (OCSP) responders, enables us to understand the technical implementation of complex PKI systems developed from various components. We conduct audits of PKI systems, including certification authorities and registration authorities, to confirm that the technical configuration and operational procedures comply with the stipulation of the certification practices statement and other requirements documents. We comply with the Federal Triennial Compliance Audit Requirements and perform initial audits, first year audits or triennial audits. We also perform zero-day audits of pre-operational systems and witness key generation ceremonies. We develop Certificate Policy Traceability Analysis to ensure that certification practice statements correctly conform to the required certificate policy. We use the X.509 certificate policies for the DoD, the Federal Bridge Certificate Authority, the common Federal policy, and several policies from commercial entities.
Identity Federation, Attribute Exchange
Electrosoft’s customers benefit from the experience and expertise we’ve gained by helping large aerospace and defense organizations deploy Identity Federation on programs involving thousands of participants, spread across hundreds of organizations and operating in multiple countries. Electrosoft develops specifications to enable the technical interoperability between organizations and to allow participants to trust each other’s operations.
Our customers benefit from our Identity Federation solutions by:
- Reducing the costs of credential management
- Increasing the identity assurance of end users
- Sharing information beyond organizational boundaries
- Increasing the accessibility of user attributes required for authorization decisions
- Simplifying the log-in experience for end users
Encryption and Digital Signature Solutions
Electrosoft works with customers to design, implement and operate cryptographic solutions that address specific business problems. We apply encryption technology to protect customer data from unauthorized access and digital signature technologies to provide sender and/or source authentication and data/message integrity. We use both symmetric and asymmetric cryptographic techniques to enable online business functions and services.