1 Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation
2 CyberSecurity One of the most serious economic & national security threats our nation faces. -- President Obama Issues at Hand: Cost-effectively prevent Cyber-terrorism, Cyber-crime, & defend our nation s critical infrastructure: Reduce risk of un-authorized disclosure of proprietary & privacy information Share timely information securely with remote workers, vendors, partners & customers Ensure the accountability of all Cyber-transactions Avoid unnecessary costs arising from system silos Prevent Terrorism & Promote National Security Prevent Cybercrime; Identity Theft; Promote Efficient use of Technology Defend Critical Infrastructure from Invasive Attack & Information Theft
3 CyberApproach Standards-based, Cyber Identity Enabling Infrastructure (CIEI )* for electronic authentication, validation & access control: identity Management Create & maintain an identity, including discrete attributes, centralized administration & self-service of user accounts E-Authentication Provide repositories for identity, network and/or resource profiles; provide security services that enable identification, validation & support for authorization Access Management Provide authorization, audit & session management functions to define individual access rights for business partners, suppliers, customers or employees Provisioning & Workflow Implement business policies to support greater automation for devices such as identity tokens, credit cards, cell phones & PCs * Driven in the Federal Government by OMB & Commercial Cloud Based Initiatives Prevent Terrorism & Promote National Security Prevent Cybercrime; Identity Theft; Promote Efficient use of Technology Defend Critical Infrastructure from Invasive Attack & Information Theft
4 Federated Identity Solution Federated identity provides a strong, biometrically enabled electronic identity credential, that can be readily electronically validated by any Federal logical/physical access point that allows the decision maker or databases to make a local specific privilege and/or authorized access decision confident in: the identity of the person attempting access; the identity of the device attempting access; the identity of vetted organization that they represent; that the organization & the individual have a legal relationship; and, that the individual has been vetted in person consistent with defined levels. Credential assures you are who you say you are, Relying Party confirms what holder is permitted to access!
5 System of Systems A common understanding/ governance is required to insure interoperability and collapse silos
6 Federated Trust Trusted Third Parties Relying Parties (Federal, State & Local Government, Businesses & Individuals) The Trust Triangle Subscribers (End-Entities)
7 Robust Validation Infrastructure Validation Service (Site 1) CRL Update Path (ldap/ ldaps http/https) Validation Service (Site N) Alternative Validation Paths (OCSP) 50 + Compliant CRLs 20 + Compliant PKI Directories Local Area Network https Application Servers Client/WS Client/WS Inside and/or Outside the LAN Client/WS Client/WS OCSP Repeater
9 Alternative Tokens CAC/ PIV/ PIV-I Embedded/ Removable HW Crypto FIPS-140/ Common Criteria SD/MicroSD USB Trusted Platform Module (TPM) SIM CAC = DoD Common Access Card PIV = U.S. Personal Identification Verification PIV-I = PIV-Interoperable (Non-Federal Issuer Equivalent)
10 Device as an Identity Token Removable HW Crypto SD/MicroSD USB SIM Embedded HW Crypto Token
11 Enhanced Logical Access Control 1. Initial Enterprise Logon 2. Validate Device Certificate Remote Client/WS Border Server Validation Data 5. Validate ID Certificate 3. Authenticated SSL VPN Established 4. Initiate Application Logon 6. Access Attributes Validation Data Remote Client/WS Border Server Application Server FDS SSL VPN https Remote Client/WS Border Server Application Server
12 Current Markets Fueled by Government Mandate for Increased Assurance Levels Government Security Standards will be Driven Across the Business Continuum Government Mandated Regulations Government Contracting Ecosystem Enterprise Marketplace End User Applications Mass Markets Millions of Users, Servers, Workstations and Handheld Devices Tens of Millions of Users, Servers, Workstations and Handheld Devices Global interoperability & Unlimited Computer Resources
13 Critical Infrastructure Protection Citizen Privacy Information Energy Grid First Responders Financial Systems Military Secrets Federal Government HealthCare/HIPAA Veterans Benefits Transportation Systems Retirees & Dependents Trading Partners & Allies Breaking down silos Sarbanes/ Oxley
14 Can Dramatically Reduce COGS Federated Digital Signature Solution Chain of Trust Privacy Reduces High Help Desk Costs Mitigates Risks Associated with username & passwords Enhances Fraud Protection Syndicated Investment/ Syndicated Risk Federally Certified & Accredited Products/ Services Interoperability
15 Summary Enhanced Security - New Customer Motivator Reduced Infrastructural Support Costs Minimal Investment - Immediate ROI Payback
16 Contact Information Dan Turissini - CTO, WidePoint Corporation, Questions?
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: firstname.lastname@example.org Introduction In May 2011, US Data Management (USDM) was
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN CYBERSPACE Enhancing Online Choice, Efficiency, Security, and Privacy APRIL 2011 THE WHITE HOUSE WASHINGTON Table of Contents Executive Summary 1 Introduction
Security Whitepaper: OCLC's Commitment to Secure Library Services Contents Executive Summary... 2 I. Information Security and Enterprise Risk Management... 4 A. OCLC's Corporate Policies... 5 B. Data Classification
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
FOREWORD A key component in protecting a nation s critical infrastructure and key resources (CIKR) is the security of control systems. WHAT ARE CONTROL SYSTEMS? Supervisory Control and Data Acquisition
Oracle Access Management Complete, Integrated, Scalable Access Management Solution O R A C L E W H I T E P A P E R M A Y 2 0 1 5 Disclaimer The following is intended to outline our general product direction.
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
UNDER SECRETARY OF DEFENSE 5000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-5000 INTELLIGENCE December 8, 2009 Incorporating Change 5, Effective March 3, 2015 MEMORANDUM FOR SEE DISTRIBUTION SUBJECT: Directive-Type
White Paper Getting ahead in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : March 2013 Users are demanding access to applications and services from wherever they are, whenever
Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service A joint publication of the In coordination with the Federal Cloud Compliance Committee