Guidelines for Choosing an Advanced Authentication Solution for Accessing Criminal Justice Information System (CJIS) Services
|
|
- Emily Barton
- 5 years ago
- Views:
Transcription
1 Guidelines for Choosing an Advanced Authentication Solution for Accessing Criminal Justice Information System (CJIS) Services whitepaper Contents Introduction... 2 Advanced Authentication in CJIS Security Policy... 2 An In-depth View on Authentication Methods... 3 Hardware-based Solutions... 3 Software-based Authentication Solutions... 3 Out-of-Band Solutions... 3 Pattern Matching... 3 Choosing the Right Authentication Method... 4 Security Aspects of Advanced Authentication... 4 The User Experience Aspect... 5 Choosing an Authentication Method... 5 Self Service Portals... 5 Users Credential Automation... 5 The Path for Growth... 5 Using SafeNet Authentication Service as a CJIS Advanced Authentication Infrastructure... 7 Meeting Security Requirements for Advanced Authentication... 7 Easy to Use and Manage Advanced Authentication Solution... 7 Versatile Authentication Solution... 8 Appendix A REFERENCES... 8 Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 1
2 Introduction Information and data sharing is crucial for achieving organizational goals in so many industries and verticals. When it comes to law enforcement, timely information sharing is critical for stopping and reducing crime, and can sometimes even be a life-or-death issue. Criminal Justice Information (CJI) is shared at all levels starting at the federal level through state and even municipal local agencies. With the crucial need to share CJI comes the need to protect this sensitive information, the leakage of which can affect the effectiveness of ongoing crime fighting operations. As CJI items contain personal information of offenders, suspects, and witnesses, leakage of such information can violate individual privacy rights. The Criminal Justice Information Services (CJIS) Security Policy defines the requirements of timely availability of shared information on one hand and data confidentiality on the other. This security policy contains a set of controls, requirements, and best practices, and it must be adhered to by any organization that exchanges criminal records. This applies to all local, state, and federal agencies that access and handle Criminal Justice Information through its lifecycle - from creation through dissemination, whether at rest or in transit. One of the most demanding requirements in the CJIS Security Policy is the requirement for advanced authentication mechanisms (see [CJIS-SP] section ). In this white paper, we try to assist Information Security Officers (ISOs), Terminal Agency Coordinators (TACs), and CJIS System Officers (CSOs) in building a user authentication system that will comply with CJIS Security Policy requirements, while maintaining efficient, easy-to use, and costeffective deployment. Advanced Authentication in CJIS Security Policy Policy Area 6 in [CJIS-SP] discusses Identification and Authentication. The document differentiates between two risk levels when accessing Criminal Justice Information. In cases where risk is relatively low, the policy allows the use of user-name/password (also referred to as standard authentication) as the authentication method. Passwords used for standard authentication need to comply with the requirements discussed in [CJIS-SP] section , Standard Authentication. For cases where the risk of unauthorized access is high, [CJIS-SP] requires the use of Advanced Authentication, a set of multi-factor authentication methods. [CJIS-SP] defines a variety of authentication methods, including public key infrastructure (PKI), both in hardware-based authenticators (e.g., smart cards) or software certificates, hardware and software One-Time-Password (OTP) tokens, risk-based authentication, and other methods. The long list of advanced authentication methods listed in the security policy looks, at first read, like a great opportunity to choose the correct authentication method for each agency based on its specific use cases, the associated risk level, and agency budget. But with this freedom comes liability. With no clear guidelines, many agencies discover that they fail to pass the triennial compliance and security audits by the FBI CJIS Division and are being excluded from the CJIS information network. Compliance area 11 in the security policy discusses compliance and security audits and gives the following example: A local police department implemented a replacement CAD system that integrated to their state s CSA and was authorized to process CJI. Shortly after the implementation, their state s CSA conducted an audit of their policies, procedures, and systems that process CJI. The police department supplied all architectural and policy documentation, including detailed network diagrams, to the auditors in order to assist them in the evaluation. The auditors discovered a deficiency in the police department s systems and marked them out in this aspect of the FBI CJIS Security Policy. The police department quickly addressed the deficiency and took corrective action, notifying the auditors of their actions. Agencies, such as the local police department mentioned in the above quote, learn quickly that in order to get back to full CJI accessibility they need to re-invest in their systems. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 2
3 An In-depth View on Authentication Methods Hardware-based Solutions Hardware-based authentication solutions include smart cards that, in most cases, can be bundled with identification badges or badges that allow physical access to the workplace. Another popular form factor is a key-fob USB or OTP token. Hardware-based authentication solutions are considered to be the most secure, to the extent that vendors that specialize in these solutions provide them with validation (such as FIPS provided by the National Institute of Standards and Technology) that they are adequately secure. However, hardware-based solutions force the end user (the law officer or agency employee) to carry an extra smart card, badge, or key-fob token. From the management side, agencies should develop policies that will ensure Advanced Authentication to agency employees that lose or forget their hardware token. Agencies that are spread across a state or a large geographic area need to take into their budget s calculation the cost of distributing tokens to remote employees. Software-based Authentication Solutions Software-based authentication solutions provide the same functionality of hardware-based solutions but runs as a software application, usually on a mobile device. Software-based authenticators are available on all popular mobile devices, including ios, Android, Mobile Windows, and Blackberry. The popular perception is that software-based authentication is less secure than hardwarebased authenticators but, in reality, the robustness level of the solution depends on the risks this solution tries to mitigate and the threats it faces. Software-based authentication is considered to be a more convenient authentication method as it does not require the user to carry another piece of hardware. Moreover, recovery in the event of lost tokens, as well as distribution of tokens, is more cost-effective and provides a better user experience. Out-of-Band Solutions Out-of-band solutions (OOB) include text messaging (SMS) or a phone call to a pre-registered number associated with the employee that tries to authenticate. The main security premise is that it will be hard for intruders to create an attack on two different channels (a CJIS portal and the phone number of the legitimate user). As remote access to the CJIS service, requiring Advanced Authentication, can be performed at places with low or no cellular reception, it is recommended to not choose an Advanced Authentication method, even though it is relatively cost-effective and easy to use. Pattern Matching Pattern matching is a relatively popular method based on an nxn grid filled with random numbers, where the user is authenticated by writing the current numbers that appear in a preregistered pattern. This method presents a relatively low assurance level and should rarely be considered as an Advanced Authentication method, as in cases where the required assurance level is much higher. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 3
4 Choosing the Right Authentication Method While the CJIS Security Policy does not provide clear guidance as to which Advanced Authentication method an agency wishing to access CJIS services should use, this document tries to build a framework that will enable agencies to choose an Advanced Authentication method suitable for their needs. When selecting a multi-factor authentication solution, agencies should consider four different decision factors and find a balance between these four factors to achieve the solution that best meets their requirements: Security and risk mitigation User authentication systems are fundamental information security systems, and the CJIS authentication solution (including the requirements for Advanced Authentication) are not different. For an information security system, the first decision factor is risk mitigation capabilities against the threats that the organization is facing. These threats and proposed mitigation methods will be discussed next. Ease of use Most of the law officers and agency employees accessing CJI are not information security experts; and most of them are not even technology savvy. Ease of use and ease of management of the system are key factors to authentication system acceptance and adoption. Budget As with any IT infrastructure solution, budget is always a key consideration. Designed for growth Recent changes in the information security market, new computing platforms, and cloud-based delivery models all affect the information security landscape. These changes come in addition to the increase of overall information security threats and APTs. All have changed the user authentication market dramatically. We expect to see the same rapid rate of change in technologies and delivery models in the upcoming years. An Advanced Authentication solution that is designed for growth and the challenges of ever-changing markets is a key factor in ensuring that organizations will not have to migrate their user authentication solution every few years. Security Aspects of Advanced Authentication While [CJIS-SP] does not provide specific guidelines as to which Advanced Authentication method to choose, the security policy refers to another document that gives additional guidelines on the risk level and mitigation methods when accessing CJI. In December 2003, the Office of Management and Budget published guidelines for authenticating to federal agencies. [OMB M-04-04] defines the appropriate assurance levels needed by authentication processes in different use cases. The document associates the use case of accessing CJIS with Assurance Level 4 (see [OMB-4-4], page 11, Examples for Assurance Level 4 ). In Level 4 use cases, the data that needs to be accessed or the transactions that need to be executed are very sensitive. Assurance Level 4 ensures very high confidence in the asserted identity s validity. Assurance Level 4 may require true multi-factor authentication such as one-time passwords or PKI/certificate-based authentication. Other less secure means, such as text Messages/ SMS or pattern matching, may be suitable for a limited number of use cases. While software-based authentication methods are considered to be more user-friendly and cost-effective, agencies should verify with their CJIS auditors that software-based authentication methods are sufficient, and that the auditors do not expect to use hardwarebased methods for some (or all) of the CJIS services that the agency tries to access. Based on this pre-ruling, agencies should select the authentication method that complies with the Advanced Authentication requirement in [CJIS-SP] See [OMB-4-4] Section 2.1, Description of Assurance Level, page 5. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 4
5 The User Experience Aspect The adaption of any user-authentication system relies heavily on its ease of use. As opposed to many other IT solutions, user-authentication systems are being used mostly by the organization s employees and not just by IT professionals. This is why it is crucial that the Advanced Authentication solution used to access the CJIS network by agencies will be easy to operate and simple to use even by non-technical-savvy law officers. Choosing an Authentication Method With the variety of authentication methods, mentioned above, it is important to learn carefully the pros and cons of each method. While we understand the ease of use and management and the cost-effectiveness that are associated with software based authentication, we believe that law-enforcement agencies should choose hardware based authenticators. This pro-hardware opinion is also backed up by guidelines documents published by Federal agencies and being referenced in [CJIS-SP] and also earlier in this document. Self Service Portals Whether end-users are using hardware or software based authenticators, it is likely that they will have to report a lost authenticator, ask for temporary replacement (in case they forgot the authentication device at home), enroll to the system and reset their authenticators. Some vendors offer self-service Web portals in which end-users perform some or all of activities listed above. Choosing an authentication solution with such capabilities, can ensure that agency employees that forgot or lost their authenticator or locked their account can get replacement authenticator or unlock their account instantly without involving the helpdesk and spending more resources. Users Credential Automation Many of the local and state agencies that require access to CJIS are too small to have their own full-time IT employee that will handle Advanced Authentication issues. An automated credential life-cycle management capability eliminates the administrative overhead the userauthentication system that is needed to support Advanced Authentication need. An automated user credentials lifecycle management process can provision the correct credential based on the user s role in the organization, renew credentials when they expire, and, using the self-service portal (see previous sub-section), handle locked accounts, lost and damaged tokens and even issue replacement authentication. All of these activities are done without IT management involvement and with no overhead. The Path for Growth The user authentication market has undergone major changes in the last few years. An increase in mobile computing has enabled end users to access organizational networks from new types of endpoint platforms. In addition, new delivery models of software (including cloud-based models) and, most importantly, the increasing threats landscape have dramatically changed the user authentication market. As the market continues to evolve, and, as CJIS Security Policy does not provide firm guidelines for Advanced Authentication solutions, agencies may discover that during the triennial audits, the auditors are asking them to change their authentication solution or make their current authentication system more robust. It is vital that agencies choose a versatile authentication solution that will allow them to evolve their authentication methods as the market evolves. A versatile authentication solution consists of a single product or service that supports a variety of authentication methods in multi-platform environments. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 5
6 It is recommended that agencies implement a versatile authentication solution, even if initially adopting only one type of authentication method. This approach will provide the agency with the flexibility to change its authentication methods as the market evolves or as auditors force it to change authentication methods. Using SafeNet Authentication Service as a CJIS Advanced Authentication Infrastructure SafeNet Authentication Service delivers a fully automated, versatile, strong authenticationas-a-service, multi-factor authentication solution. Supporting a large variety of authentication methods, SafeNet Authentication Service is ideal to serve as the authentication platform for law enforcement agencies trying to access CJIS services. Meeting Security Requirements for Advanced Authentication SafeNet Authentication Service supports a wide range of authenticators, including hardwarebased One-Time Password (OTP) tokens, software-based tokens, text/sms messages, and pattern matching (using GrIDSure Technology). All of these authentication methods are supported as valid Advanced Authentication methods as defined by [CJIS-SP]. Note: For agencies seeking a PKI-based authentication solution, SafeNet offers a variety of PKI-based (certificate-based) authenticators including smart card and USB tokens (both hardware-based authenticators) or software-based certificates. These authenticators are managed today by SafeNet Authentication Manager and are expected to be supported by SafeNet Authentication Service in Multi-Tenant and Multi-Tier Structures SafeNet Authentication Service is structured in a secure, multi-tenant environment, where the information of each account is separated from the other. The service uses a hierarchy of parent-child relationships for all accounts, whereby there is a central root account from which all sub-accounts are derived, up to an infinite level. That being said, privacy is protected in the chain, as an account can only be viewed and managed by its parent unless the account has explicitly delegated control to its grandparent, or has explicitly invited an external operator to manage its operation. Figure 1 illustrates this multi-tier environment. Administrators have access only to the users that belong to their account. The sensitive information related to each account is stored with an AES-256 encryption key. Any attempt to access information in the service database requires an encryption key. These encryption keys are needed not only for reading the data but also for copying, moving, deleting, or restoring items (rows) in the database. Note that SafeNet also offers on-premise versatile authentication solutions for agencies that are required to have the user authentication solution on-premise. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 6
7 Figure 1: SAS in Multi-Tier Environment Service Provider Managed Subscriber Subscriber A Virtual Service Provider Subscriber B Delegated Enterprise Subscriber Region 1 Region 2 Region 3 OTP Seed Protection One-Time Password (OTP) solutions use a secret that is shared between the user s authenticator and the authentication server, which serves as a root of trust from which a publicly known mechanism creates the random One-Time Password. These shared secrets are called OTP Seeds. SafeNet Authentication Service encrypts the OTP Seed database using a FIPS Level 3-designed hardware security module (HSM). HSMs are secure cryptographic processing appliances used for managing and protecting encryption keys and accelerating cryptographic processes for high-performance environments. The FIPS Level 3-designed HSM is tamper-resistant and is protected from physical or logical attempts to break into the device and gain access to the keys. The use of HSMs ensures that OTP Seed records and authentication secrets never exist in a decrypted form in the host memory, and cannot be copied or stolen, providing a unique level of security, and ensuring robust and secure service delivery. Easy to Use and Manage Advanced Authentication Solution SafeNet Authentication Service provides fully automated user authentication lifecycle management. As such, it is ideal for local law enforcement agencies that usually have very limited IT resources. SafeNet Authentication Service is synchronized with the organization user store (e.g., ActiveDirectory or LDAP-based user directory) and distributed software-based authenticators. Authenticators can be renewed and revoked based on adding/removing users to/from the user store in a transparent way and without human intervention, based on pre-defined rules. Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 7
8 SafeNet Authentication Service offers a comprehensive self-service user portal that allows users to unlock a locked authenticator, and to request replacement, or temporary tokens. The self-service portal also allows quick turnaround and automated reply for user support requests that would otherwise be dealt with by the helpdesk, enabling agencies to cut their ongoing authentication management costs. Versatile Authentication Solution SafeNet Authentication Service is a versatile authentication solution, supporting a wide variety of authentication methods allowing agencies to choose the method that best fits their requirements. Additional authentication methods, such as context-based authentication and PKI-based authentication are planned to be supported in future service updates. SafeNet also offers a number of versatile authentication solutions, such as SafeNet Authentication Manager, an on-premise authentication solution that supports both OTP, context-based authentication, and PKI-based authentication in both hardware and software form factors. As the threat landscape evolves, agencies may be forced to change their authentication method. With SafeNet authentication solutions, agencies will only need to re-distribute authenticators that match up to the new threats, without changing their infrastructure. This makes SafeNet solutions future-proof. Appendix A REFERENCES [CJIS-SP] Criminal Justice Information Services (CJIS) Security Policy, Version 5.1, Prepared by CJIS Information Security Officer 7/13/2012 [OMB M-04-04] E-Authentication Guidance for Federal Agencies, Written by Joshua B. Bolten. Director at the Executive Office of the President, 12/16/2003 Join the Conversation Sentinel Online safenet-inc.com/sentinel Twitter twitter.com/licensinglive LinkedIn linkedin.com/groups?hom e=&gid= &trk=an et_ug_hm Sentinel Video Cloud sentinelvideos.safenetinc.com/ LicensingLive licensinglive.com BrightTalk brighttalk.com Contact Us: For all office locations and contact information, please visit Follow Us: SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN) Guidelines for Choosing an Advanced Authentication Solution for Accessing CJIS Services Whitepaper 8
Who s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationMobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents
MobilePASS SOFTWARE AUTHENTICATION SOLUTIONS Security Features Contents Introduction... 2 Technical Features... 2 Security Features... 3 PIN Protection... 3 Seed Protection... 3 Security Mechanisms per
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationOn Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor
On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor Ugo Piazzalunga SafeNet Italy Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationBest Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter
White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110 Table of Contents
More informationBusting the top 5 myths of cloud-based authentication
Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date Overview Cloud benefits Agility
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationDeliver Data Protection Services that Boost Revenues and Margins
FAMILY BROCHURE Gemalto s SafeNet Identity and Data Protection Solutions for Service Providers Deliver Data Protection Services that Boost Revenues and Margins Today, your customers and prospects are facing
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationQuick Heal Mobile Device Management. Available on
Available on Infinite Devices. One Unified Solution. Quick Heal A simple yet powerful solution, Quick Heal is a unified platform for managing and monitoring multiple mobile devices within your enterprise
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationSECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION
SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION Introduction Why static passwords are insufficient Introducing two-factor Authentication Form Factors for OTP delivery Contact information OTP generating
More informationThe Device Has Left the Building
The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationWelcome to the SafeNet Executive Day! Новые ГоризонтыИнформа ционной Безопасности
Welcome to the SafeNet Executive Day! Новые ГоризонтыИнформа ционной Безопасности Authentication As A Service Why new Cloud based Authentication solutions will be adopted by about 50% of the companies
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management WHITE PAPER Executive Overview Establishing effective key and policy management is a critical component to an overall data protection strategy and lowering
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationAdaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
Adaptive Authentication Adapter for Juniper SSL VPNs Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationNext Generation Authentication
Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationENCRYPTION IN USE FACT AND FICTION. White Paper
White Paper Table of Contents The Case for Encryption... Encryption in Use Not Some Kind of Magic... Evaluating Encryption in Use Claims... 3 4 4 The Vaultive Approach... 5 2 Risk-conscious enterprises
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationIdentity and Authentication PKI Portfolio
Identity and Authentication PKI Portfolio Gemalto offers comprehensive public key infrastructure (PKI) authentication solutions that provide optimal levels of security. Supporting a wide portfolio of IDPrime
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made
More informationComodo Certificate Manager
Comodo Certificate Manager Simple, Automated & Robust SSL Management from the #1 Provider of Digital Certificates 1 Datasheet Table of Contents Introduction 3 CCM Overview 4 Certificate Discovery Certificate
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationOverview. Business value
PRODUCT SHEET CA Top Secret for z/vse CA Top Secret for z/vse CA Top Secret for z/vse provides innovative and comprehensive security for business transaction environments which enable your business to
More informationPlanning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools
Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools 20398BA - 5 Days - Instructor-led, Hands-on Introduction This five-day course teaches IT professionals
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationComodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance
Centrally Managing Enterprise Security, Trust & Compliance SSL Certificate Management - PKI With an ever-increasing abundance of web-enabled, collaborative and mobile applications, as well as netaccessible
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationManaging SSL Security in Multi-Server Environments
Managing SSL Security in Multi-Server Environments Easy-to-Use VeriSign Web-Based Services Speed SSL Certificate Management and Cut Total Cost of Security CONTENTS + A Smart Strategy for Managing SSL Security
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSymantec VIP Quick Start Guide. Helping your users. Version 1.0. Author Maren Peasley Symantec. All rights reserved.
Version 1.0 Author Maren Peasley 2017 Symantec. All rights reserved. Table of Contents Introduction... 2 Design and topology considerations... 3 VIP Self-Service Portal: Internal only... 4 VIP Self-Service
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationPlanning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools
Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools OD20398B; On-Demand, Video-based Course Description This course teaches IT professionals how to
More informationWelcome Guide for KT Series Token
Welcome Guide for KT Series Token Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information
More informationIdentity Management as a Service
Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationTFS WorkstationControl White Paper
White Paper Intelligent Public Key Credential Distribution and Workstation Access Control TFS Technology www.tfstech.com Table of Contents Overview 3 Introduction 3 Important Concepts 4 Logon Modes 4 Password
More informationKT-4 Keychain Token Welcome Guide
SafeNet Authentication Service KT-4 Keychain Token Welcome Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for SonicWALL Secure Remote Access All information herein is either public information or is
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationUnleash the Power of Secure, Real-Time Collaboration
White Paper Unleash the Power of Secure, Real-Time Collaboration This paper includes security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support Center and Cisco
More informationTECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION
TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION SMS PASSCODE is the leading technology in a new generation of two-factor authentication systems protecting against the modern Internet threats.
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More informationSafeNet Securing Microsoft Solutions
SafeNet Securing Microsoft Solutions SafeNet and Microsoft work closely to enhance the security of Microsoft solutions. The Microsoft on Windows provides customizable services for creating and managing
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationPlanning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools
Enterprise Management Suite (EMS) & On-Premises Tools Page 1 of 7 Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools Course 20398A: 4 days; Instructor-Led
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationMOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK
E -BOOK MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK MOBILITY 1 04 INTRODUCTION 06 THREE TECHNOLOGIES THAT SECURELY UNLEASH MOBILE AND BYOD TABLE OF CONTENTS
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for RadiantOne Cloud Federation Service (CFS) All information herein is either public information
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationHow Secured2 Uses Beyond Encryption Security to Protect Your Data
Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationMcAfee File and Removable Media Protection Product Guide
McAfee File and Removable Media Protection 5.0.8 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More information