Identity is the cornerstone on a security infrastructure - Tresys ensures that it is properly defined and integrated and managed throughout the enterprise, and that compliance needs are met.
Like many other areas of security, compliance relies in large part of effective management of identities across the enterprise.
Tresys provides the combination of business processes, policies and technologies that enable clients to provide secure access to resources, control access, and protect information. Tresys ensures that identity management solutions and access control environments comply with the required approval workflows, administrative tasking and reporting required to meet regulations.
Specific areas of compliance we support include the following:
- Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253]
- Department of Defense (DOD) 8500.2
- National Institute of Science and Technology (NIST) Special Publication (SP) 800-53
- Defense Information Services Administration (DISA) Information Assurance Support Environment (IASE) Security Technical Implementation Guides (STIG)
- DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process (DIACAP)
- Committee on National Systems Instruction (CNSSI) 1253A
- Unified Cross Domain Management Office (UCDMO)
Services may include the following:
- Identity & Access Management Assessment
- Training & Support
Related Solutions:
A PKI provides the tools to create and manage digital certificates... making that infrastructure effective and compliant demands experience and understanding of operational needs.
Tresys has the experience and tools to ensure the successful adoption of your PKI environment. Tresys helps customers to select, deploy and manage the hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke the appropriate digital certificates. This includes establishing certificate authorities (CA) or using trusted third parties (TTP), binding to registration authorities (RA), deploying keys, and integrating within the environment (e.g., applications).
Specific areas of focus include:
- Deploy self-signed certificates.
- Leverage PGP, GnuGP or OpenPGP.
- Implement Red hat Certificate System and/or integrating with third party solutions or existing applications.
- Integrate with user identities management efforts, including issue, renew, suspend, revoke and manage single and dual-key certificates.
- Rollout an centralized administration capability and guidelines.
- Integration with certificate-ready smart cards/tokens.
Services may include the following:
- PKI Assessment
- PKI Solution Engineering & Development (New and/or Integration)
- PKI Deployment & Migrations
- Training & Support
Strong, platform level security controls such as those in SELinux provide the means to positively control users, functions and data via type enforcement.
While centralized identity focuses on assigning an identity to entities in a central store (e.g., Red Hat IPA, LDAP, Sun Directory Service or Windows Active Directory), platform access management is focused on the mechanisms to manage groups, roles and privileges and the associated access that is controlled via these mechanisms.
Accordingly, we focus on the following areas:
- Assess current or planned centralized identity and access management system (e.g., LDAP, Sun Directory Service or Windows Active Directory), Public Key Infrastructure (PKI) for machine or user identity, and / or existing integration solutions.
- Review administrative access controls using native Linux mechanisms (e.g., sudo and SELinux) or third-party access management applications, user and group schema and layout of identity information, Single Sign-On and/or multi-factor authentication architectures, and / or host-based access management solutions.
- Review related security infrastructure, including network controls, identity management, administrative privilege controls, change management systems, and security event auditing.
- Review the appropriate mapping of user identity to privileges or roles via the authorization service.
- For roadmap efforts:
- Create and present a strategic platform access roadmap which may include:
- Identification of risks and security critical systems
- Analysis of current weaknesses in architecture, configuration, and procedures
- Defining the approach available for intranet single sign on (SSO), access management, and platform and application integration
- Integrate identity management and user provisioning systems
- Review and/or recommend appropriate commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) solutions, custom options and integrated solutions to meet tactical and strategic requirements, standards, or address vulnerabilities
- Develop a total cost of ownership and/or cost benefit analysis of recommended changes for practical, cost-effective strategy
- For implementation efforts:
- Choose and deploy a centralized access management system or integrating Linux systems with existing infrastructure.
- Choose, integrate with and/or deploy Public Key Infrastructure (PKI) for machine or user identity.
- Engineer administrative access controls using native Linux mechanisms (e.g., sudo and SELinux) or third-party access management applications.
- Architect solutions for high-availability, scalability, and disaster recovery.
- Design appropriate user and group schema and layout of identity information with an emphasis on planning for organizational change and growth.
- Design and deploy a secure and flexible Single Sign-On and/or multi-factor authentication architecture.
- Integrate platform and application authentication with centralized identity store.
- Review and analysis of host-based access management solutions for secure/authorized delegation of administrative privileges and authorization
- Create procedures to control identity creation and modification including integration with user provisioning systems.
- Specific platforms support includes:
- NIS or LDAP
- Microsoft Active Directory (via third-party tools)
- Red Hat IPA
Services may include the following:
- Platform Access Assessment
- Access Management Solution Engineering & Development
- Access Management Deployment, Implementation & Migrations
- Training & Support
Identities come in many flavors across operating platforms and applications... managing the intersection of those identities is critical to good security.
Centralized identity management is the cornerstone of secure distributed systems. Whether integrating with a non-Linux alternative, such as Microsoft Active Directory, or deploying a native solution, such as Red Hat Enterprise IPA, security and functionality depend on careful engineering.
Specific focus areas for this service include:
- Assess current or planned centralized identity and access management system, Public Key Infrastructure (PKI) for machine or user identity, and / or existing integration solutions (i.e., Windows AD to Linux platform).
- Review related security infrastructure, including network controls, identity management, administrative privilege controls, change management systems, and security event auditing.
- Examine the security procedures and policies for password and ID management and identity management tools, including associated software and services.
- For roadmap efforts:
- Create and present a identity access management roadmap which may include:
- Identification of risks and security critical systems
- Analysis of current weaknesses in architecture, configuration, and procedures
- Recommendations of short and long term changes to improve the identity management infrastructure,
- Create procedures to control identity creation and modification including integration with user provisioning systems.
- Review and/or recommend appropriate commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) solutions, custom options and integrated solutions to meet tactical and strategic requirements, standards, or address vulnerabilities
- Develop a total cost of ownership and/or cost benefit analysis of recommended changes for practical, cost-effective strategy
- For implementation efforts:
- Choose and deploy a centralized identity management system or integrating Linux systems with existing infrastructure.
- Choose, integrate with and/or deploy Public Key Infrastructure (PKI) for machine or user identity.
- Engineer administrative access controls using native Linux mechanisms (e.g., sudo and SELinux) or third-party access management applications.
- Architect solutions for high-availability, scalability, and disaster recovery.
- Design and deploy a secure and flexible Single Sign-On and/or multi-factor authentication architecture.
- Integrate platform and application authentication with centralized identity store.
- Create procedures to control identity creation and modification including integration with user provisioning systems.
- Specific platforms support includes:
- NIS and LDAP (focusing on migrations)
- Microsoft Active Directory (via third party tools)
- Red Hat IPA
Services may include the following:
- Identity Management Assessment
- Identity Management Solution Engineering & Development
- Identity Management Deployment, Implementation & Migrations
- Training & Support