By Dick Stark
You arrive at work to begin the day and logon to Windows using your CAC card. But before you can get into Remedy you enter a password and hope that password didn’t change the day before. Later, you attempt to log into the BMC Dashboard and Analytics program but have forgotten that password. Finally, access to an HP server is thwarted when your third password attempt fails.
Sound familiar? Although the federal government has made great progress in standardizing on security, access controls, security credentials, and password management, significant policy differences still exist among agencies. For example, the DOD requires CAC or Common Access Cards also known as Personal Identity Verification (PIV) to gain access to facilities and computer systems. Civilian agencies, however, have been slower to follow suit.
The good news is that this is all spelled out in the Federal Identity, Credential, and Access Management (FICAM) Roadmap. This GSA document and task force mission is to “foster effective ICAM policies and enable trust across organizational, operational, physical, and network boundaries.” That roadmap lays out the intersection of digital identities (and associated attributes), credentials (including PKI, PIV, and other authentication tokens), and access control into one comprehensive management approach.
Even better news is that RightStar is already helping federal agencies authenticate and access BMC ITSM software applications such as Remedy in a single sign-on approach. RightStar’s PKI Connector (RPC) is a simplified Logical Access Control System that provides Public Key Infrastructure (PKI) based authentication to various enterprise applications.
How does RPC work? Basically, PKI cryptography allows two parties to communicate with each other using keys (large numbers), a hashing algorithm, and a digital certificate to confirm the identity of the user, server, or organization. When installed, RightStar’s RPC intercepts the system’s password request and validates the certificate information from the PKI certificate associated with the user’s PIV card. Then it validates the credentials against that application’s certificate. After that, it authenticates the user to the application and authorizes the login.
More simply put, the RightStar RPC provides single-sign on, eliminating the need for multiple passwords and user IDs. This is a “lightweight” application meaning that it does not require a “fat” agent and extensive development. Today RPC works with BMC ITSM products but due to the pluggable nature of the application, new client plug-ins can be created with minimal effort. Additionally, RPC works on multiple platforms out of the box and does not require any client installation. The ROI is immediate. No longer do users have to fumble with separate IDs and passwords, and users are granted entry in a more secure manner.