|
Identity management and logical access controls prevent unauthorized people or unauthorized processes from entering an information technology system. It is imperative that access to information systems and resources only be granted to identified and authenticated users.
The Radius Technology Group System security engineers are well versed in the requirements and obligations of NIST 800-63 and OMB Memorandum M-04-04, E-Authentication Guidance for Federal Agencies as these publications call for strict controls of identify and e-authentication towards granting access within government agencies. While strict access controls are a necessity for securing IT systems, it is also important to ensure stakeholders have access to resources.
Our approach towards meeting these obligations begins with a thorough assessment of the systems environment. Interviews with systems owners, reviews of agency security policies, business objectives, and sensitivity of systems establish the basis of our assessment.
Utilizing OMB M04-04, our team applies its competencies in conducting a thorough E-Authentication risk assessment for mitigating the risk associated with improper disclosure of information caused by credential misuse.
Our team’s Identity Management and Logical Access Control “tool kit” contains the full range of solutions to meet your business needs. We employ the standard internal and external controls consistent with NIST 800-12, The NIST Handbook to Computer Security. Our internal access control may be established by use of passwords, encryption, constrained user interfaces, or security labels. Examples of our external access controls include port protection devices, firewalls, and host-based authentication. Additionally, when system and security environments dictate, we prescribe and implement more sophisticated logical access controls, in accordance with Federal Information Processing Standard (FIPS) 201, Personal Identity Verification of Federal Employees and Contractors. These solutions include:
|
