Exostar releases DFARS management solution
Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and health care solve their identity and access challenges, announced its risk management solution can help defense contractors with the capabilities they need to manage Defense Federal Acquisition Regulations Supplement (DFARS) 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls.”
The Department of Defense issued its second interim rule in December 2015, giving defense contractors until December 2017 to fully comply with DFARS 252.204-7008. The heart of this DFARS provision is non-deviation from the security controls identified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”
The compliance challenge defense contractors face is magnified because the scope of reporting and enforcement extends beyond their enterprise boundaries to include flow down to their supply chains of subcontractors and suppliers. For all new contract awards, contractors and their partners have 30 days to submit a gap analysis and action plan to the DOD Chief Information Officer.
Exostar has augmented its risk management solution to include a questionnaire that accounts for all of the 14 security control families and over 100 individual security controls found in NIST SP 800-171, as required by DFARS 252.204-7008. DOD contractors can distribute the questionnaire simultaneously to all of their subcontractors and suppliers, using the solution’s dashboards to track and manage completion progress and receive compliance assessments and scores in near real-time.
Access to the risk management solution is controlled by Exostar’s identity management platform, whose certificates are trusted by the DOD, assuring organizations and individuals their sensitive information is protected from compromise. This architecture offers an added benefit to suppliers and subcontractors, who have the option to complete the compliance questionnaire one time and share it with multiple buying organizations as part of their DFARS reporting and compliance initiatives.
BAE Systems, The Boeing Company, Lockheed Martin, and Raytheon Company all have committed to use Exostar’s risk management solution to help them assess and mitigate risk while meeting DOD cybersecurity compliance mandates.
VASCO unveils BLE hardware authenticator
DIGIPASS SecureClick was designed to FIDO U2F specifications to fulfill the FIDO Alliance mission of creating a higher level of online user security through strong authentication standards that move beyond inherently weak static passwords. DIGIPASS SecureClick is FIDO Certified and communicates via Bluetooth Low Energy (BLE) or a USB port. About the size of a coin, DIGIPASS SecureClick offers two-factor authentication in a portable device.
DIGIPASS SecureClick offers consumers and enterprise users the most simple and secure access experience. After launching an application that supports FIDO U2F, the user simply enters their login credentials and clicks the button on DIGIPASS SecureClick to complete the authentication process. The process leverages an encrypted communication channel between DIGIPASS SecureClick and the BLE device to deliver simple, secure and fast user authentication.
SecuEra GSA approved
SecuEra Technologies has earned FIPS 201 certification and is now on the GSA Approved Products List (APL) in the electronic personalization product category.
SecuEra’s Unified Credential Management System (UCMS) enables enrollment and issuance of Personal Identity Verification-Interoperable (PIV), Personal Identity Verification-Interoperable (PIV-I), and Commercial Identity Verification (CIV) credentials. UCMS also supports Derived Credentials and Mobile ID.
UCMS application is a technologically advanced solution that can be deployed as an onsite or cloud solution and is unified for enrolment, personalization, issuance, and life cycle management of PIV, PIV-I, and CIV credentials both on smart card and mobile devices. UCMS supports several credential types from different manufacturers, including the Oberthur ID-One PIV on Cosmo V8 cards, which are based on the specifications of FIPS 201-2. UCMS also supports Elliptic Curve Cryptography (ECC) Certificates and the latest multi-modal biometrics, such as fingerprint, iris, facial recognition, with match-on-card fingerprint and iris support.