Given the current INFOSEC and budget conditions in the US Government, US corporations and the DoD, need a reliable, secure and inexpensive two-factor authentication system. Current providers like EMC’s RSA SecurID have proven security issues and have nearly crippled IT enterprise budgets at the same time. The time has come to provide a more secure and inexpensive solution.
At Tachyon Dynamics, we have built, secured, tested and hardened a robust, inexpensive, and highly flexible two-factor authentication solution introduced by Yubico called TDIYubiServ. Users authenticate using something they know (username/password) and something they have (hardware token called Yubikey). The Yubikey is a USB token-based One Time Password (OTP) device. Tachyon Dynamics customized the platform available to all of our previous, current and future clients. The Tachyon Dynamics TDIYubiServ system has been hardened by utilizing DoD Secure Technical Implementation Guidance (STIG) and a secure virtualized implementation of RedHat Enterprise Linux 7.x, and numerous different authentication clients/servers embedded (TACACS+, RADIUS, Windows Active Directory, or local accounts).
The difference with TDIYubiServ from others?
- TDIYubiServ is fully hardened in compliance with the DISA Red Hat Enterprise Linux Secure Technical Implementation Guide (STIG)
- Yubikey is one of the few multi-factor authentication services with DoD CIO approval as a technical alternative where DoD PKI cannot be implemented, and TDIYubiServ streamlines MFA compliance for products pursuing certification on the DoD Information Network Approved Products List (DoDIN APL) Approved Products Lists (APL)
- TDIYubiServ contains numerous mechanisms to interface with your infrastructure devices and systems like: a FreeRADIUS server (the Linux RADIUS server), the Yubico-validation server, a tac_plus server (the Linux TACACS+ server), a Windows active directory/Kerberos client, a RADIUS client using pam_radius, and local Linux accounts managed through the local PAM database.
Defense Federal Acquisition Requirement (DFAR) and NIST 800-171 Compliance
TDIYubiServ, when properly implemented in accordance with the DoD’s Military Unique Deployment Guide, can help your network achieve compliance with the DFAR mandates, NIST 800-171, and NIST 800-53 controls for protecting Controlled Unclassified Information (CUI). See the list of controls that TDIYubiServ can help your organization comply with here:
- IA-1: Identification and Authentication Policy and Procedures
- IA-2: User Identification and Authentication
- IA-5: Authenticator Management
- IA-6: Authenticator Feedback
- IA-7: Cryptographic Module Authentication (when in FIPS 140-2 Mode)
- IA-8: Identification and Authentication (Non-Organizational Users)
- AC-2: Account Management
- AC-3: Access Enforcement
- AC-5: Separation of Duties
- AC-6: Least Privilege
- AC-7: Unsuccessful Login Attempts
- AC-14: Permitted Actions without Identification or Authentication
Please get in touch with us as we can help in any of your future multifactor authentication implementations: Contact us today!