Home › Our Services › TDIYubiServ

Two-Factor Authentication Solutions

TDIYubiServ

Given the current INFOSEC and budget conditions in the U.S. Government and DoD, organizations need a reliable, secure, and inexpensive two-factor authentication system. Current providers like EMC's RSA SecurID have proven security issues and have nearly crippled IT enterprise budgets at the same time. The time has come to provide a more secure and inexpensive solution.

At Tachyon Dynamics, we have built, secured, tested, and hardened a robust, inexpensive, and highly flexible two-factor authentication solution introduced by Yubico called TDIYubiServ. Users authenticate using something they know (username/password) and something they have (hardware token called Yubikey). The Yubikey is a USB token-based One Time Password (OTP) device.

What Makes TDIYubiServ Different?

  • Fully hardened in compliance with the DISA Red Hat Enterprise Linux STIG
  • Yubikey is one of the few MFA services with DoD CIO approval as a technical alternative where DoD PKI cannot be implemented
  • Streamlines MFA compliance for products pursuing a DISA Vendor STIG
  • Secure virtualized implementation of Red Hat Enterprise Linux 9.x

Infrastructure Integration

TDIYubiServ contains numerous mechanisms to interface with your infrastructure devices and systems:

  • FreeRADIUS server (Linux RADIUS server)
  • Yubico-validation server
  • tac_plus server (Linux TACACS+ server)
  • Windows Active Directory / Kerberos client
  • RADIUS client using pam_radius
  • Local Linux accounts managed through the local PAM database

CMMC, DFAR and NIST 800-171 Compliance

TDIYubiServ, when properly implemented, can help your network achieve compliance with CMMC Level 1-3, DFAR mandates, NIST 800-171, and NIST 800-53 controls for protecting Controlled Unclassified Information (CUI). Controls addressed include:

  • IA-1: Identification and Authentication Policy and Procedures
  • IA-2: User Identification and Authentication
  • IA-5: Authenticator Management
  • IA-6: Authenticator Feedback
  • IA-7: Cryptographic Module Authentication (when in FIPS 140-2 Mode)
  • IA-8: Identification and Authentication (Non-Organizational Users)
  • AC-2: Account Management
  • AC-3: Access Enforcement
  • AC-5: Separation of Duties
  • AC-6: Least Privilege
  • AC-7: Unsuccessful Login Attempts
  • AC-14: Permitted Actions without Identification or Authentication

Need help with multifactor authentication implementation? Contact us today.

Yubikey Hardware Token Multi-Factor Authentication