HOMELAND SECURITY PRESIDENTIAL DIRECTIVE-12

HSPD-12 requires agencies to adopt controls and procedures designed to prevent unauthorized access to Government facilities and systems, reducing the potential for terrorist attacks. The goal and policies of the Directive are to increase Government efficiency, reduce identity fraud, and protect personal privacy. This is accomplished by establishing a mandatory, Government-wide security standard for secure and reliable forms of identification of Federal Government employees and contractors. HSPD-12 also assigns responsibility, establishes a timeline, and outlines the requirements that agencies must follow to implement the new standard. FIPS 201, issued by NIST, specifies the architecture and technical requirements for the common identification standard for Federal employees and contractors.

THE PROBLEM

How to securely enable logical cross-agency access to federally controlled information systems.

1. OMB guidance requires but does not specify how FIPS 201 access to federal systems from a non-federally controlled facility (such as a researcher uploading data through a secure Web site or a contractor accessing a government system from its own facility) should be managed.
2. Currently agencies have multiple and separate authentication mechanisms in place for their own employees and cannot use these mechanisms to authenticate employees of state, local and private sector affiliates with whom they need to share information.
3. Agencies are not making consistent determinations about when and how to apply the HSPD-12 standard and may even end up deploying incompatible approaches.

 

THE SOLUTION

Secure information sharing is made possible by a technology called “Federated Authentication.” This is defined as “sharing of identification credentials among several entities.”  Trust is transferred from one identifying and authenticating entity to another. In other words, if two entities wish to grant access to their internal systems to each others’ employees, they need to “federate” their identity management systems and “trust” that each other will validate the identity and roles of their own employees. Sigaba’s patented Federated Authentication Service Technology (FAST), built on the award-winning SigabaNet™ platform, is the first and most comprehensive method for enabling secure information sharing. This easy-to-deploy technology enables enterprises and Governments to securely and dynamically add, manage, and delete partners with just a few keystrokes. The Sigaba solution can complement an HSPD-12 solution by enhancing the reach to entities that will be HSPD-12 compliant in the long term and for entities (State/Local/Individual) that will not be part of the directorate.  Whether you are collaborating with other agencies, transmitting privacy information covered by regulatory constraints, or responding to some sort of incident, Sigaba’s secure applications and platform provide the solution that can work with most existing architectures without the need overhaul your infrastructure.

SIGABANET SECURITY ARCHITECTURE PLATFORM

SigabaNet™ is a robust, scalable, and flexible platform of services that enables a universe of secure applications. This core technology provides easy-to-implement administrative components, such as policies, resources, and reporting. Sigaba’s services (keys, authentication, policies, user management, etc.) are the building blocks that can be used to enable security in any application, including enterprise resource planning (ERP), customer relationship management (CRM), supply chain, and product lifecycle management (PLM).

SIGABA SECURE MESSAGING APPLICATIONS

Sigaba has a set of secure messaging applications that can be used out-of-the-box. These applications are easy to administer, install, deploy, and use. Millions of desktops currently utilize secure messaging solutions from Sigaba … for good reason.

Sigaba Secure Email™
Sigaba Secure Email is the premier enterprise secure messaging solution for businesses, financial institutions, Governments, healthcare, and other organizations with a compelling need to protect confidential information. It is the first email solution to provide secure ad hoc business communication that is as simple as traditional, non-secure email.

Sigaba Secure Statements™
For end-to-end secure document delivery, Sigaba Secure Statements is the leading solution for creating, managing, and sending electronic statements. You can rest assured that Sigaba Secure Statements meets HSPD-12 regulatory requirements for privacy.

Sigaba Secure IM™ (Instant Messaging)
Sigaba Secure IM is the first truly secure instant messaging and presence solution built exclusively for the enterprise. Sigaba Secure IM allows Government users to conduct secure multi-user conversations from their desktops and other platforms, enabling easy information sharing within and among workgroups, between agencies, or with the nation’s citizens.

Sigaba Secure Messaging for Mobile Devices™
For organizations with the need to protect confidential information, Sigaba Secure Messaging for Mobile Devices is the leading enterprise secure messaging solution that enables users of mobile devices, such as PDAs, to send and receive messages securely, from the beginning to the end of transmission. With the wide acceptance and growing use of mobile device technology, organizations realize that they have no option but to incorporate it into their infrastructure and ensure all transmitted messages are secure and reliable.