Government

NIST 800-53, PCI DSS and FISMA Regulatory Compliance

The Electronic Authentication Guideline from the National Institute of Standards and Technology (NIST) provides information security recommendations for federal agencies and departments. The Guideline defines four levels of authentication that have increasing levels of security:

Levels 3 and 4 require two-factor authentication. Typically this means that for Level 3 or 4 a password or biometric is used to activate a key. Alternatively, a password protocol may be used in conjunction with a soft token, hard token, or one-time password token to achieve two-factor authentication.

Many federal agencies and departments are required to implement Two-Factor Authentication (2FA) per the National Institute of Standards and Technology’s Computer Security Division security standards (NIST 800-53). Many state and local agencies and departments also fall under this requirement, especially those dealing with Personally Identifiable Information (PII) or needing to comply with the Payment Card Industry Data Security Standard (PCI DSS).

The Federal Information Security Management Act (FISMA) defines a framework for protecting government information and operations against natural or man-made threats. Three levels of threat – low, moderate and high – are defined, based on the potential impact of a security breach.  SurePassID uses Amazon Web Services (AWS) to host its solution, including all data. AWS has achieved the “FISMA Moderate” designation per the Federal Risk and Authorization Management Program (FedRAMP).

Deploying two-factor authentication with SurePassID is the fastest path to compliance with NIST 800-53 and PCI DSS. SurePassID’s One-Click installer seamlessly integrates with even the most challenging legacy IT infrastructures.  SurePassID is compatible with almost any authentication method and device, including:

Free:

• Mobile OTP (smart phones, tablets) – installed on user’s device
• Desktop OTP (desktops, laptops) – installed on user’s device

Very Low Cost:

• SMS OTP and IVR – text or call to user’s phone
• PassFaces – installed on user’s device
• Matrix Cards – Challenge-response ISO 7810-compliant printed cards; issued to users

Higher Cost:

• OneCard – World’s first all-in-one converged security credential; issued to users
• OTP Display Cards – ISO 7816-compliant smart cards with display, keypad, and mag stripe; issued to users
• OTP Keyfobs & Mini-Keyfobs - Hardware tokens; issued to users
• Third Party OTP Tokens – OATH-compliant and proprietary RSA tokens; issued to users

 All SurePassID Regulatory Compliance Solutions for Government include: