NCCOE Identity and Access Management

The National Cybersecurity Center of Excellence has several projects related to Identity and Access Management: 

• Derived PIV Credentials: The project demonstrated a feasible security platform using federal PIV standards that leverages identity proofing and vetting results of current and valid PIV credentials to enable two-factor authentication via mobile devices while meeting policy guidelines. This project is relevant beyond Federal users to mobile device users in the commercial sector using smart card-based credentials or other means of authenticating identity and supports operations in federal (PIV), non-federal critical infrastructure (PIV-interoperable or PIV-I), and general business (PIV-compatible or PIV-C) environments.
• Mobile Application Single Sign On: This project focused on helping Public Safety First Responders efficiently and securely gain access to mission data via mobile devices and applications. This project developed a reference design for multifactor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction. 
• Multifactor Authentication for E-Commerce: This project explored using risk-based scenarios to trigger the use of multifactor authentication (MFA) to help reduce fraudulent online purchases. In the project’s example implementations, if certain risk elements (contextual data related to the transaction) are exceeded that could indicate an increased likelihood of fraudulent activity during the online shopping session, the purchaser will be prompted to present another distinct authentication factor—something the purchaser has—in addition to the username and password.
• Identity and Access Management in the Energy Sector: Because many utilities run identity and access management (IdAM) systems that are decentralized and controlled by numerous departments, the energy sector sought help from the NCCoE in overcoming the cybersecurity challenges inherent in this legacy structure. This project developed an example solution that utilities can use to more securely and efficiently manage access to the networked devices and facilities upon which power generation, transmission, and distribution depend. The solution demonstrates a centralized IdAM platform that can provide a comprehensive view of all users within the enterprise across all silos, and the access rights users have been granted, using multiple commercially available products.
• Attribute Based Access Control: This project developed a reference design for an Attribute-Based Access Control (ABAC) system. ABAC is an advanced method for managing access rights for people and systems connecting to networks and assets, offering greater efficiency, flexibility, scalability and security.”

Roadmap to NCCOE Projects