Page 75 - Cyber Defense eMagazine August 2024
P. 75

accorded to any person, non-person  entity, system, or network—whether  within or beyond the security
            perimeter.  ZTA  emphasizes  enterprise-level  controls,  especially  phishing-resistant  multifactor
            authentication.
            Demand for robust ICAM solutions, complemented by the right mix of standards and policies, is the result.
            Standards and innovation are the watchwords on our NextGen journey.


            Key Identity Standards Guiding Federal Implementations
            The three most important identity management standards for federal agency adoption are:

              1.   NIST Special Publication 800-63. The four-volume publication Digital Identity Guidelines forms
                   the cornerstone of federal identity management. It prescribes the technical requirements for im-
                   plementing digital identity in federal agencies and offers processes for risk assessment, assur-
                   ance level selection, and appropriate controls.

                   This document combines the best thinking of public and private information security professionals
                   and  offers  both  worlds  a  risk-based  approach  to  digital  identity  management.  Important
                   enhancements  include  the  infusion  of  an  updated  digital  identity  model,  greater  process
                   orientation in risk management, and a revised assurance level selection methodology.

              2.   Federal Information Processing Standards 201. FIPS 201 implements the requirements of
                   Homeland Security Presidential Directive 12 relative to Personal Identity Verification (PIV) of
                   federal employees and contractors. It addresses logical and physical access applications with
                   special focus on smart card–based identity credentials.


                   This mandatory  standard,  issued  by NIST,  defines the  technical  specifications  and operational
                   requirements for creating, issuing, and managing PIV credentials, which include smart cards used
                   for accessing federal facilities and information systems.

              3.   X.509v3. X.509v3 is the international standard for issuing and managing PKI identity creden-
                   tials. PKI facilitates the secure electronic transfer of information by using digital certificates and
                   cryptographic key pairs.

                   The  combination  of  digital  certificates  and  key  pairs  based  on  asymmetric  cryptography
                   establishes  the  trust  ZTA  requires  –  sender  (user  and  device)  authentication,  content
                   authentication (secure data transmission), and non-repudiation.


            Emerging Innovations

            Continuous  innovation  is  a  feature  of  the  identity  management  space.  While  there  are  far  too  many
            advances to cover, every federal ICAM leader should be aware of these technologies:

                •  AI. Artificial intelligence already plays a role in identity and access management, performing a
                    range of critical tasks without human intervention. By all predictions, future applications  — es-
                    pecially those relying on generative AI and machine learning — will transform the identity and
                    access management world.






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          75
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   70   71   72   73   74   75   76   77   78   79   80