AI offers  many  benefits.  For  example,  faster  pattern  recognition  can  quickly  trigger  automatic
                    network-protecting  measures.  On the other hand, AI in the wrong  hands – or applied  with evil
                    intent – can create threats beyond imagination.

               •  Fast Identity Online (FIDO). Developed by the FIDO Alliance, FIDO is an industry standard for
                   strong, easy-to-use asymmetric cryptography-based  identity credentials that are available
                   across popular operating system platforms and browsers.

                   Derived  PIV Passkeys  (DPPs)  – FIDO2 credentials  implemented  as derived  PIV credentials  in
                   accordance  with  FIPS  201  and  NIST  Special  Publication  800-157r1  –  are  user-friendly,
                   multifactor, and phishing-resistant  authenticators  that can be used by federal enterprise users. I
                   recently  proposed  an  authentication  model  using  DPPs  for  authentication  to  federal  online
                   services. It could represent a leap into modern authentication.

               •  Attribute-based  access control. ABAC is a versatile approach for dynamically managing ac-
                   cess. Access decisions compare real-time attributes with those assigned to the user, the re-
                   source, and the environment and digital policies governing the same.

                   Many postulate  an either-or  proposition  when it comes to ABAC and role-based access  control
                   models.  I  tend  to agree  with OMB  M-22-09,  which  suggests  that  using  the  two in  conjunction
                   offers greater assurance than either model individually.


               •  Identity governance and administration (IGA) tools. Enterprise-level tools that manage digi-
                   tal identities across their lifecycle and control user access across the digital ecosystem via data
                   aggregation and correlation.

                   Complex  digital  ecosystems  – on-site,  cloud,  and hybrid  – make  tracking  and reporting  on the
                   activities  of multiple  users,  devices,  and  access  requirements  across  differing  environments  a
                   manual  nightmare.  IGA  tools  apply  automation  to  make  risk  management  and  regulatory
                   compliance manageable.

            Limitless possibilities attend ZTA implementation. What an exciting time to be part of the federal identity,
            credential, and access management  landscape!



















            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          76
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.