Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for Power LogOn

POWER LOGON ADDRESSES DFARS 252.204-7012 REQUIREMENTS

DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

As with most government documents, one often leads to another. And that’s the case with DFARS 252.204-7012 . “DFARS” (the Defense Federal Acquisition Regulation Supplement Part 252: Solicitation Provisions and Contract Clauses) states:

“Contractors shall implement NIST SP 800-171 as soon as practical, but no later than December 31, 2017.”

That leads us to the next document: NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. This document was originally written as suggested ways to protect data. The DFARS document is now requiring the NIST suggestions.

THE PROBLEM

Defense contractors, including the small companies that supply the big ones, must implement DFARS requirements or they will be dropped as suppliers. Not having these measures in place could put a company out of business. That’s why DFARS is such an urgent issue.

One area of concern that defense contractors face happens on the assembly floor. Manufacturing facilities often have centrally located computers accessed by multiple users. Currently, workers are typing a user name and password to log in. If their passwords are compromised, or if an employee shares their passwords, there is no way for that current system to verify who actually logged in, which does not meet DFARS.

Part of the DFARS includes having an authentication process, plus a tracking ability.

AUTHENTICATION

The Power LogOn system utilizes a smartcard as one factor of the Multi-Factor Authentication process (something you Have). The card is protected by a PIN (a second factor – something you Know.) Because the user doesn’t even know their passwords, there is nothing they can share or tell to allow another person to be able to log in. The card allows you to know absolutely that it was Joe’s card that logged in.

The PIN protected card adds a layer of assurance, creating Two Factor Authentication, which does meet DFARS. For a super secure site, another layer could be added using a biometric, (something you Are – which our software supports), creating Three Factor Authentication.

 

  • 2 Factors = Card + PIN (most cost effective and fastest to implement), Card + Biometric or PIN + Biometrics
  • 3 Factors = Card + PIN + Biometric

 

The more hurdles you put up, the harder it becomes for a hacker or thief.

TRACKING and REPORTS

Power LogOn records whose card comes into the system, what that person logged into, how long they were in, and when they logged out. This process leaves an audit trail, which is also required in the DFARS.

DIFFERENTIATION

What makes Power LogOn so much better than other solutions is that the defense contractor doesn’t have to go through the complexity or expense of certificates and PKI. They can add the Power LogOn system directly onto their existing physical access badges, creating even more benefits. Because physical access badges are often used for more than just door access – think time and attendance, payment in cafeterias, forklift ignition, etc. –  there are a lot of different cross references and cross checks. If Joe logs into the system, but Joe has not clocked in or come through the door, that becomes a system red flag.

COMPLIANCE

Here’s a list of DFARS requirements that defense contractors are trying desperately to comply with by the end of THIS YEAR. Power LogOn meets each section with a check mark*.

Click here to view Table

 

Weak and Stolen Passwords – 81% of Hacking Tactics

Don’t believe the numbers without first understanding the problem. There has been a lot of cyber companies putting out their spin regarding Verizon’s April 2017 Data Breach Investigation Report (DBIR) . In the report they claim, “81% of the tactics used were of hacking-related breaches leveraged either stolen and/or weak passwords.”

This makes sense when you consider that over 90% of all authentication methods rely on passwords, but let’s look behind these numbers and what the report doesn’t say. Read More→

Make America Cyber Secure

Position Paper: US Government’s Cybersecurity Procurement

I am asking that Congress instruct the General Services Administration (GSA) to develop procurement codes under Schedule 70 specifically for the purchase of Cybersecurity hardware and software products.

Read More→

Dr. Joel Rakow Joins the Access Smart Team

Dr. Joel RakowAccess Smart is Growing their Cybersecurity Footprint

Access Smart is excited to announce a new addition to our team- Dr. Joel Rakow, a globally recognized leader in cybersecurity. Joining the team as our Reseller/Business Development Consultant, Joel bring more than 25 years of technology leadership experience in the areas of cybersecurity, physical security systems enterprise risk management and software deployments.

Joel is a partner in the LA and Orange County Practice of Fortium Partners, and is nationally recognized in the field of technology security, having served as an advisor to the Secret Service and Los Angeles Electronic Crimes Task Force and a representative member of the FBI Infragard, Adobe Software’s Advisory Council and the Receivers Team for the State Courts of California.

We are thrilled to add Joel’s extensive experience and expertise to the Access Smart team as we continue to be your number one source for cybersecurity and password management.

Giant Hole in Government’s Cybersecurity Strategy

The government is never going to fix its cybersecurity problem until it fixes its procurement problem!

cybersecurity weakness in US Government

Shockingly, there are no NAICS, SIC or SIN CODES for cybersecurity products on the GSA Schedule. As a California Certified Small Business owner who offers multi-factor authentication (MFA) products on the GSA Schedule, this is a serious problem.

Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to keep our nation’s electronic data secure. Current procedure involves a keyword search on the GSA Schedule. If the exact keyword is not typed or listed, no match is found. An agency’s only recourse then becomes generating expensive and time consuming RFIs, RFPs and RFQs. Cybersecurity NAICS, SIN and SIC codes are designed streamline the entire process, save money and ensure fast cybersecurity implementations. Read More→