SlideShare uma empresa Scribd logo

Password Security and CJIS Compliance

PortalGuard
PortalGuard

Computers and information technologies are critical tools for police work today. Officers need immediate access to law enforcement applications, whether they are working in police stations, squad cars, or otherwise mobile and operating remotely. It’s essential for officers to easily login to the department’s computer system, regardless of where they are located, and connect to the applications they need to do their jobs. http://www.portalguard.com

Software
1 de 10
Baixar para ler offline
PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 E-mail: sales@portalguard.com Website: www.portalguard.com © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. Password Security and CJIS Compliance v.1.2-001 How a Police Department Manages Personal Identities with PortalGuard
Solution Brief – Password Security and CJIS Compliance 2© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. Password Security and CJIS Compliance Securing  Access  to  Law  Enforcement  Applications  ........................  3   The  PortalGuard  Solution  .......................................................................  4   Supporting Seamless Authentication for Police Work....................................4   Policy Area 6 Compliance: Identification and Authentication.........................4   Maintaining Password Rules..........................................................................4   Two Factor Authentication When outside a physically secure location..........6   Policy Area 4: Auditing and Accountability.....................................................7   Simple to Administer ......................................................................................8   Optimizing  Password  Management  for  CJIS  Compliance  .............  8       Appendix  A  ...............................................................................................................................  9  
Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 3 Securing Access to Law Enforcement Applications Computers and information technologies are critical tools for police work today. Officers need immediate access to law enforcement applications, whether they are working in police stations, squad cars, or otherwise mobile and operating remotely. It’s essential for officers to easily login to the department’s computer system, regardless of where they are located, and connect to the applications they need to do their jobs. An IT service provider and/or the internal computer support staff in a police department have other concerns. IT staffers must manage the security of the department’s system as well as the connections to state and Federal resources available over the Internet. A department’s system must verify the personal identities of officers, managers, and administrative personnel, and protect against access by unauthorized people and processes as defined by the Criminal Justice Information Services (CJIS) Security Policy. 1 With the increased reliance on computer technologies in the field, it is especially important to ensure that the department’s system complies with the CJIS policy for identification and authentication when officers are accessing applications from outside physically secure locations. It’s also important to track and audit all access to the system, another CJIS policy. Finally, there’s a management context to consider. IT staffers need to deploy a solution for password security that is easy to install, maintain, and affordable for their department. Of course, an effective solution for password security must strike the right balance among officers’ needs for easy authentication to law enforcement applications, cost-effective system management for IT staffers, and CJIS compliance requirements. A well–designed solution optimizes both usability and password security. 1 Criminal Justice Information Services (CJIS) Security Policy, Version 5.2, 8/9/2013. http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view
Solution Brief – Password Security and CJIS Compliance 4© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. The PortalGuard Solution SUPPORTING SEAMLESS AUTHENTICATION FOR POLICE WORK This is where PortalGuard makes a difference. It provides seamless authentication to law enforcement applications running within a police department as well as easy system management. PortalGuard complies with CJIS security policies for Auditing and Accountability (Policy Area 4), Access Control (Policy Area 5), and Identification and Authentication (Policy Area 6). PortalGuard capabilities for specific policy areas and topics are summarized in Appendix A. POLICY AREA 6 COMPLIANCE: IDENTIFICATION AND AUTHENTICATION PortalGuard excels with its support of Policy Area 6 requirements, a topic of great concern to many local police departments. PortalGuard delivers a comprehensive password security solution for identification and authentication. PortalGuard replaces the out-of-the-box Windows Workstation authentication services with a set of enhanced security capabilities. As a result, PortalGuard ensures complete password management, both when officers are working within a physically secure location, such as a police station, as well as when they are working remotely, in a squad car or connecting from a remote location. PortalGuard delivers flexible and easily managed Password Rules to support consistent authentication regardless of location. PortalGuard also supports Two Factor Authentication (2FA), required to meet the Advanced Authentication mandate for password access outside a physically secure location. MAINTAINING PASSWORD RULES IT staffers must ensure that officers have appropriately defined passwords when accessing a police department’s system. To conform to the Policy Area 6 mandate, the passwords must: • Be a minimum length of eight (8) characters • Not be a dictionary word or proper name • Not be the same as the User ID • Expire within ninety (90) days • Not be identical to the previous ten (10) passwords • Not be transmitted in the clear outside the secure location • Not be displayed when entered
Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 5 An IT staffer sets up the officers’ accounts and issues unque user IDs when the officers join the department and first log into the system. When accessing the system, officers must enter passwords that conform to the password rules and change passwords when prompted to do so. Behind the scenes and transparent to the officers, IT staffers must enforce the password rules for the department’s system. With PortalGuard, IT staffers define the password rules once and then maiantain them consistently across the department’s system. IT staffers set password complexity (including minimum password length), expiration, history, and dictionary terms from an easy-to-use management environment, as shown in Illustration 1. Illustration 1. PortalGuard features multiple tabs for managing password policies. All password communications are transmitted as HTTPS/SSL requests and thus are never transmitted in the clear, even within a secure locaton. As a result, a police department can rely on PortalGuard to meet, or exceed, and then manage the password rules mandated by Policy Area 6.
Solution Brief – Password Security and CJIS Compliance 6© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. TWO FACTOR AUTHENTICATION WHEN OUTSIDE A PHYSICALLY SECURE LOCATION Many officers spend most of their work shifts outside their police stations: patrolling in squad cars, investigating incidents, and otherwise doing their jobs from remote locations. They use laptops mounted in squad cars and other kinds of department-issued mobile devices to connect over wireless networks to the law enforcement applications their department maintains. When accessing these applications remotely, CJIS compliance requires Advanced Authentication with the “intent of meeting the standards of two-factor authentication.” 2 Two-factor authentication combines two factors for authentication – something you know (a password) and something you have (a hardware or software token). This second factor is a one-time password (OTP) retrieved from a hardware key fob, smartcard, proximity badge, department- issued mobile device, telephone voice message, or printed list available from the dispatcher at headquarters. While enhancing password security, two-factor authentication can impede usability. There are various situations to consider. For instance, officers may need to file incidence reports from the laptops in their squad cars. They may need to run a local application and then log into the department system. They may need to check on a situation alert from a department-issued mobile device. Adding this second factor to each username/password challenge can make repeated (and frequent) logins a time-consuming and difficult-to-use effort. Officers need a solution that affirms their identities and also expedites authentication. PortalGuard can be configured to accommodate numerous hardware- or software-generated OTP. When securing laptops, PortalGuard includes PassiveKey, a unique capability that is installed as a web browser plug-in. PassiveKey supports Internet Explorer, Firefox, and Chrome on Windows work-stations. PassiveKey provides a transparent method for eliminating browser-based OTP prompts. PortalGuard can secure laptops disconnected from the network and allow two-factor authentication with YubiKey, a hardware-based token. PortalGuard also delivers PassiveKey Mobile to support two-factor authentication through any browser on any operating system. PassiveKey Mobile is essential for securing smartphones, tablets, and access through desktop virtualization environments provided by Citrix and VMWare. Once 2 See Criminal Justice Information Services (CJIS) Security Policy Section 5.6.2.2, (http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view)
Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 7 officers authenticate manually with the second factor through a browser, PassiveKey Mobile remembers the second factor for a predefined period of time. PortalGuard thus makes two-factor authentication seamless by optionally storing the second factor for a period of time defined by the police department’s operating policies. (Illustration 2 shows the management options.) This verifies that the officer requesting access to the law enforcement applications outside the police station is in fact using a predefined laptop or mobile device. Illustration 2. IT staffers can determine the expiration period for suppressing the one time password prompt for two factor authentication based on the security policy of their police department. POLICY AREA 4: AUDITING AND ACCOUNTABILITY As part of Policy Area 4, IT staffers need to track and time stamp all events related to accessing the department’s system. These events include successful logins, unsuccessful logins, and password resets. (See Appendix A for a summary of policy requirements and PortalGuard capabilities.) PortalGuard maintains a continuous log of all authentication activities it handles – both the successful and unsuccessful login events. IT staffers can rely on PortalGuard to track all login-related events occuring on the system. PortalGuard includes several out-of-the-box reports for auditing.
Solution Brief – Password Security and CJIS Compliance 8© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. In addition, IT staffers can also use their own analysis applications to develop customized reports. The logging produces SQL-formatted data, which can then be easily exported and transferred to an auditing and reporting tool such a Crystal Reports. SIMPLE TO ADMINISTER While needing a solution for CJIS compliance, police department executives and local government managers are also concerned about costs and predictable budgeting. Ensuring compliance should not become a financial drain on local resources. The license fee for PortalGuard is based on a flat, server-pricing model and is designed for predictable budgeting. There is no head count or device count to consider. A single PortalGuard server can control access to multiple systems and services without additional cost. PortalGuard accomodates officers using multiple systems and devices during their shifts, a trend that is likely to only accelerate in the years ahead with the introduction of innovative digital devices into police work. Optimizing Password Management for CJIS Compli- ance An IT service provider and/or the internal computer support staff in a police department must now ensure password security for CJIS compliance, both when officers are working within a physically secure environment and when they are mobile, outside the police station. As part of the CJIS rmandate, IT staffers need to consider a password management solution for Advanced Authentication involving two-factor authentication. PortalGuard delivers a CJIS-compliant solution for password security that also seeks to enhance usability. Officers can securely login to the department system and maintain their passwords. IT staffers can easily manage and track passwords across the department. They can ensure that only authorized officers, managers, and administrative staffers are gaining access, and they can log all events to verify security. With a CJIS-compliant solution in place, IT staffers can refocus their attention to supporting officers and maintaining the various law enforcement applications needed within the department.
Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 9 Appendix A CJIS Guidelines and PortalGuard Features
Solution Brief – Password Security and CJIS Compliance 10© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved.

Recomendados

Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 

Recomendados

Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...LeMeniz Infotech
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Clare Nelson, CISSP, CIPP-E
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
Security Testing
Security TestingSecurity Testing
Security TestingBOSS Webtech
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless authLesha Bhansali
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Password security
Password securityPassword security
Password securityDan Tervo
 
Password Security
Password SecurityPassword Security
Password SecurityCSCJournals
 

Mais conteúdo relacionado

Mais procurados

Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...LeMeniz Infotech
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 

Mais procurados (20)

Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not Alone
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with Authy
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 

Destaque

Password security
Password securityPassword security
Password securityDan Tervo
 
Password Security
Password SecurityPassword Security
Password SecurityCSCJournals
 
Using OTP prevent Phishing attacks
Using OTP prevent Phishing attacksUsing OTP prevent Phishing attacks
Using OTP prevent Phishing attacksriteshsarode1995
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 

Destaque (6)

Password security
Password securityPassword security
Password security
 
Password Security
Password SecurityPassword Security
Password Security
 
Password Security
Password SecurityPassword Security
Password Security
 
Password Security
Password SecurityPassword Security
Password Security
 
Using OTP prevent Phishing attacks
Using OTP prevent Phishing attacksUsing OTP prevent Phishing attacks
Using OTP prevent Phishing attacks
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 

Semelhante a Password Security and CJIS Compliance

Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachPortalGuard
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.comNeriVanOtten1
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORInfosec Train
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonFares Sharif
 
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS Gregory McNulty
 
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSREAD ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSGregory McNulty
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudProxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudIRJET Journal
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 

Semelhante a Password Security and CJIS Compliance (20)

Password Management
Password ManagementPassword Management
Password Management
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Two-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless ApproachTwo-factor Authentication: A Tokenless Approach
Two-factor Authentication: A Tokenless Approach
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.com
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITOR
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
 
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
 
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSREAD ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access Controls
 
Security Auditing
Security AuditingSecurity Auditing
Security Auditing
 
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudProxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 

Mais de PortalGuard

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better PasswordPortalGuard
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalPortalGuard
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalPortalGuard
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product TourPortalGuard
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive OverviewPortalGuard
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard PlatformPortalGuard
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution? PortalGuard
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and CompliancePortalGuard
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 

Mais de PortalGuard (13)

Let's Build a Better Password
Let's Build a Better PasswordLet's Build a Better Password
Let's Build a Better Password
 
Designing and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web PortalDesigning and Implementing a Secure, Fully Brandable Web Portal
Designing and Implementing a Secure, Fully Brandable Web Portal
 
Designing and Creating a Secure Web Portal
Designing and Creating a Secure Web PortalDesigning and Creating a Secure Web Portal
Designing and Creating a Secure Web Portal
 
PortalGuard Product Tour
PortalGuard Product TourPortalGuard Product Tour
PortalGuard Product Tour
 
SSPM Retail
SSPM RetailSSPM Retail
SSPM Retail
 
SAML Executive Overview
SAML Executive OverviewSAML Executive Overview
SAML Executive Overview
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving Compliance
 
PortalGuard Platform
PortalGuard PlatformPortalGuard Platform
PortalGuard Platform
 
Already Have a Solution?
Already Have a Solution? Already Have a Solution?
Already Have a Solution?
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop
 
Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 

Último

英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 

Último (20)

英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 

Password Security and CJIS Compliance

  • 1. PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 E-mail: sales@portalguard.com Website: www.portalguard.com © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. Password Security and CJIS Compliance v.1.2-001 How a Police Department Manages Personal Identities with PortalGuard
  • 2. Solution Brief – Password Security and CJIS Compliance 2© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. Password Security and CJIS Compliance Securing  Access  to  Law  Enforcement  Applications  ........................  3   The  PortalGuard  Solution  .......................................................................  4   Supporting Seamless Authentication for Police Work....................................4   Policy Area 6 Compliance: Identification and Authentication.........................4   Maintaining Password Rules..........................................................................4   Two Factor Authentication When outside a physically secure location..........6   Policy Area 4: Auditing and Accountability.....................................................7   Simple to Administer ......................................................................................8   Optimizing  Password  Management  for  CJIS  Compliance  .............  8       Appendix  A  ...............................................................................................................................  9  
  • 3. Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 3 Securing Access to Law Enforcement Applications Computers and information technologies are critical tools for police work today. Officers need immediate access to law enforcement applications, whether they are working in police stations, squad cars, or otherwise mobile and operating remotely. It’s essential for officers to easily login to the department’s computer system, regardless of where they are located, and connect to the applications they need to do their jobs. An IT service provider and/or the internal computer support staff in a police department have other concerns. IT staffers must manage the security of the department’s system as well as the connections to state and Federal resources available over the Internet. A department’s system must verify the personal identities of officers, managers, and administrative personnel, and protect against access by unauthorized people and processes as defined by the Criminal Justice Information Services (CJIS) Security Policy. 1 With the increased reliance on computer technologies in the field, it is especially important to ensure that the department’s system complies with the CJIS policy for identification and authentication when officers are accessing applications from outside physically secure locations. It’s also important to track and audit all access to the system, another CJIS policy. Finally, there’s a management context to consider. IT staffers need to deploy a solution for password security that is easy to install, maintain, and affordable for their department. Of course, an effective solution for password security must strike the right balance among officers’ needs for easy authentication to law enforcement applications, cost-effective system management for IT staffers, and CJIS compliance requirements. A well–designed solution optimizes both usability and password security. 1 Criminal Justice Information Services (CJIS) Security Policy, Version 5.2, 8/9/2013. http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view
  • 4. Solution Brief – Password Security and CJIS Compliance 4© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. The PortalGuard Solution SUPPORTING SEAMLESS AUTHENTICATION FOR POLICE WORK This is where PortalGuard makes a difference. It provides seamless authentication to law enforcement applications running within a police department as well as easy system management. PortalGuard complies with CJIS security policies for Auditing and Accountability (Policy Area 4), Access Control (Policy Area 5), and Identification and Authentication (Policy Area 6). PortalGuard capabilities for specific policy areas and topics are summarized in Appendix A. POLICY AREA 6 COMPLIANCE: IDENTIFICATION AND AUTHENTICATION PortalGuard excels with its support of Policy Area 6 requirements, a topic of great concern to many local police departments. PortalGuard delivers a comprehensive password security solution for identification and authentication. PortalGuard replaces the out-of-the-box Windows Workstation authentication services with a set of enhanced security capabilities. As a result, PortalGuard ensures complete password management, both when officers are working within a physically secure location, such as a police station, as well as when they are working remotely, in a squad car or connecting from a remote location. PortalGuard delivers flexible and easily managed Password Rules to support consistent authentication regardless of location. PortalGuard also supports Two Factor Authentication (2FA), required to meet the Advanced Authentication mandate for password access outside a physically secure location. MAINTAINING PASSWORD RULES IT staffers must ensure that officers have appropriately defined passwords when accessing a police department’s system. To conform to the Policy Area 6 mandate, the passwords must: • Be a minimum length of eight (8) characters • Not be a dictionary word or proper name • Not be the same as the User ID • Expire within ninety (90) days • Not be identical to the previous ten (10) passwords • Not be transmitted in the clear outside the secure location • Not be displayed when entered
  • 5. Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 5 An IT staffer sets up the officers’ accounts and issues unque user IDs when the officers join the department and first log into the system. When accessing the system, officers must enter passwords that conform to the password rules and change passwords when prompted to do so. Behind the scenes and transparent to the officers, IT staffers must enforce the password rules for the department’s system. With PortalGuard, IT staffers define the password rules once and then maiantain them consistently across the department’s system. IT staffers set password complexity (including minimum password length), expiration, history, and dictionary terms from an easy-to-use management environment, as shown in Illustration 1. Illustration 1. PortalGuard features multiple tabs for managing password policies. All password communications are transmitted as HTTPS/SSL requests and thus are never transmitted in the clear, even within a secure locaton. As a result, a police department can rely on PortalGuard to meet, or exceed, and then manage the password rules mandated by Policy Area 6.
  • 6. Solution Brief – Password Security and CJIS Compliance 6© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. TWO FACTOR AUTHENTICATION WHEN OUTSIDE A PHYSICALLY SECURE LOCATION Many officers spend most of their work shifts outside their police stations: patrolling in squad cars, investigating incidents, and otherwise doing their jobs from remote locations. They use laptops mounted in squad cars and other kinds of department-issued mobile devices to connect over wireless networks to the law enforcement applications their department maintains. When accessing these applications remotely, CJIS compliance requires Advanced Authentication with the “intent of meeting the standards of two-factor authentication.” 2 Two-factor authentication combines two factors for authentication – something you know (a password) and something you have (a hardware or software token). This second factor is a one-time password (OTP) retrieved from a hardware key fob, smartcard, proximity badge, department- issued mobile device, telephone voice message, or printed list available from the dispatcher at headquarters. While enhancing password security, two-factor authentication can impede usability. There are various situations to consider. For instance, officers may need to file incidence reports from the laptops in their squad cars. They may need to run a local application and then log into the department system. They may need to check on a situation alert from a department-issued mobile device. Adding this second factor to each username/password challenge can make repeated (and frequent) logins a time-consuming and difficult-to-use effort. Officers need a solution that affirms their identities and also expedites authentication. PortalGuard can be configured to accommodate numerous hardware- or software-generated OTP. When securing laptops, PortalGuard includes PassiveKey, a unique capability that is installed as a web browser plug-in. PassiveKey supports Internet Explorer, Firefox, and Chrome on Windows work-stations. PassiveKey provides a transparent method for eliminating browser-based OTP prompts. PortalGuard can secure laptops disconnected from the network and allow two-factor authentication with YubiKey, a hardware-based token. PortalGuard also delivers PassiveKey Mobile to support two-factor authentication through any browser on any operating system. PassiveKey Mobile is essential for securing smartphones, tablets, and access through desktop virtualization environments provided by Citrix and VMWare. Once 2 See Criminal Justice Information Services (CJIS) Security Policy Section 5.6.2.2, (http://www.fbi.gov/about-us/cjis/cjis-security-policy-resource-center/view)
  • 7. Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 7 officers authenticate manually with the second factor through a browser, PassiveKey Mobile remembers the second factor for a predefined period of time. PortalGuard thus makes two-factor authentication seamless by optionally storing the second factor for a period of time defined by the police department’s operating policies. (Illustration 2 shows the management options.) This verifies that the officer requesting access to the law enforcement applications outside the police station is in fact using a predefined laptop or mobile device. Illustration 2. IT staffers can determine the expiration period for suppressing the one time password prompt for two factor authentication based on the security policy of their police department. POLICY AREA 4: AUDITING AND ACCOUNTABILITY As part of Policy Area 4, IT staffers need to track and time stamp all events related to accessing the department’s system. These events include successful logins, unsuccessful logins, and password resets. (See Appendix A for a summary of policy requirements and PortalGuard capabilities.) PortalGuard maintains a continuous log of all authentication activities it handles – both the successful and unsuccessful login events. IT staffers can rely on PortalGuard to track all login-related events occuring on the system. PortalGuard includes several out-of-the-box reports for auditing.
  • 8. Solution Brief – Password Security and CJIS Compliance 8© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. In addition, IT staffers can also use their own analysis applications to develop customized reports. The logging produces SQL-formatted data, which can then be easily exported and transferred to an auditing and reporting tool such a Crystal Reports. SIMPLE TO ADMINISTER While needing a solution for CJIS compliance, police department executives and local government managers are also concerned about costs and predictable budgeting. Ensuring compliance should not become a financial drain on local resources. The license fee for PortalGuard is based on a flat, server-pricing model and is designed for predictable budgeting. There is no head count or device count to consider. A single PortalGuard server can control access to multiple systems and services without additional cost. PortalGuard accomodates officers using multiple systems and devices during their shifts, a trend that is likely to only accelerate in the years ahead with the introduction of innovative digital devices into police work. Optimizing Password Management for CJIS Compli- ance An IT service provider and/or the internal computer support staff in a police department must now ensure password security for CJIS compliance, both when officers are working within a physically secure environment and when they are mobile, outside the police station. As part of the CJIS rmandate, IT staffers need to consider a password management solution for Advanced Authentication involving two-factor authentication. PortalGuard delivers a CJIS-compliant solution for password security that also seeks to enhance usability. Officers can securely login to the department system and maintain their passwords. IT staffers can easily manage and track passwords across the department. They can ensure that only authorized officers, managers, and administrative staffers are gaining access, and they can log all events to verify security. With a CJIS-compliant solution in place, IT staffers can refocus their attention to supporting officers and maintaining the various law enforcement applications needed within the department.
  • 9. Solution Brief – Password Security and CJIS Compliance © 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved. 9 Appendix A CJIS Guidelines and PortalGuard Features
  • 10. Solution Brief – Password Security and CJIS Compliance 10© 2014, PistolStar, Inc. dba PortalGuard All Rights Reserved.