Trusted digital identities are one of the most important components to securing your digital and physical assets.
CertiPath, though its capacity as a trust framework provider, is uniquely positioned to assist both enterprise personnel and vendors better understand the role identity plays in the security and integrity of critical communications and resources. CertiPath’s team of subject matter experts is among the majority of authors, inventors and top practitioners in the emerging identity space and has consulted on products, processes, and policies for numerous high profile commercial and government entities.
Federated Trust offers a secure and efficient means of exchanging information – eliminating the costly and complex process of individually mapping PKI/hardware tokens and issuing project-specific credentials for every new customer, supplier, or partner.
The CertiPath Public Key Infrastructure (PKI) Bridge enables cross organizational trust for its members, who operate high assurance identity credentialing systems known as Enterprise PKI, and several of whom are providers of Personal Identity Verification – Interoperable (PIV-I) credentials to other organizations. This Bridged trust is characterized by a hub-spoke peer-to-peer environment where all of the members retain control over their individual trust domain policies and technical solutions, but agree to a common set of overarching requirements embodied in Federated Trust. Each member establishes parity with Federated Trust’s requirements, which in turn enables the trust between them.
As an alternative, for those organizations not interested in maintaining a distinct trust domain, CertiPath affords the option of electing to adopt the CertiPath policy and subordinating under the CertiPath Root. In this scenario, the member organization must operate its identity credentialing system in accordance with CertiPath’s policies.
CertiPath’s trust community extends beyond its own enterprise members to the U.S. Federal government via a Bridge-to-Bridge trust relationship between CertiPath and the U.S. Federal Bridge, which operates its own hub-spoke peer-to-peer environment for the U.S. Federal agencies. This hub-to-hub relationship enables inter-organizational trust between the members of the two Bridges.
Email continues to be a primary attack vector for malware and phishing identity scams. Some enterprises have tried to incorporate certificate-based systems not realizing that not all signed emails or certificate authorities can be trusted. CertiPath’s TrustValidator™ monitors incoming emails, analyzes the certificate being used to sign the email, and advises the user on the trustworthiness of that email before exposing them to possible threats.
Physical Access supports key stakeholders with services designed to achieve the highest level of assurance in PKI-based PACS including: requirements analysis, implementation assurance, program management, product certification, design services and partner certification.
CertiPath’s personnel are among the majority of authors, inventors and top practitioners in the emerging space leveraging PIV in in all application spaces: E-PACS, Federation, Logical Access.
As leaders in the HSPD-12, FIPS 201, FICAM, PIV/PIV-I and PKI markets, there are areas where the technology presents operational challenges to applications that leverage PIV/PIV-I credentials. CertiPath has placed a great emphasis on addressing operational challenges by providing services that solve these challenges head-on. CertiPath offers strategic services that have the potential to greatly enhance the CyberSecurity posture of the Federal enterprise.