Identification and Authentication
This is the fifth of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems,compliance. This entry covers the controls contained in the Identification and Authentication Policy and Procedures family.
What is it?
For most systems, identification and authentication is often the first line of defense. Identification is the means of verifying the identity of a user, process, or device, typically as a prerequisite for granting access to resources in a system. Identification and authentication are technical measures that prevent unauthorized individuals or processes from accessing a system. Identification and authentication is a critical building block of information security since it is the basis for most types of access control and for establishing user accountability. Access control often requires that the system can identify and differentiate between users.📷For example, access control is often based on least privilege, which refers to granting users only those accesses required to perform their duties. User accountability requires linking activities on a system to specific individuals and, therefore, requires the system to identify users. Systems recognize individuals based on the authentication data the systems receive. Authentication presents several challenges: collecting authentication data, transmitting the data securely, and knowing whether the individual who was originally authenticated is still the individual using the system. For example, a user may walk away from a terminal while still logged on, and another person may start using it.
How does Greenfield solve it?
Greenfield provides Identification and Authentication by providing the flexibility to control who can access data as well as how, when, and where it can be accessed. AWS provides various access control mechanisms such as: Identity and Access Management (IAM) policies, access control lists (ACL), S3 bucket policies, and query string authentication. IAM enables organizations with multiple employees to create and manage multiple users under a single AWS account. With IAM policies, clients can grant users granular control to resources. The Greenfield Support Team assists with a privilege escalation mechanism with logging on a per-user basis. Clients Administrators will generate their own key pairs in order to guarantee that they are unique, and not shared with other customers or with AWS.Greenfield Client Administrators are responsible for the following:Enabling the provided Multi-Factor Authentication (MFA) service for the IAM users they have created under their account. Properly distributing their MFA credentials and monitoring their password implementations (IAM included).Managing all user and device authentication to AWS. Ensuring that critical information, such as privileged credentials, be encrypted in transit and at rest, and that they define requirements for access, access control, access logging and physical control.Configuring Single-Sign-On with existing Identity ProvidersThe Greenfield Support Team provides easy to follow instructions and guides and will assist clients with their responsibilities to help them verify proper implementation and configuration. 📷