ICAM
Identity. Credential and Access Management
SJ Technologies understands that every digital identity is unique. Our ICAM solutions provide a centralized and robust platform for managing user identities, ensuring secure access to resources. From user onboarding to role-based access control, we streamline identity management to enhance security and efficiency.
Team SJ has demonstrated substantial capabilities and expertise in Identity and Access Management (IAM) security across various projects.
Comprehensive IAM Solution Implementation
- PIV/CAC and 2FA: For the NP2 application, Team SJ supports a FIPS 140-3 compliant Identity Management solution that requires Personal Identity Verification/Common Access Card (PIV/CAC) or two-factor authentication (2FA) for system access, ensuring secure and authenticated user access.
- Single Sign-On (SSO): Implementation of Single Sign-On (SSO) for internal applications, enhancing user experience and security by minimizing the need for multiple passwords.
Expertise in Secure System Integration
- Secure Integration with COTS Products: Team SJ manages the integration of changes to NP2’s commercial off-the-shelf (COTS) products infrastructure, including database structure and application software with the Oracle 11g/12c Suite, focusing on Identity and Access Management (IAM) integration with 2FA.
- Security Tool Integration: Collaboration with the DCSA Security Operations Center (SOC) to integrate a range of security tools, including Tenable SecurityCenter, IBM BigFix, Imperva SecureSphere, and Rapid7 AppSpider, to bolster security defenses.
Advanced Security Measures
- Static Code Analysis: Utilization of SonarQube for Static Code Analysis to automate code reviews on NP2 software libraries, ensuring secure code practices.
- Configuration Compliance Scans: Configuration of Oracle Enterprise Manager to perform configuration compliance scans of NP2’s components based on Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), ensuring compliance with stringent security standards.
Proactive Vulnerability Management and Compliance
- Vulnerability Management: Support for vulnerability management, including compliance monitoring, reporting, response, and mitigation; compliance validation; and configuration management.
- RMF Participation: Participation in most Risk Management Framework (RMF) tasks beyond steps 0-6, including updating program-level security policies, assisting with incident response, and contributing to the creation of Common Control Provider packages.
Continuous Security and Access Management
- Annual Review and Auditing: Annual reviewing and auditing of NP2 system access rights and privileges to ensure ongoing compliance and security posture maintenance.
- Support for Command Cyber Readiness Inspections: Provision of timely artifacts and rapid remediation of findings to support all Command Cyber Readiness Inspections, ensuring robust security measures are in place and effective.
Team SJ’s capabilities in Identity and Access Management security are characterized by a comprehensive approach to secure system access, proactive vulnerability management, compliance with rigorous security standards, and integration of advanced security tools and practices. Our expertise spans from implementing complex IAM solutions to ensuring continuous security monitoring and compliance, making them a trusted partner in securing sensitive systems and data.