Common Access Card (CAC) and Online Certificate Status Protocol (OCSP) support for defense
Securing defense networks for network administrators
Infoblox is working with Computer Sciences Corporation (CSC) to certify Trinzic DDI for Common Criteria Evaluation Assurance Level 2 (EAL2) as dictated by the National Information Assurance Program (NIAP). Infoblox is also participating in the Cryptographic Algorithm Validation Program (CAVP) to ensure all Federal Information Processing Standards (FIPS)-Approved cryptographic algorithms used in Trinzic DDI meet the FIPS 140-1 security requirements.
For more information, visit NIAP’s site..
The Department of Defense requires the use of the Common Access Card (CAC) to access its secure computer networks. To log on to a computer and access systems, personnel must complete two-factor authentication, which in this case means presenting something the user has (the CAC smart card) and something the user knows (a password).
Without embedded support for CAC or other smart cards, administrators of networks that require two-factor authentication must create custom scripts, which incur costs for software development and ongoing maintenance.
Infoblox is the only vendor to provide embedded support for CAC cards, and can support any smart card solution using the Online Certificate Status Protocol (OCSP) for certificate validation. Infoblox Trinzic appliances operating with NIOS 6.4 or higher support two-factor authentication, for both explicit and delegated trust models, for easy integration into existing security policies.
For Department of Defense networks requiring CAC cards, and the many other networks requiring smart cards for authentication, the Infoblox solution offers key benefits including:
Infoblox NIOS 6.4 or higher enables enhanced login, automatically populating the user name field from the CAC or other smart card certificate. NIOS 6.4 supports local, Microsoft AD, RADIUS and TACACS password authentication.
Easy, scalable configuration
The simple NIOS 6.4 or higher interface allows administrators to easily add any number of OCSP responders. Our standards-based implementation integrates easily with most smart card product offerings.
Ability to test configurations
Infoblox has the only DDI solution that allows administrators to test OCSP responder communications for easier, more reliable configurations.
Full logging of successful and unsuccessful authentication
NIOS 6.4 or higher provides real-time and historical data for successful and unsuccessful authentication, streamlining the audit process and helping IT teams identify errors and issues on the network.
The Infoblox solution supports the security of two-factor authentication the entire time a user is logged into the NIOS 6.4 or higher interface. If the user’s smart card is no longer physically connected to a card reader, the Infoblox GUI will lock and require the user reinsert a smartcard and reauthenticate.
Infoblox solutions are currently used in every classification level in the federal government, from unclassified to SCI clearance. Our products and solutions are approved for use by the intelligence community, and certified at the highest levels, including: