There are only 8 weeks left before the Defense Federal Acquisition Regulation Supplement (DFARS) deadline, and now is the right time for US government contractors to secure Active Directory users. DFARS was structured to protect unclassified US Department of Defense (DoD) information on a contractor’s internal information system from cyber incidents, and to minimize the loss of information via cyber incident reporting and damage assessment processes.
Government contractors are required to implement the mandatory controls for Controlled Unclassified Information (CUI) detailed in NIST SP 800-171, a key component of which is to implement multi-factor authentication (MFA) for accounts that access privileged data.
“Whether you're implementing DFARS/NIST, PCI, HIPAA compliance, or just moving to strong authentication, securing your user accounts with static passwords isn't enough anymore. The AuthLite two-factor system for Active Directory is inspired by the simple model of YubiKeys, and designed to solve this issue,” said Greg Bell, CEO and Founder of AuthLite.
Together, Yubico and AuthLite offer a joint solution for government contractors and organizations seeking DFARS compliance. AuthLite systems natively support YubiKeys so organizations can meet the multi-factor authentication requirements for local and network access outlined in the DFARS clause.
AuthLite enables your organization to natively process MFA in your Domain Controllers and connected systems, giving you the flexibility to implement YubiKey MFA to servers, computers, and users of your choice. AuthLite also gives your organization the opportunity to add YubiKeys for users at any time, and can quickly provision new YubiKeys as your organization grows.
The multi-protocol YubiKey is built to address privacy, validation, and compliance requirements across various standards and directives, including FIPS and NIST. The YubiKey combines three of the permitted authenticator types from the latest NIST digital identity guidelines in one physical device: OTP, FIDO U2F, and smart card / PIV-compatible / OpenPGP. In the same guidelines, NIST recognizes FIDO U2F at the highest authenticator assurance level, AAL3.
The YubiKey is loved by millions across the globe for its simplicity, security, and affordability. Your users will love the ease of use of the combined YubiKey and AuthLite solution.
How it works:
- Simply press the YubiKey contact to enter a One-Time-Passcode (OTP)
- Type the Active Directory password as usual
Behind the Scenes
On the Domain Controller, AuthLite validates the OTP, and changes the user's Kerberos ticket to contain an extra "two-factor tag" group. That way, your domain services can check whether a user logged in with one or two-factors, and decide whether to grant or deny access to sensitive resources.
“AuthLite's unique power and flexibility comes from working with your Domain Controllers to improve the authentication in the core of your domain instead of just around the perimeter. Even in simple networks, each customer's configuration might be different. We even provide Interactive Documentation, walkthrough videos, and include remote engineering assistance to make sure your multi-factor deployment is secure,” said Bell.
Fun fact! AuthLite became Yubico’s first enterprise partner in 2009. With this joint solution, AuthLite and Yubico are ready and excited to help organizations and government contractors achieve DFARS compliance by the December 31 deadline.
Yubico is proud to highlight AuthLite as part of an ongoing YubiKey ecosystem awareness program. Visit our Featured Solutions page to learn more about other products and services that support YubiKeys.