The key to DFARS/NIST Compliance

November 1, 2017 3 minute read
authlite ecosystem showcase

There are only 8 weeks left before the Defense Federal Acquisition Regulation Supplement (DFARS) deadline, and now is the right time for US government contractors to secure Active Directory users. DFARS compliance was structured to protect unclassified US Department of Defense (DoD) information on a contractor’s internal information system from cyber incidents, and to minimize the loss of information via cyber incident reporting and damage assessment processes.

Government contractors are required to implement the mandatory controls for Controlled Unclassified Information (CUI) detailed in NIST SP 800-171, a key component of which is to implement multi-factor authentication (MFA) for accounts that access privileged data.

AuthLite Logo

Ecosystem Showcase: AuthLite 

Whether you’re implementing DFARS/NIST, PCI, HIPAA compliance, or just moving to strong authentication, securing your user accounts with static passwords isn’t enough anymore. The AuthLite two-factor system for Active Directory is inspired by the simple model of YubiKeys, and designed to solve this issue,” said Greg Bell, CEO and Founder of AuthLite.

Together, Yubico and AuthLite offer a joint solution for government contractors and organizations seeking DFARS compliance. AuthLite systems natively support YubiKeys so organizations can meet the multi-factor authentication requirements for local and network access outlined in the DFARS clause.

AuthLite enables your organization to natively process MFA in your Domain Controllers and connected systems. Giving you the flexibility to implement YubiKey MFA to servers, computers, and users of your choice. AuthLite also gives your organization the opportunity to add YubiKeys for users at any time, and can quickly provision new YubiKeys as your organization grows.

The multi-protocol YubiKey is built to address privacy, validation, and compliance requirements across various standards and directives, including FIPS and NIST. The YubiKey combines three of the permitted authenticator types from the latest NIST digital identity guidelines in one physical device: OTP, FIDO U2F, and smart card / PIV-compatible / OpenPGP. In the same guidelines, NIST recognizes FIDO U2F at the highest authenticator assurance level, AAL3.

The YubiKey is loved by millions across the globe for its simplicity, security, and affordability. Your users will love the ease of use of the combined YubiKey and AuthLite solution.

How it works:

Logging In

  1. Simply press the YubiKey contact to enter a One-Time-Passcode (OTP)
  2. Type the Active Directory password as usual

Behind the Scenes

On the Domain Controller, AuthLite validates the OTP, and changes the user’s Kerberos ticket to contain an extra “two-factor tag” group. That way, your domain services can check whether a user logged in with one or two-factors, and decide whether to grant or deny access to sensitive resources.

AuthLite’s unique power and flexibility comes from working with your Domain Controllers to improve the authentication in the core of your domain instead of just around the perimeter.  Even in simple networks, each customer’s configuration might be different. We even provide Interactive Documentation, walkthrough videos, and include remote engineering assistance to make sure your multi-factor deployment is secure,” said Bell.

Fun fact! AuthLite became Yubico’s first enterprise partner in 2009. With this joint solution, AuthLite and Yubico are ready and excited to help organizations and government contractors achieve DFARS compliance by the December 31 deadline.

Learn more about using AuthLite for DFARS compliance here.

Talk to Yubico about using the YubiKey for DFARS compliance here.

Yubico is proud to highlight AuthLite as part of an ongoing YubiKey ecosystem awareness program. Visit our Featured Solutions page to learn more about other products and services that support YubiKeys.

Share this article:

Recommended content


Combating ransomware attacks on your enterprise

What do a PC manufacturer, a meat supplier and a mental health clinic have in common? They have all been victims of ransomware attacks. They’re not alone. Ransomware attacks grew by over 485% in 2020, leveraging the new ransomware-as-a-service (RaaS) model of profit-sharing in exchange for ransomware tools.  One of the most infamous recent ransomware ...


Securing Your Critical Assets in an Ever-Changing Regulatory Environment

Learn how the YubiKey helps organizations meet global compliance regulations including FIPS, GDPR, HIPAA and others with modern strong authentication


Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary ...


Seven tips if you’re still scratching your head after reading Biden’s cybersecurity executive order

Yubico works with a lot of federal agencies and contractors, as well as with customers in regulated industries, so we understand the challenges new compliance regulations can bring. The executive order that was released May 12 can be seen as the federal government fully embracing the move toward multi-factor authentication (MFA) for use cases where ...