Identity Services

  • Home
  • Identity Services

Professional Services & Consulting

Trusted digital identities are one of the most important components to securing your digital and physical assets.

CertiPath, though its capacity as a trust framework provider, is uniquely positioned to assist both enterprise personnel and vendors better understand the role identity plays in the security and integrity of critical communications and resources. CertiPath’s team of subject matter experts is among the majority of authors, inventors and top practitioners in the emerging identity space and has consulted on products, processes, and policies for numerous high profile commercial and government entities.

The scope of our professional services have included:

  • Application development leveraging Federal Information Processing Standard 201 (FIPS 201) conformant Personal Identity Verification (PIV) credentials and PIV Interoperable (PIV-I) credentials;
  • Design and testing of Enterprise Physical Access Control Systems (E-PACS) and their secure use of PIV/PIV-I/CAC/CIV credentials;
  • Public Key Infrastructure (PKI) and interoperability with the Federal PKI trust fabric;
  • Facility compliance assessments against all “next generation” Federal physical security and identity management mandates.
  • Security Policy Development: We develop, deploy, review, and enforce security policies that satisfy business objectives and government regulations.
  • Security Requirements Traceability Matrix (RTM): We develop RTMs that trace requirements from source documents to test document.
  • Security Architecture: We develop security architectures and conduct architecture reviews.
  • Threats, Vulnerabilities, Risks, and Countermeasures: We identify principal threats that might be faced by the system; categorize vulnerabilities and residual risks; perform risk and vulnerability assessments; and identify and implement countermeasures.

Services Include

Services include design, testing, and implementation capabilities for systems that leverage credentials and attribute based information. This includes applications
focused on:

  • HSPD-12
  • FIPS 201
  • PIV/PIV-I and PKI markets
  • E-PACS
  • Identity Federation

Federated Trust

Federated Trust offers a secure and efficient means of exchanging information – eliminating the costly and complex process of individually mapping PKI/hardware tokens and issuing project-specific credentials for every new customer, supplier, or partner.

The CertiPath Public Key Infrastructure (PKI) Bridge enables cross organizational trust for its members, who operate high assurance identity credentialing systems known as Enterprise PKI, and several of whom are providers of Personal Identity Verification – Interoperable (PIV-I) credentials to other organizations. This Bridged trust is characterized by a hub-spoke peer-to-peer environment where all of the members retain control over their individual trust domain policies and technical solutions, but agree to a common set of overarching requirements embodied in Federated Trust. Each member establishes parity with Federated Trust’s requirements, which in turn enables the trust between them.

As an alternative, for those organizations not interested in maintaining a distinct trust domain, CertiPath affords the option of electing to adopt the CertiPath policy and subordinating under the CertiPath Root. In this scenario, the member organization must operate its identity credentialing system in accordance with CertiPath’s policies.

CertiPath’s trust community extends beyond its own enterprise members to the U.S. Federal government via a Bridge-to-Bridge trust relationship between CertiPath and the U.S. Federal Bridge, which operates its own hub-spoke peer-to-peer environment for the U.S. Federal agencies. This hub-to-hub relationship enables inter-organizational trust between the members of the two Bridges.

Learn More

Physical Access

Email continues to be a primary attack vector for malware and phishing identity scams. Some enterprises have tried to incorporate certificate-based systems not realizing that not all signed emails or certificate authorities can be trusted. CertiPath’s TrustValidator™ monitors incoming emails, analyzes the certificate being used to sign the email, and advises the user on the trustworthiness of that email before exposing them to possible threats.

Physical Access supports key stakeholders with services designed to achieve the highest level of assurance in PKI-based PACS including: requirements analysis, implementation assurance, program management, product certification, design services and partner certification.

Learn More

System Design Services

CertiPath’s personnel are among the majority of authors, inventors and top practitioners in the emerging space leveraging PIV in in all application spaces: E-PACS, Federation, Logical Access.

As leaders in the HSPD-12, FIPS 201, FICAM, PIV/PIV-I and PKI markets, there are areas where the technology presents operational challenges to applications that leverage PIV/PIV-I credentials. CertiPath has placed a great emphasis on addressing operational challenges by providing services that solve these challenges head-on. CertiPath offers strategic services that have the potential to greatly enhance the CyberSecurity posture of the Federal enterprise.

Learn More

About CertiPath

CertiPath focuses on the use of digital identity in the modern connected world. Trusted digital identities are one of the most important components to securing your network, data and buildings but achieving ubiquitous trust online has been a challenge for 30 years.

Contact Us
  • Address: 11921 Freedom Drive
    Suite 710, Reston, VA 20190, USA
  • Toll Free: 1.855.758.0075
  • Phone: 1.703.793.7870
  • Email:
© 2016 CertiPath®. All rights reserved. CertiPath® and the CertiPath® logo are trademarks of CertiPath®. Privacy  ⁄  Terms of Use