TrustZero

TrustZero

Home>Products>TrustZero

Enterprise-Level Continuous Validation

Organizations that rely on high-assurance physical access control systems (PACS) to help protect their facilities from unauthorized access need robust validation systems. Given the number and types of certificate issuers within a given trust community, the validation process is quite complex, especially in a community like the Federal Public Key Infrastructure (FPKI).

Unfortunately, some client and server operating system validation processes are not 100% reliable. They do not always communicate effectively with each other, authentication servers, or certification authorities (CAs) and their protocols are difficult or impossible to understand. It’s like playing a game of operator with two cans and a fraying string while trying to figure out whether to let someone into a facility.

The Solution

During a decade of testing and certifying FIPS 201-compliant products for the federal government’s Federal Identity, Credential, and Access Management (FICAM) program, CertiPath noticed deficiencies in the models that the first generation of validation systems were built on. Those observations, coupled with CertiPath’s extensive PACS experience, cloud experience, and the PKI expertise it leverages to run the CertiPath Bridge CA, prompted the company to develop a validation system solution for high-assurance PACS.

Backed by continuous monitoring, TrustZero is a cloud-based tool that provides enterprise-level continuous validation for PACS. It works in conjunction with CertiPath’s popular TrustMonitor™ credential validation platform, which performs 24/7 monitoring for the PKI trust fabric. Whether an organization has one PACS or several, TrustZero provides a single network location to respond to all validation queries for all credentials within a trust federation.

When paired with TrustMonitor Enterprise, TrustZero can provide this same validation for credentials issued by local trust CAs for intranets, internal networks, VPNs, non-person entities, Internet of Things (IoT) devices, and other items that are issued certificates from private CAs.

Regardless of the number and type of certificate-bearing items presented for PACS authentication, TrustZero consolidates all validation responses as a service. Whether an organization needs to validate credentials from a public CA, a private CA, or both public and private CAs, TrustZero handles them all.

 

Cloud Based, Secure, and a Whole Lot More

In the federal sector there’s an impetus to move validation off site, even for on-premises applications like PACS. As mandated in Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” civilian agencies must adopt cloud technology and Zero Trust Architecture. Per EO 14028, the Zero Trust security model “requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.” Cloud-powered TrustZero helps satisfy those requirements by communicating with every CA and checking its Certificate Revocation List (CRL) every 60 seconds. That’s as close to real time as you can get.

TrustZero complies with:

  • HSPD-12
  • FIPS 201
  • Federal Common Certificate Policy
  • PKIX Path Building
  • EO 14028/OMB 22-09/Zero Trust