How the DoD Trusted August Schell with their PKI, and Why You Can Too

Since 2003, August Schell has been directly supporting the Defense Information Systems Agency (DISA) with engineering the DoD Public Key Infrastructure (PKI). The DoD PKI provides a trusted identity management infrastructure through software and hardware to bind keys for encrypting and decrypting messages and the associated user’s identity, ensuring they are authentic via a Certification Authority.

The DoD PKI is the world’s largest and August Schell’s software and system engineers have provided architectural, design, developmental and deployment support to the foundation which is built upon Red Hat’s open source technology.  August Schell’s engineering effort has focused heavily on the configuration of the Red Hat Security Solution (a combination of several products, including the Red Hat Certificate System and Red Hat Directory Server) to support the massive scale of the system to support issuance of up to 50-million certificates.  The Red Hat Certificate System provides certificate life-cycle management to issue, renew, suspend, revoke, archive and recover, and manage single and dual-key X.509v3 certificates needed to handle strong authentication and secure communications for the DoD.

PKI certificates generated by the system are provisioned onto smartcards, known within the DoD as the Common Access Card (CAC).  Every DoD employee, including our boys in uniform who are in foxholes around the world, possesses a CAC that provides access to specific resources as governed by their unique certificate profiles.

The DoD PKI works not only for identification, but also for role-based policies.  August Schell has supported the creation and implementation of unique certificate profiles for individuals with different roles within the DoD.

Today the DoD PKI also serves as a Common Service Provider to many non-DoD government agencies.  Many civilian agencies which cannot afford to stand up an agency specific PKI, now leverage the DoD PKI to support some of their HSPD-12 objectives.  To provide the means for the DoD to work as a common service provider, August Schell software engineers are extending the capabilities of the DoD PKI to provide a more powerful and configurable user interface to support the demands of multiple agencies.

What we’ve delivered to the DoD:

  • Configured and deployed simpler, yet more secure, next generation certificate authorities to the DISA data centers.
  • Extended the DoD PKI to enable the Common Service Provider capability to service non-DoD government agencies.
  • Developed the capability to provision PKI credentials onto mobile devices (derived credentials).

PKI as a Solution for Safeguarding Your Data, Employees, and Organization 

“PKI is the only solution that achieves true end-to-end identification and authorization. It provides the highest level of assurance that the person who possesses the credentials is who they say they are and is the best answer for providing secure e-commerce and electronic communication.”

-Bill Schell, Founder & CEO at August Schell

Today, user IDs and passwords provide a false sense of security in the virulent cyber threat environment we live in.  User IDs and passwords do very little to allow a user to ascertain that they are in fact communicating with the person or service with which they believe they are communicating.

PKI is critical to the foundation of a strong security posture.  It enables security teams to establish the identity of people, devices, data, and services. PKIs go way beyond the use of user IDs and passwords, employing cryptographic technologies such as digital signatures and digital certificates to create unique credentials that can be validated beyond reasonable doubt and on a massive scale.

The use of digital certificates allows an organization to generate unique credentials which can be authorized with certainty, on a large scale.

Given the dominance of digitalization, the Internet of Things (IoT), and mobility, PKI authentication is needed for a diverse range of endpoints: desktops, tablets, smartphones, mobile banking, and more.  With PKI, it is possible to encrypt data over the internet and assure e-commerce security.  PKI can be used to sign software, transactions, and documents, ultimately confirming the validity of both sides of a transaction as well as their integrity.

August Schell and PKI

PKI is a highly effective foundational tool for cybersecurity. August Schell’s team of highly seasoned PKI experts are prepared to assist you with your PKI questions and projects. Our PKI engineers are here to help with software, support, and configuration. If your security team has the need to deploy a PKI, or has questions about the health of your current PKI, contact an August Schell specialist, or call us at (301)-838-9470.

To further improve your cyber security posture, also ask us about implementing Splunk Enterprise Security to provide you with better insight into your security technologies through analysis of your machine data, ultimately creating a stronger overall security posture.