The Veterans Health Agency (VHA) needed expertise in integrating disparate, decentralized applications, policies, and procedures to support their Identity and Access Management (IAM) program. Tasks required were for configuring, management and maintainingan identity management solution that would include installation of industry-standard LDAP COTS solutions to fit the VHA IAM needs, providing single sign-on, PIV authentication, and account authorization.
ASG successfully supported the IAM program by writing a five-year roadmap, which fulfills the goals of sixteen major security initiatives and directives issued by the VA Secretary, OMB, and the White House on IAM requirements to meet HSPD-12 regulation requirements, establish authoritative data sources for identity, and implement unique identifiers for verifying patient identity that can be used for interoperability between e-Exchanges, systems within VA, and outside partners.
Our team provisioned accounts in LDAP and SAML, automated legacy security control input, activity log capture, and implemented manual processes creating a reusable, uniform, consolidated security & access control environment.
The ASG team utilized IAM best-practices in meeting NIST and OMB security requirements and that the program is HSPD-12 compliant and in achieving successful outcomes for Patient Identity/PIV Card management, physical and logical access through various directory services and certificate based token support. ASG achieved overall customer satisfaction by reducing the number of user logins from nine to one single user login access, thus increasing security and enabling users to manage a single sign-on instead of nine separate user IDs and passwords. Because single sign-on is more secure than multiple access, the improved efficiency lowered security risks throughout the VHA enterprise and the improved efficiency met VA’s CRISP requirements resulting in lowered risk, and increased customer satisfaction.