Our Commitment to Patching

Marc BoorshteinCompliance, Identity Management, Linux, Open Source, Patching, Security

In the wake of the Equifax breach, we thought it was important to declare how dedicated we are to making sure the latest and patched libraries are in Unison, OpenUnison and MyVirtualDirectory. Security is hard, complex systems are hard and bugs are inevitable. The Struts team gave a great response to Equifax’s declaration that a bug in their software was … Read More

Marc BoorshteinOur Commitment to Patching

ICAM on a Purchase Card

Marc BoorshteinCompliance, ficam, icam, Identity Management, Implementation Costs, Open Source, sso, user provisioning

If you’ve done any work for or with the US federal government, you’ve heard the acronym ICAM or FICAM.  It stands for the Federal Identity, Credential and Access Management standards outlined at https://gsa.github.io/ficam-arch/.  These are a set of standards agencies should follow when it comes to identity management, items like using your PIV cards for authentication and providing audit frameworks.  In … Read More

Marc BoorshteinICAM on a Purchase Card

OpenShift Compliance and Identity Management

Marc BoorshteinCloud, Cloud Native, Compliance, Identity Management, Implementation Costs, Open Source, OpenShift, Red Hat

The OpenShift team at Red Hat has put together a GREAT compliance guide for OpenShift.  This doc does a great job detailing each control in NIST 800-53.  There’s one major compliance issue that this document explicitly leaves to the “Organization” – identity management.  As you go through this document you’ll notice that nearly every control that deals with identity management … Read More

Marc BoorshteinOpenShift Compliance and Identity Management