(301) 760-7604

Identity Management

Authentication and Authorization Technologies

Ideal for


Complex Technology

Identity and access management affects nearly every organization, to one degree or another. It is an exceptionally complex technical area, including identification, authentication, and authorization. A wide array of software and hardware solutions have grown to fill the technical needs defined by these concepts, the correct configuration of which being paramount to ensuring proper access to corporate systems and data.

  • Identification refers to the need to validate a user’s identity, prior to the assignment of security credentials – including hardware tokens like smart cards, and logical tokens like usernames and passwords. The corporate processes around this function are frequently prone to social engineering attacks, for example helpdesk impersonation, and require regular testing and training to maintain proper control of security tokens.
  • Authentication (AuthN) refers to the confirmation of a user’s identity to an automated system, including both physical (e.g., gates and turnstiles) and logical (e.g., computer networks and corporate applications) access. Public key infrastructure (PKI), hardware tokens, and biometric solutions are commonly implemented, to provide the higher assurance of multi-factor authentication. It’s true that AuthN solutions can be exceptionally complex, especially given the mobility and collaboration requirements of most large organizations. As a result, there are a significant number of security controls that must be assessed and validated to ensure that proper security posture is maintained across all physical and logical systems.
  • Authorization (AuthZ) refers to the level of resource access granted to authenticated users, including both physical (e.g., room access) and logical (e.g., application and data) access. There are a number of different AuthZ concepts that may be suitable, given the level of assurance required – including discretionary access control (DAC), role-based access control (RBAC), and attribute-based access control (ABAC). The implementation and configuration of a suitable AuthZ solution requires extensive knowledge across multiple domains, and a deep understanding of corporate data handling goals. Regular security testing is also required.

Extensive Capabilities

Aerstone’s service offerings in the IdAM and PKI space include:

  • Security training and consulting
  • Microsoft Active Directory design, implementation, and migration
  • Design metadirectory and virtual directory solutions
  • Implementation of HSPD-12 compliant PKI solutions
  • Architecture of single sign-on (SSO) and reduced sign-on strategies
  • Design and implementation of authorization strategies, including RBAC and ABAC models
  • Security testing of PKI-enabled applications and websites
  • Implementation of identity federation solutions

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.

We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and private industry.

More Products

PCI Compliance

PCI Qualified Security Assessments for payment card acceptance


CMMC Readiness Assessments for DoD Contractor Companies

Red Flag Rules

Compliance With FTC Identity Theft Legislation

Connect with Aerstone’s cybersecurity experts today.

Let us know what you’re interested in and we’ll get back to you within 24 hours.