Introduction to Advanced Security

In EFT Enterprise, the Advanced Security module enables organizations to centralize their user access controls, improve productivity, and increase adherence to security policies.

Simplicity, Security, and Control

Employees use a growing number of usernames and passwords each day to access their company’s network portal, web mail, benefits system, cloud-based applications, and much more. This can lead to “weak” passwords or the overuse of a single password that, if stolen, can create vulnerability across multiple accounts, while also jeopardizing the security of your organization. Organizations need a solution that gives them more control to enforce strong passwords while providing a user-friendly solution that doesn’t impede or reduce productivity.

Powerful and Convenient Advanced Security Solution

Easily manage and maintain password security in one location. IT administrators face a constant conflict between being able to provide powerful security for their IT infrastructure and making systems easy-to-use for employees. Err too far on either side, and either security or productivity can be compromised.

FIPS-Compliant Ciphers and Algorithms

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state.

What does this mean for your organization?

Simplified Management of Authentication

Organizations and their IT administrators gain more control to enforce strong passwords while providing a user-friendly solution that doesn’t impede or reduce productivity.

Centralized Source of Authentication

With the Advanced Security module for EFT Enterprise, identity management is achieved through a centralized source of authentication. Web SSO provides users with the ability to input their credentials once to have secure access to multiple sites, apps, or resources via SAML support.

Remote Authentication Dial-In User (Radius) and RSA SecurID® Integration

Radius allows for integration with third-party solutions, such as SMSPASSCODE for text message verification as a second factor during authentication.

EFT Enterprise is compatible with RSA’s Authentication Manager (AM), version 8.1, for multi-factor authentication in conjunction with Globalscape, LDAP, and ODBC-authenticated sites. Globalscape is also an "RSA Secured" partner.

Common Access Card (CAC) Authentication Support

EFT Enterprise has a broader scope of coverage of Common Access Card (CAC) for PIV, which includes support for the PrincipleName or UPN identifier format and the more generalized RFC822Name support. In EFT, CAC is only available on LDAP-authenticated sites.

Compliance Support

EFT actively monitor compliance by alerting on non-compliance, identifying the cause of non-compliance, allowing reverting of security controls, and implementing mitigation/workaround techniques. The Auditing and Reporting module (ARM) captures all of this activity in a fully relational database.