Yesterday we extended our free Centrify Express security and management offerings beyond UNIX, Linux, Mac, iOS and Android to include free smartcard support for the Mac environment. One specific use case is that it enables US Government civilian and defense agency employees and contractors to use for free any CAC, CACNG and PIV Smart Card on Mac OS X for secure two-factor authentication to web resources, VPN and encrypted email. In this blog post I will discuss this capability in a bit more detail.
So what exactly are we offering? Centrify Express for Smart Card provides essential capabilities for any user that requires smart card authentication for their day-to-day tasks, including:
- Access protected websites, including Federal and DoD sites like NCMI webmail / NCMI OWA, Navy webmail / Navy OWA, Army OWA / Army Outlook web access, NROWS, AKO and DTS, using popular web browsers
- Send and receive signed and encrypted S/MIME email using Apple Mail and Microsoft Outlook 2011
- Certificate authentication for VPN clients running on Mac OS X
- Supported smartcards include the Personal Identity Verification (PIV) card, the Common Access Card (CAC) and the CAC Next Generation (CAC NG) card
- Support for Snow Leopard (10.6), Lion (10.7), and Mountain Lion (10.8)
So what are the benefits of this? Centrify Express for Smart Card has a number of benefits for organizations and mobile workers accessing protected resources from Mac OS X systems.
- Strong authentication via smart card and PIN provides the highest level of identity assurance for access to protected applications and sensitive info
- Easy install of Express for Smart Card means you can use your personal Mac system on the road or at home to securely access critical information required for your job
- Express for Smart Card with community support delivers more capability than any other free offering, plus you have the option to upgrade to Centrify DirectControl for Mac OS X Smart Card Edition for comprehensive Active Directory integration and complete smart card functionality
Why is this needed, especially for US Government employees and contractors? Strong authentication via smart cards and PINs provides the highest level of identity assurance for access to protected applications and sensitive information. Centrify’s support for smartcards helps government employees and contracts meet Homeland Security Presidential Directive 12 (HSPD-12) that calls for a mandatory, government-wide standard for reliable and secure forms of ID issued by the federal government to its employees and employees of federal contractors for access to federally-controlled networks and facilities. Specific to the Mac environment, Apple decided to deprecate support for smart card services in Mac OS X, so Mac users need something.
Hence this new “Federal government PIV” and “MilitaryCAC” solution from Centrify gives users flexibility and delivers additional security by providing robust smart card authentication from their personally owned Mac OS X computers when accessing government or corporate web sites. This means easy access to NCMI webmail, Army OWA, the Defense Travel System (DTS) MyPay, the Navy Reserve Order Writing System (NROWS), NSIPS, AKO webmail, Navy NKO, USMC OWA, etc.
What is the cost of Centrify Express for SmartCards? Unlike other vendors who charge our government and military personnel $29.95 to get this basic Federal PIV and Military CAC capability on the Mac, we offer it for FREE and provide robust online support. Centrify honors the service of our military men and women as well as the efforts of our federal employees, and as part of our appreciation for their work we wanted to make this offering free of charge to them. We hope Centrify Express for Smart Cards makes the job of accessing their networks a little bit easier while also making their networks more secure and reliable. You will of course need to get a CAC card reader for the Mac.
Any other final thoughts? Yes, this is another example of our commitment to the specific security needs of the US Government. Centrify’s ongoing commitment to the Federal Government market is demonstrated by its Common Criteria evaluation, as well as by its Certificate of Networthiness (CON) from the U.S. Army NETCOM. Centrify’s solution is the industry’s only Active Directory bridging product to have entered into the Common Criteria evaluation, and to have achieved both CON and FIPS certifications. Centrify earlier this year was accepted by the Certification Body for the Canadian Common Criteria Evaluation and Certification Scheme into its certification program. In addition, Centrify DirectControl for Mac OS X has also received the Department of Defense (DoD) Joint Interoperability Test Command (JITC) certification for support of Common Access Cards (CAC) Smart Cards and strong authentication. We also support CAC and PIV smartcard authentication for Linux.