Functional Architect

Position: Functional Architect

Location: Remote

Duration: 12 months

Rate: Open

Interview: Video

Job Responsibilities:

The project aims to implement MultiFactor Authentication (MFA) solutions for the Criminal Justice Information Services (CJIS) in Pennsylvania. The project consists of two (2) major tasks. First is to determine and deploy a CJIS compliant MFA solution. Second is to address a CJIS compliant approach for address machine registration and identification. The project involves integrating various technologies and services including Azure Microsoft Entra Active Directory (AD) Commonwealth Public Key Infrastructure (PKI) AD certificate services Commonwealth applications IBM Secure Verify and potentially a Card Management System (CMS).

Position:

Functional Architect Will be responsible for designing implementing and overseeing the FIDO (Fast Identity Online) authentication framework within the project. The architect will work closely with the project team to ensure the successful architecture and integration approach of FIDObased MFA solutions into the existing infrastructure and Public Safety applications.

Responsibilities:

Architectural Design: Develop a comprehensive architectural design for the integration of FIDObased MFA solutions with the existing systems including Azure Microsoft Entra AD Commonwealth PKI certificate services and Commonwealth applications.

Technology Evaluation: Evaluate FIDO2 security keys smartcards and Windows Hello for Business as potential authenticators to meet the CJIS Security Policy requirements.

Compliance Assurance: Ensure that the FIDObased MFA solutions comply with the CJIS Security Policy CJIS Requirements Companion Document NIST SP 80063 guidelines and other relevant regulatory requirements.

Integration and Testing: Oversee the integration of FIDObased MFA solutions with the existing infrastructure conduct thorough testing and ensure seamless interoperability.

Documentation and Training: Prepare detailed technical documentation guidelines and training materials for the implementation and maintenance of FIDObased MFA solutions. This includes working with solutions architects designers and developers within public safety.

Requirements:

Experience:

Proven experience in designing and implementing FIDObased authentication solutions preferably in the context of CJIS compliance. Proven experience and working knowledge of unified endpoint identification registration and authentication preferably in the context of CJIS compliance.

Technical Expertise:

Indepth knowledge of FIDO2 security keys smartcards Windows Hello for Business and their integration with Azure Entra AD and other relevant systems.

Regulatory Knowledge: Familiarity with CJIS Security Policy NIST SP 80063 guidelines and other relevant regulatory frameworks.

Communication Skills: Strong communication and collaboration skills to work effectively with crossfunctional teams and stakeholders.

Deliverables:

Comprehensive architectural design for FIDObased MFA and device registration and integration which starts with workstation CJIS MFA secured logon and moves towards CJIS MFA security at the application(s).

Phased approach and timeline for achieving the full architectural design. The first focus should address the FIDO2 MFA with users starting with the Pennsylvania State Police and rolling out to the other Public Safety Deliver Center Agencies. The second focus should address machine registration and identification.

Evaluation report on FIDO2 security keys smartcards and Windows Hello for Business.

Evaluation report on machine registration process and existing repositories; Microsoft Intunes Workspace One and AD.

Application integration guidance and compliance assessment documentation for integrating the FIDO security solution. This document will be used solutions developers and application support configuring thirdparty hosted applications and solutions.

Integrated and tested FIDObased MFA solutions including a break glass solution.

Technical documentation and training materials.

Timeline:

The Functional Architect will be engaged to complete the architectural design phased implementation approach and documentation to assist architects and solutions team with the implementation of the CJIS MFA and end point solution.

Conclusion:

The Functional Architect will play a crucial role in ensuring the successful implementation of multifactor authentication solutions for the CJIS project in Pennsylvania contributing to the security and compliance of the Commonwealths criminal justice information systems.

Citations:

The CJIS Security Policyv5.9.2 introduced important revisions in Section 5.6 Identification and Authentication (IA) and Section 5.15 System and Information Integrity (SI)among other changes. Of particular significance to law enforcement and criminal justice agencies using cloud services for the transmission storage or processing of CJI are the updated multifactor authentication (MFA) requirements for identification and authentication of organizational users.

Microsoft Entra ID supports both authenticator and verifier NIST SP 80063B AAL3requirements including the underlying FIPS 140 validation requirements. Microsoft Entra ID support for NIST SP 80063B AAL3 exceeds the CJIS Security Policy MFA requirements.

In Microsofts continuous effort to provide resources and guidance to agencies to help them meet their CJIS regulatory requirements Microsoft collaborated with CJIS Security Analyst and Subject Matter Expert of the CJIS ACE Division at Diverse Computing and former CJIS Information Security Officer (ISO).

Fast identity Online,functional Architect