Share

SynchroSIP


SynchroCyber developed SynchroSIP, a COTS application, to provide USAccess bi-directional client (agency) side interface with the USAccess SIP.  SynchroSIP allows USAccess client agencies to manage their PIV data, business, and functional requirements, which are available through this interface. The agency must sign up for this service through the GSA USAccess MSO for SynchroSIP to function.

SynchroSIP is a Service Infrastructure Provider (SIP) client agency interface to USAccess. The operational capabilities are divided into the following modules::

  • SynchroSIP Module: Client application that runs as a service providing scheduled updates to the agency’s data. Translates and maps USAccess values to DHS CDM values to assist agencies with Master User Record (MUR) reporting. Data that a USAccess client agency may access is based on that Agency’s/Subagency’s NIST SP 800-87 codes.
  • SynchroSIPAPI Module: A REST API interface to request a USAccess Web method/function to be executed immediately vs. waiting for the hourly update to run.
  • SynchroSIPAD Module: Runs as a service to query Microsoft Active Directory (AD). This service reads a user value from the SynchroSIP database, queries the associated user in Active Directory, and maps them to the Department of Homeland Security (DHS) Continuous Diagnostic and Mitigation (CDM) values. For certificate-based authentication, this module allows the agencies to map fields from the PIV Authentication Certificate to the user’s SecAltID fields in the active directory to meet Microsoft Security Update KB5014754.
  • SynchroSIPOD Module: This client application runs “On Demand.” This allows the customer to specify a time frame to request a data update. For example, run an update for everything since January 1, 2010. It also allows a single NIST SP 800-87 component to be updated or an individual user by USAccess Person ID.
  • SynchroSIPGUI Module: A web service that runs as a Graphical User Interface (GUI) to visualize the customer's data available within the SynchroSIP database. This is where reporting is located. There are standard reports and the ability to create custom agency reporting based on USAccess SIP attributes. The roles with access to the GUI have different permissions to control what USAccess data they can view or update.

Background:

SynchroSIP was developed to be used as the USAccess bi-directional client (agency) side system interface protocol (SIP) to connect with the USAccess system for the agency to create, update, and query sponsorship and adjudication data for PIV card applicants.

The SynchroSIP web service operates as the way for agencies to connect with the USAccess system and supports the following sponsorship and adjudication functions:

  • Create a new employee or contractor data record
  • Update an employee or contractor data record
  • Query an existing employee or contractor information
  • Query for a list of modified applicants within a specified time range
  • Query for a list of role holders within the agency
  • Query for checking if an applicant already exists within USAccess
  • Request USAccess to submit the Electronic Fingerprint Transaction System (EFTS) to the Defense CounterIntelligence and Security Agency (DCSA) as part of the background investigation process.
  • Query or take card action for applicant
  • Take post issuance action on applicant credentials
  • Delete erroneous records from USAccess
  • Mark terminated credential destroyed

With SynchroSIP, these capabilities are enabled by installing different modules within the solution. The current version of the USAccess Interface is 4.8.2 (November 2022) and is fully compliant with this version.

Web Service Security:

SynchroSIP was developed using Microsoft Windows Communication Foundation (WCF) within the Microsoft .NET framework. It provides a custom Simple Object Access Protocol (SOAP) binding.

The components of this binding satisfy all aspects of the WS-Security requirements within the WS-Trust specification by requiring SOAP signatures to assure message integrity, SOAP encryption to ensure confidentiality, and SOAP tokens to ascertain the sender’s identification.

The connection between the SynchroSIP client and the database may be encrypted when a certificate is deployed/installed on the database server.

Synchrocyber

contact

Main office

SynchroCyber Corporation, an SBA Certified HUBZone company, designs and delivers digital identity, credentialing, and access management (ICAM) solutions across the physical and logical domains. SynchroCyber provides expert professional services and information and network security to mitigate modern security challenges organizations encounter on a daily basis.


Name
Email
Message
0 of 350

Copyright SynchroCyber Corp.