Webinar: PKI Insights - Energy Utility PKI Cybersecurity in Critical Infrastructure (CIP) Environments by PKI Solutions
Schedule a Demo
Blog June 24, 2020 Assessments, Assurance, Certificate Templates, Certificate Validation, Certificates, Certutil, Configuration, Crypto Providers, DCOM/RPC, Enrollment, Hardware Security Modules, Hash Algorithms, Hotfixes, Known Issues, Maintenance, OCSP, Offline CA, Online Portal, Permissions, PKI, Products

Announcing the Online PKI Assessmental Portal

by Mark B Cooper

I am extremely proud to announce that today we have launched our Online PKI Assessment Portal. This new service is the first of its kind to offer online, automated, self-paced review and assessments of Microsoft ADCS based PKIs.

We have been performing onsite PKI Assessments for customers for years now. Typically focused on the design, health, and operations of the PKI – including all aspects of a typical PKI. The assessment is the best way to know the condition of your PKI and areas that need attention or are harboring issues that could cause an outage or cause a security concern.

Got a PKI Problem?

We can help! Learn more about custom PKI consulting and assessments.

Discover Consulting for Every PKI Need

We have been using automation and tools to collect this data and provide the foundation of the assessment analysis. With this data collection process, we could gather details on a PKI with twelve CAs in less than a few hours and create the base report in as little as five minutes. The same effort if done by manually crawling through all the CAs and capturing data would take a week!

But we faced a dilemma – the logistics of scaling the service to reach around the world and the costs associated with flying to customer sites and performing the assessments just wouldn’t enable us to reach a broader audience. That’s when we realized the tooling we had could be improved and made available for customers directly.

We also had the advantage over our competition as no one else performing assessments does it with any automation or tooling. The tool not only improves our efficiency of data collection, but also offers two things no one else can:

  • Automated data collection meant there were no missed details or transcription issues. If you are manually digging through details, you may miss something
  • Second, and most importantly, the assessment was objective! Since the tooling looked for the most common problems, we could objectively score and rate a PKI. There is no human element making a subjective opinion on a configuration, setting or condition.

So we set out to rewrite and redesign the assessment process. Through this almost year-long process, we created the Online PKI Assessment Portal. The portal will enable organizations to purchase either individual assessments or a 12-month subscription. Once licensed, you download our ADCS Collector tool to collect details about your PKI. All tools are human-readable PowerShell scripts based on the PSPKI module. This is done to ensure organizations know what we are doing and what we are collecting. You can read our output files as well – all human-readable.

Once collected, the configuration files are uploaded to our portal and within a few moments, your assessment is presented. You will see all the details of your PKI laid out and you will be presented with a Scorecard of your PKI health and recommendations/remediation steps you should take to improve the PKI.

The Portal will provide a snapshot of the report for future reference and is unaffected by changes to the portal. So you can have visibility of trending PKI health and details. Helpful for audit compliance or remediation verification. The online report can also be downloaded in PDF format for review and archive sake as well.

Lastly, we designed this with your data protection in mind. The portal is a fully multi-tenant design with no overlap or exposure between organizations. By default only you will have access to your reports and your uploaded configuration files will be deleted as soon as the report is built.

While it is not nearly as exhaustive as our Advanced Onsite Assessment where we can look at things like physical security, documentation, and CP/CPS compliance – the online portal is looking at the most common issues and configurations that are needed to keep your PKI healthy.

We will continue to update and add new areas to the tool – in fact, we already have a large GitHub of pending enhancements we have had to table until after launch.

The Portal also allows us to significantly lower the cost of a PKI Assessment for customers. Organizations can typically expect to pay $20,000-$30,000 for an onsite assessment.

The Online PKI Assessment Portal is available for purchase and immediate use for your organization. You can purchase individual assessments at $4,995 which is a fraction of the traditional cost. A 12-month subscription is only $12,500 and allows an unlimited number of assessments during the term. As many people will want to do an assessment, remediate the environment and perform a second assessment to verify their changes, the subscription option is a great value for most organizations. Download the Online PKI Assessment Datasheet Learn More/Purchase an Online Assessment

Related Resources

  • Blog
    March 7, 2024

    Why you are getting it wrong with Certificate Lifecycle Management

    Certificate Management, Certificates, CLM
  • Blog
    March 7, 2024

    PKI Insights – Avoiding PenTest Pitfalls

    Certificates, PKI
  • Blog
    February 6, 2024

    PKI Insights Recap – Microsoft Intune Cloud PKI

    BYOD, Certificates, Cloud, Enrollment, NDES

Mark B Cooper

President & Founder at PKI Solutions, Leading PKI Cybersecurity Subject Matter Expert, Author, Speaker, Trainer, Microsoft Certified Master.

View All Posts by Mark B Cooper

Comments

  • If a specific configuration item is measured as unhealthy, what detail is offered as to why the element was rated as having poor health and what guidance is offered in terms of recommended configuration and step-by-step how to guides to remediate the problem? Is this included in the offering today or is in development or would this be viewed as a lead generation tool for the consulting services or managed services offerings?

    • Hi Eric, we have worked to assemble guidance for remediating any areas that we are scoring and reporting on. The guidance is as specific as we could hope to get in a document form, it is intended to give you direction on how to improve a specific area. For instance, if you find that there is no password policy defined on your Root CA, something we flag, in our remediation documentation we point you to using a GPO or local policy and link you to a Microsoft article on creating that. We don’t specifically say your password policy should be XX characters. We will continue to improve the remediation recommendations by directly incorporating it into the site and the findings itself. For the time being it is a separate document.
      Our goal was to make the Assessment Portal completely self-sufficient that you could assess and remediate your own environment – as opposed to being dependent on our organization to provide remediation. Of course we would be happy to assist anyone that needs that assistance, it is not considered a lead-generation tool.

      • Thank you. That does help. One area that I know our assessment would be graded very poorly is on CRL, OCSP and AIA…those elements are essentially not configured at all and for us, paying for a one-time assessment would be a bit less about what is unhealthy or improper with our PKI but it would be more about getting to the targeted walk-through guides to remediate those areas we already know are unhealthy. Great work getting this resource built and launched, I’ll be watching it closely as you continue to invest in it.

  • Many organizations wouldn’t even know areas that are unhealthy, so you have a leg up on them. We hope that the over 100 areas we look at would also point out any other areas you may not know about. We will of course be continuing to expand and invest in the areas we cover and the remediation integration. I will personally attest that if we don’t have specific enough information to point you in the right direction for remediation in our existing documentation, we will provide that additional insight for free. While it can’t be step by step for every customer, we aren’t just about saying “Area X is bad” and leave you hanging.

Leave a Reply

Your email address will not be published. Required fields are marked *