Office of the Chief Information Officer

United States Department of Agriculture

Central Authentication and Role Based Access Controls Service


Service Description

The Central Authentication service uses a Microsoft Active Directory domain installed on Windows 2012 R2 servers leveraging virtual machine infrastructure dispersed among multiple data center locations for high availability and fault tolerance. The Central Authentication System (CAS) provides a highly available authentication and directory services solution for Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Managed Hosting customers.

What is Included

The primary focus of the Central Authentication & Role Based Access Controls (CA-RBAC) service is to establish Elevated Privilege (EP) controlled access into hosted resources. All data center infrastructure and hosted customer systems inside the data center’s logical security boundaries use the system today. For servers and various other forms of resources which reside within the USDA Universal Telecommunications Network (UTN) Trusted Internet Connection (TIC) such as IaaS or Managed Hosting, the CA-RBAC service can be extended into other boundaries for customers. If a domain trust is required to establish pass-through authentication services from a different credential store or identity provider, the Digital Infrastructure Services Center's (DISC's) CA-RBAC system can support that type of interconnectivity.

How We Charge

  • A flexible cost structure that allows customers to pay only for the devices that are connected to the Central Authentication System.
  • All maintenance is inclusive in the monthly utilization fee.

Service Level Metrics

Measure Target SLA
Authentication Service 24 x 7
System Monitoring 24 x 7
Incident Response 24 x 7

* - DISC reserves the option to schedule routine infrastructure maintenance activities on Sundays between 1800 to 2400 hours Central Time.

Cost Saving Tips

  • If device no longer used, make sure to request decommission so that device is no longer billed for CA-RBAC service.

Additional Information

  • If external authentication or RBAC systems need to interface with the CA-RBAC service, an Interconnection Security Agreement (ISA) will be established between organizations. The ISA will define how the interconnectivity will be used, any risks, and what security controls are associated with the interconnectivity for both parties.

Contact Us: