Keytos taps Carahsoft to bring passwordless identity to govt agencies

Keytos Security and Carahsoft Technology Corp. have a new partnership aimed at expanding the availability of passwordless authentication and public key infrastructure (PKI) solutions to government agencies.

Carahsoft will act as Keytos Security’s Master Government Aggregator, distributing the company’s identity and authentication products to public sector customers, with the company a major supplier to the U.S. government.

There is a growing demand among government agencies for phishing-resistant authentication and zero trust architectures, with U.S. federal cybersecurity directives such as Executive Order 14028 and guidance from the Cybersecurity and Infrastructure Security Agency (CISA).

Passwordless authentication, typically based on certificate-based credentials rather than shared secrets, is increasingly seen as a way to reduce risks associated with credential theft and phishing. The partnership leverages Carahsoft’s network of reseller partners and established procurement contracts, including NASA SEWP V, ITES-SW2, NASPO ValuePoint, TIPS, E\&I Cooperative Services and The Quilt.

“The enterprise-grade platform simplifies passwordless identity, enabling agencies to reduce vulnerabilities while automating complex security operations and identity workflows,” says Tyler Nelson, sales manager leading Keytos at Carahsoft.

Keytos Security’s offering includes a cloud-based PKI platform EZCA Cloud PKI, which is designed to replace or complement on-premise certificate authority infrastructure. The system is supported by hardware security modules (HSMs) aligned with FIPS 140-3 Level 3 requirements, providing certificate issuance and lifecycle management in a hosted environment.

The company’s broader platform supports certificate-based authentication across multiple use cases. These include smart card and security key onboarding aligned with Personal Identity Verification (PIV) standards, network authentication using EAP-TLS through a cloud RADIUS service, and short-lived certificate issuance for secure access to systems such as Linux servers and code repositories. The use of short-lived credentials is intended to reduce reliance on persistent access tokens and standing privileges.

The solutions can operate across cloud, hybrid and on-premise environments, and are available in Microsoft Azure commercial and government cloud deployments. The products are aligned with compliance frameworks such as the Federal Risk and Authorization Management Program (FedRAMP) and the Cybersecurity Maturity Model Certification (CMMC), which are commonly required for public sector deployments.

Article Topics

Carahsoft  |  digital identity  |  identity access management (IAM)  |  passwordless authentication  |  PKI  |  U.S. Government