Zero Trust • IL4/IL5 • SNCA • YubiKey PIV • Enclave Access Engineering
This repository showcases engineering work performed in federal IL4/IL5 and GCC/NSC environments, focusing on secure access, identity enforcement, endpoint compliance, and Zero Trust authentication workflows. All content is fully sanitized and demonstrates the architecture, automation, and troubleshooting patterns used to support high-assurance federal systems.
This repository contains four core areas:
- 📁
/docs— Architecture, deployment workflows, troubleshooting, and data dictionary - 📜
/scripts— SNCA routing validation, posture evaluation, tunnel diagnostics, MFA compliance, and audit SQL - ⚙️
/config— Sanitized templates for SNCA routing, posture policy, and enclave access rules - 🏗️
/architecture— Zero Trust diagrams, enclave routing layers, and identity flow breakdowns
This system secures access to IL4/IL5 and GCC/NSC federal environments by enforcing:
- Hardware-backed MFA (YubiKey PIV)
- Device posture validation (encryption, endpoint protection, compliance)
- Zero Trust continuous verification
- SNCA v2/v3/legacy identity routing
- IL4/IL5 enclave segmentation
- Secure tunnels (Zscaler, GlobalProtect)
- Full audit logging and compliance monitoring
Only trusted users on compliant endpoints can reach isolated federal enclaves. All authentication, posture, and access events are logged to maintain audit readiness.
Federal IL4/IL5 environments require high-assurance identity verification, strict device compliance, continuous Zero Trust monitoring, controlled enclave segmentation, and immutable audit trails.
This work ensures uninterrupted mission readiness by validating identity, posture, and access across secure enclaves—supporting operations where reliability and compliance are non-negotiable.
- Supported IL4/IL5 and GCC/NSC environments with strict compliance requirements
- Implemented and maintained YubiKey PIV MFA
- Hardened endpoints and enforced Zero Trust posture policies
- Troubleshot secure access failures across VDI, ServiceNow, and cloud systems
- Ensured alignment with federal baselines and enclave segmentation rules
- Collaborated with IAM, security, and compliance teams to maintain audit readiness
| Category | Technologies | Purpose |
|---|---|---|
| 🔑 Authentication | YubiKey PIV, SNCA v2/v3/legacy | High-assurance MFA + identity routing |
| 🏛️ Federal Environments | IL4, IL5, GCC High, NSC | Segmented, compliance-aligned tenants |
| 🖥️ Endpoints | Windows, VDI | Secure workstation and virtual desktop access |
| 🔐 Identity & Access | MFA, RBAC, SSO | Access control and identity enforcement |
| ⚙️ Automation | PowerShell | Access validation, posture checks, diagnostics |
| 📊 Monitoring | Audit logs, SIEM | Compliance visibility and traceability |
| 📋 Compliance | Zero Trust, IL4/IL5 baselines | Federal security alignment |
Federal-Security-Support/
├── architecture/
│ ├── architecture-summary.md
│ ├── architecture-diagram.md
│ ├── architecture-layers.md
| └── Federal_Zero_Trust_Access_Architecture.png
├── docs/
│ ├── deployment-overview.md
│ ├── troubleshooting-guide.md
│ ├── runbook.md
│ └── data-dictionary.md
├── scripts/
│ ├── access-validation.ps1
│ ├── posture-evaluation.ps1
│ ├── tunnel-diagnostics.ps1
│ ├── yubikey-compliance-check.ps1
│ └── il4-weekend-support-log.sql
├── config/
│ ├── snca-config-template.json
│ ├── posture-policy-template.json
│ └── enclave-access-policy.json
└── Color-coded_IL4-IL5.png
architecture-summary.mdarchitecture-diagram.mdarchitecture-layers.mdFederal_Zero_Trust_Access_Architecture.png
access-validation.ps1posture-evaluation.ps1tunnel-diagnostics.ps1yubikey-compliance-check.ps1il4-weekend-support-log.sql
- Configure SNCA v2/v3/legacy routing
- Enforce YubiKey PIV MFA
- Validate device posture (encryption, endpoint protection, compliance)
- Establish secure tunnels (Zscaler / GlobalProtect)
- Apply IL4/IL5 enclave segmentation
- Validate Zero Trust continuous verification
- Enable audit logging and compliance pipelines
- Strengthened authentication reliability across IL4/IL5 environments
- Reduced access failures through structured troubleshooting workflows
- Improved compliance alignment with federal baselines
- Enhanced Zero Trust enforcement across VDI and cloud systems
- Supported mission-critical operations requiring high-assurance identity controls
- Eliminated MFA loops and SNCA routing mismatches
- Resolved posture drift and non-compliant endpoint states
- Stabilized VDI access across segmented enclaves
- Improved audit traceability for weekend support operations
- Reduced tunnel instability and enclave reachability failures
This system enforces:
- Hardware-backed MFA (YubiKey PIV)
- Device compliance (Intune/Jamf)
- Zero Trust posture evaluation
- SNCA identity routing
- IL4/IL5 enclave segmentation
- Continuous session monitoring
- Immutable audit logging
All content is fully sanitized. No internal federal data, proprietary configurations, or sensitive operational details are included. Only high-level engineering patterns and workflows are represented.
Suren Jewels
Cloud & Infrastructure Engineer • Security & Automation Specialist
This repository showcases sanitized engineering patterns and automation workflows used in enterprise ServiceNow environments.
- LinkedIn: https://www.linkedin.com/in/suren-jewels/
- GitHub: https://github.com/Suren-Jewels
- Email: SurenJewelsPro@gmail.com