NIMS Credentialing Guidelines - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

NIMS Credentialing Guidelines

Description:

Chicago IL. National Preparedness Directorate. Federal Emergency Management Agency ... 2/23/06 Winter Fox: Federal, State & Local. Host: Pentagon ... – PowerPoint PPT presentation

Number of Views:555
Avg rating:3.0/5.0
Slides: 40
Provided by: fema47
Category:

less

Transcript and Presenter's Notes

Title: NIMS Credentialing Guidelines


1
NIMS Credentialing Guidelines
  • Technologies for Critical Incident Preparedness
    Conference and Exposition
  • October 29-31, 2008
  • Chicago IL
  • National Preparedness Directorate
  • Federal Emergency Management Agency

2
Why Credentialing?
  • To develop public trust that people presenting
    themselves to disaster sites are who they say
    they are, have the attributes/affiliation to
    provide needed assistance, and have authority to
    be there.

3
Authority
  • Public Law 110-53 (9/11 Commission Act of 2007)
    requires FEMA to develop a Standard and written
    guidance on Credentialing
  • Public Law 109-295 requires collaboration with
    NEMA on development of Credentialing

4
Expected Outcomes
  • Critical Review of the Draft Standard
  • Identify Challenges
  • What are the challenges?
  • How can the challenges be resolved?
  • How should the guidelines be communicated to
    those stakeholder communities that need to be
    Credentialed?

5
Future Activities
  • National Mutual Aid and Credentialing Working
    Group
  • Oversee completion of Guidelines through Federal
    Register and DHS approval process
  • Oversee development of Implementation guidance as
    required
  • Original NIMS Credentialing Working Group will
    support the NMAC
  • Conformity Assessment
  • Communications / Outreach

6
Guidelines Approval Process
  • ANSI-HSSP conference
  • Publish in Federal Register following FEMA DHS
    OMB review
  • Public Comment Period
  • NMAC meets to adjudicate comments
  • Submit Final Guidelines to FEMA for approval
  • Publish Final Credentialing Guidelines

7
  • Introduction to Draft Guidelines

8
Current Process for Access Control
Federal
State and Local
Response/Recovery Location
Currently no standardized process exists for
entry decisions
Private
Volunteers
9
  • State, Local, Tribal
  • Non-Government Organizations

10
State/Local Tribal Nations and Emergency
Management Assistance Compact (EMAC)
  • Designation of a credentialing authority to
    manage functions and processes
  • Establish a program that will use credentialing
    for interstate mutual aid
  • Maintain a register of persons credentialed and
    typed
  • For entities using technology, FEMA endorses
    FIPS 201 to achieve interoperability with Federal
    Emergency Response Officials
  • Federal granting agencies include conditions in
    grants and new rules to support conformance to
    guidelines.

11
Voluntary, Charitable and Not-for-Profit
Organizations
  • Designation of a credentialing authority to
    manage functions and processes
  • Organizations are encouraged to seek assistance
    of respective States, Tribal and Local
    governments to ensure compliance with these
    guidelines
  • Assist their personnel to obtain and maintain
    credentials
  • Maintain a roster and/or database repository of
    credentialed persons and typed personnel
  • Train volunteers on credentialing and typing
  • For entities using technology, FEMA endorses FIPS
    201 to achieve interoperability with Federal
    Emergency Response Officials

12
  • Private Sector
  • Critical Infrastructure/
  • Key Resources
  • (CI/KR)

13
Private Sector and Critical Infrastructure/Key
Resources
  • Designation of a credentialing authority to
    manage functions and processes
  • States developing an effective, flexible CI/KR
    Access Control Process that can be quickly
    implemented during disaster response and
    recovery
  • Supporting the execution of Federal, State,
    Tribal and local responsibilities and
    authorities
  • Granting priorities access to CI/KR damage
    assessment and restoration resources before,
    during, and after an incident.
  • For entities using technology, FEMA endorses FIPS
    201 to achieve interoperability with Federal
    Emergency Response Officials

14
  • Federal

15
Federal Emergency Response Officials (FEROs)
  • Defined by this document
  • Identity trust determined under HSPD-12 which
    requires a National Agency Check with Inquiries
    (NACI) for all employees and contractors
  • FERO attributes to include
  • National Response Framework (NRF) Emergency
    Support Functions
  • National Infrastructure Protection Plan (NIPP)
    Sector Coordination Functions
  • National Continuity Policy Implementation Plan
    (NCPIP) Essential Government Functions
  • National Incident Management Systems (NIMS)
    Federal skill set functions

16
Electronic Designation and Validation of
Federal/Emergency Response Officials (F/EROs)in
support of National Preparedness
17
H.R. 1 Requirements Status
  • Title IV of H.R. 1, the Implementing
    Recommendations of the 9/11 Commission Act of
    2007, directs
  • the Administrator of FEMA to 
  • (NLT 02 AUG 08)  Develop standards for
    credentialing and typing Federal/Emergency
    Response Officials (F/ERO)
  • Status FEMA Policy memo to OMB dated June 9,
    2008, defined the F/ERO standard to be HSPD-12
    eligible Federal
  • employees and contractors with National Response
    Framework (NRF), National Infrastructure
    Protection Plan (NIPP), and/or National
    Continuity Policy Implementation Plan (NCPIP)
    responsibilities.
  • (NLT 02 FEB 09) Establish a Federal Preparedness
    database system for real-time accountability and
    awareness
  • Status
  • DoD has a 90K-seat pilot repository for DoD
    F/EROs within the National Capital Region (NCR)
  • FEMA has a 100K-seat pilot repository for non-DoD
    F/EROs within the NCR (ahead of schedule)
  • FEMA will provide agencies with manpower support
    to capture initial F/ERO enrollments within the
    NCR as approved by the agency attribute
    administrators and provide training for
    enrollment/revocation sustainment capability
  • F/ERO repository will be populated / managed by
    individual agencies leveraging HSPD 12 / FIPS 201
    credentials and technology for real-time
    accountability and awareness

18
What is a Credentialed Typed Person?
  • A credentialed typed person has in his/her
    possession
  • mutually agreed upon
  • Proof of identity
  • Proof of attribute (qualification, certification,
    authorization, privilege) or affiliation
    (critical infrastructure/key resources)
  • Source authorization for deployment (mission
    assignment, EMAC, mutual aid agreement, etc.)
  • This can be by visual verification or FIPS 201
    electronic validation to
  • achieve standards-based multi-jurisdictional
    interoperability

18
For Official Use Only (FOUO)
19
Homeland Security Presidential Directive 12

(HSPD 12) Explanation
  • "Secure and reliable forms of identification" for
    purposes of this
  • directive means identification that
  • is issued based on sound criteria for verifying
    an individual employee's identity is strongly
    resistant to identity fraud, tampering,
    counterfeiting, and terrorist exploitation can
    be rapidly authenticated electronically and
  • is issued only by providers whose reliability has
    been established by an official accreditation
    process.
  • The Standard will include graduated criteria,
    from least secure to
  • most secure, to ensure flexibility in selecting
    the appropriate level
  • of security for each application

Federal Electronic Identity Standardization
For Official Use Only (FOUO)
20
FIPS 201 Leveraged Technology
HSPD 12
Logical Access
Physical Access
Routine Access and use applications
FIPS 201
FIPS 201
Emergency Access and use applications
Standardize Credential Use
21
F/ERO Attribute Administration Roles
Responsibilities
  • Attribute The qualification, certification,
    authorization, and/or privilege of an individual.
  • F/ERO Federal/Emergency Response Official is an
    HSPD 12 Federal employee or contractor who is
    responsible for the execution of the NRF, NIPP,
    NCPIP, and/or NIMS.
  • F/ERO Attribute The designated categories along
    with the qualifications, certifications,
    authorizations, and/or privileges of a F/ERO who
    is responsible for the execution of the NRF,
    NIPP, NCPIP, and/or NIMS.
  • F/ERO Attribute Source Authority The
    authoritative source document for F/ERO attribute
    designations.
  • F/ERO Attribute Administrator The person
    authorized to sponsor or revoke F/ERO attributes.
  • F/ERO Attribute Registrar The person designated
    to electronically assign or revoke F/ERO
    attributes within the F/ERO Attribute Repository
    as authorized by the F/ERO Attribute
    Administrator.
  • F/ERO Attribute Recipient The F/ERO who has
    been authorized by the F/ERO Attribute
    Administrator to be enrolled for the designated
    F/ERO attribute.
  • F/ERO Attribute Validation Authority The
    relying official who is authorized to
    electronically validate the designated F/ERO
    attributes of the bearer for access permissions.

22
F/ERO Enrollment Revocation Process
  • Agencies designate Attribute Administrators who
    are responsible for sponsoring (approving) or
    revoking respective F/ERO attributes
  • Agencies identify and sponsor respective F/EROs
  • Enrollment of sponsored F/EROs into shared F/ERO
    Repository
  • Post issuance enrollment (interim solution)
  • Credential issuance enrollment (end-state
    solution)
  • Attribute Administrators are responsible for the
    currency or revocation of sponsored F/EROs within
    shared F/ERO Repository

23
Requirements for F/ERO Designator When Issuing a
Personal Identification Verification (PIV)
Credential
Issued 2008MAY27 Expires 2008SEP30
Federal / Emergency Response Official
When you check the yes box during your issuance
process, your Agency must determine what NRF,
NIPP, or Continuity of Government category you
are filling as depicted in the drop down boxes
shown on the right.
24
Reference Websites
Federal/Emergency Response Official (F/ERO)
x

25
NRF F/ERO Designator
National Response Framework (NRF) Emergency
Support Function (ESF)
x

Note Check all that apply
26
NIPP F/ERO Designator
National Infrastructure Protection Plan (NIPP)
Sector Coordination Functions
x

Note Check all that apply
27
F/ERO Designation (For COOP/COG)
National Continuity Policy Implementation Plan
(NCPIP)
Essential Government Function
x
Emergency Support Function (ESF) 5 - Emergency
Management
x
Tier -1
Tier - 2
Tier - 3
Tier - 4
Tier - 5
Notes Check all that apply If checking OPRON,
please check one box under Tiers 1-5
28
OPRON Tiers 1 5 (non-DoD NCR only)
  • Tier 1
  • National Continuity Team (NCT)
  • National Intelligence Liaison Emergency Staff
    (NILES)
  • DHS Operations Coordination / (NOC, IMPT)
  • Legislative, Judicial and Defense Emergency
    Staffs
  • Tiers 2 and 3
  • Component/Agency Heads and Deputies
  • Chiefs of Staff, Special Assistants
  • Tier 4 and 5
  • Cleared COOP Personnel from 30 Departments and
    Agencies
  • Un-cleared COOP Personnel from 30 Departments
    and Agencies

29
F/ERO Repository Architecture
DoD / NCRC Validated Model
Identity Databases (Entity Owned)
F/ERO Electronic Validation Devices
F/ERO eAttribute Repository (No Personal
Identifiable Information)
BAE
Federal HSPD-12 Credential
Identity Privilege List
BAE
State/Local FRAC
Handheld Devices
BAE
Private Sector/Volunteer FRAC
Management Station
HSPD-12 PIV or FIPS 201-interoperable Credential
Required
BAE
AHJ On-Scene FRAC
Backend Attribute Exchange (BAE) The
end-state identity credential issuance and
electronic attribute management process
Guard Station
Post-issuance electronic Attribute Management
Process
30
Repository Configuration Management
Identity Credential Prerequisite
Phase 1
Phase 2
31
NRF F/ERO Repository Status (sample report)
32
NIPP F/ERO Repository Status (sample report)
33
How Should It Work?
  • Standard enables process to include
  • State to State
  • State to Local
  • Local to Local
  • Private to Government
  • Private to Private (e.g., utility companies)
  • Mission Assignment
  • Paper-based, visual or FIPS 201 electronic
    verification to include
  • ID (2 forms if visual)
  • Attribute or Affiliation
  • Deployment Source Authority

Federal
State and Local
Private
Response/Recovery Location
RSOI
Volunteers
Standardized credentialing process
RSOI Receiving Staging Operations Integration
34
Chronological Electronic Validation (sample data)
35
On-Scene Human Resources (sample data)
36
Validated Demonstrations
2/23/06 Winter Fox Federal, State
Local Host Pentagon Validation ESF-13 (Law
Enforcement) Multi- Jurisdictional
Interoperability 5/18/06 Eligible Bridge Public
Private Sectors Host George Washington
University Validation ESF-5 (Emergency
Management) Public/Private Interoperability
6/08/06 ATT Private Sector ID eAuthentication
Host ATT Validation ESF-2
(Communications) eAuthentication 6/21/06 Forward
Challenge DHS ID eAuthentication Host
DHS Validation ESF-5 COOP/COG Evacuation
Visibility/Manifest Tracking 7/20/06 Maritime
Interoperability Demonstration Public Private
Ports Host US DOT Validation ESF-1
(Transportation) Multi-Port Access
Visibility/Tracking 12/05/06 Capitol Shield
DoD Host DC National Guard Validation
HSPD-12 Required Access into DoD-controlled
Facility 2/15/07 Winter Storm Federal, State,
Local, Private Sector Host DoD / DHS
Validation multi-jurisdictional FRAC issuance
Trust Model 7/19/07 Summer Breeze Federal,
State, Local Private Sector Host DoD / DHS
Validation multi-jurisdictional FRAC usage
Trust Model 3/06/08 Winter Blast Federal,
State, Local Private Sector Host HHS /
FEMA Validation multi-jurisdictional
interoperability with FIPS 201 interoperable
credentials 5/07/08 NLE 2-08 Federal Host
All Federal Executive Branch Validation
Electronic in-processing and reporting of FEMA
essential government personnel 5/15/08 Spring
Blitz Federal, State, Local Private
Sector Host FEMA / Tampa Bay,
Florida Validation multi-jurisdictional FIPS
201 and Florida drivers license
interoperability 7/24/08 Summer Sizzle Federal,
State, Local Private Sector (CI/KR) Host
HHS / FEMA / PA / VA / GWU Validation FIPS
201 multi-jurisdictional interoperability to
include NRF/NIPP/NCPIP electronic attributes
10/23/08 Autumn Rush All Hazards Consortium
(AHC) to include DE, Wash DC, MD, NC, NJ, NY, PA,
VA, WV Host AHC, Gettysburg, PA Validation
FIPS 201 validation for disaster response
drivers license verification for hurricane
re-entry and shelter-in-place
Proof of Standardized Process Capability
For Official Use Only (FOUO)
37
End State Federal Mutual Aid Preparedness
  • Incident Management
  • To get the right people with the right attributes
    to the right places at the right times
  • thus reducing response/recovery times and
    promoting restoration to pre-incident
  • Quality of life conditions
  • Intended benefit
  • Emergency response officials will possess FIPS
    201 identity credentials that align
  • with Federal standards and enable
    e-Authentication of identity and disaster
  • response/recovery attribute information for
    determining access privileges
  • Additional benefit
  • FIPS 201 identity credentials issued by
    respective sponsoring agencies in a
  • Distributed environment can be integrated into
    standards-based physical and logical
  • access systems thus eliminating proprietary
    solutions that can be costly to
  • maintain/sustain or time

Federal and Non-Federal Standardization
For Official Use Only (FOUO)
38
Questions?
  • Please submit all questions to
  • FEMA-FEROSupport_at_dhs.gov

39
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com