- PowerPoint PPT Presentation

About This Presentation
Title:

Description:

Access Control Subsystem. Identity Management System (IDMS). PKI credential. Implementation Highlights Due Dates By Oct. 27, 2005: PIV-I: ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 12
Provided by: JimmyBres
Category:
Tags: idms

less

Transcript and Presenter's Notes

Title:


1

Homeland Security Presidential Directive 12
(HSPD-12)
  • Personal Identity Verification (PIV) of Federal
    Employees and Contractors
  • October 27, 2005

2
HSPD-12 Briefing Outline
  • Executive Summary
  • Implementation Highlights
  • Where We Are Now
  • Issues

3
Executive SummaryHSPD-12
  • Homeland Security Presidential Directive 12 was
    signed by President Bush Aug. 27, 2004
  • It is the policy of the United States to
    enhance security, increase government efficiency,
    reduce identity fraud, and protect personal
    privacy
  • Improved personal identity verification (PIV) of
    all federal employees and contractors.
  • Interoperable ID badges/smart cards.

4
Executive SummaryHSPD-12 Control Objectives
  • Secure and reliable forms of identification
    must be 
  • Issued based on sound criteria for verifying an
    individual employees identity.
  • Strongly resistant to identity fraud, tampering,
    counterfeiting, and terrorist exploitation.
  • Able to be rapidly authenticated electronically.
  • Issued only by providers whose reliability has
    been established by an official accreditation
    process.

5
Executive SummaryTo implement, we must
  • Strengthen and standardize identity verification
    process.
  • Operate a comprehensive PIV card authentication
    and personal identity verification system.
  • Procure standard ID badges/ smartcards, readers,
    and PKI services per FIPS 201.
  • Capture index fingerprints on PIV card, and store
    fingerprints in database.

6
Executive SummaryGuidance and Standards
  • Federal Information Processing Standards 201
    (FIPS) for HSPD-12 developed by NIST.
  • FIPS 201 breaks down requirements into
  • PIV I and PIV II.
  • Includes NIST Special Publications
  • SP 800-73 Smart card requirements.
  • SP 800-76 Biometric requirements
    (fingerprints).
  • SP 800-78 Cryptographic requirements (PKI).
  • SP 800-79 Certification and accreditation
    (CA).
  • SP 800-85 Testing procedures for PIV products.

7
Executive SummaryFIPS 201 (Part 1 II)
  • PIV I the process
  • Strengthens identity-proofing and background
    investigations.
  • Defines credential issuance process.
  • Mandates privacy protections.
  • PIV II - components of the PIV system
  • Interoperable PIV Card.
  • Card Management Subsystem.
  • Access Control Subsystem.
  • Identity Management System (IDMS).
  • PKI credential.

8
Implementation HighlightsDue Dates
  • By Oct. 27, 2005 PIV-I
  • Identity proofing and credential issuance process
    complies with FIPS 201, part 1. Completed.
  • By Oct. 27, 2006 PIV-II
  • New employees/ contractors Issue only PIV-II
    compliant cards and require use for both physical
    and logical access.
  • Existing employees/ contractors Begin replacing
    cards.
  • FBI National Criminal History (fingerprint) Check
    portion of background investigation before PIV
    Card issuance.
  • Full National Agency Check with Inquiries (NACI)
    must follow.
  • By Oct. 27, 2007
  • Finish replacing cards for current employees/
    contractors and require use for both physical and
    logical access.
  • All federal employees with less than 15 years of
    service and all contractors must be identity
    proofed with a minimum of a NACI.

9
Where We Are Now
  • Currently compliant with all FIPS 201
    requirements for PIV I.
  • PIV I Guidance issued.
  • New PIV I form being utilized.
  • New HR hiring practices are in place.
  • Conducted training for all OSEP employees
    associated in PIV I process.
  • CPO conducted Contracting Officers training.
  • New HUDAR clause is written.
  • OSEP has started Certification and Accreditation
    process.
  • GSA currently working on hiring contractor
    support for future DSX upgrades and additional
    hardware.

10
Government WideHUD Involvement
  • Federal Identity Credentialing Committee (FICC)
  • Interagency Partnership Working Group meetings
  • Smart Card Interagency Advisory Board (IAB)
  • Interagency Privacy Committee

11
Next Steps
  • Future Issues
  • High project implementation costs.
  • Integration of DSX to HUD infrastructure.
  • HUD computer network access will require use of
    PIV card (including PKI credential).
  • PKI credential has never been used in HUD
    environment.
  • Procurement risks
  • Currently there are no products or services that
    are certified to be FIPS 201 compliant.
  • GSA will require purchases of products using
    Schedule 70 (HITS?).
  • GSA will not have new Schedule 70 in place until
    May 2006.
Write a Comment
User Comments (0)
About PowerShow.com