From. Medusa. Midas. Lynn Kluegel Glen Lee. Lee Neely. Melissa Nimmo LA-UR Unclassified

Size: px
Start display at page:

Download "From. Medusa. Midas. Lynn Kluegel Glen Lee. Lee Neely. Melissa Nimmo LA-UR-22904. Unclassified"

Transcription

1 From to Medusa Midas Lynn Kluegel Glen Lee Lee Neely Melissa Nimmo LA-UR-22904

2 Goals of the DOE PKI Path Forward Establish a more robust/resilient PKI directory service for obtaining encryption certificates and CRLs Reduce the sites need for managing Entrust PKI services and use of the Entrust Desktop software Transition to federally approved encryption certificates (HSPD-12 PIV Card or DOE SSP CA certificates) Slide 2

3 Current state of PKI in DOE today Target State of PKI in DOE tomorrow DOE PKI is primarily Entrust Legacy CA DOE PKI is SSP CA or other federally-approved PKI provider. Reflects current users who have a requirement for PKI today, otherwise they wouldn t have Entrust Slide 3

4 DOE PKI Path Forward Strategy Integrate Existing Legacy CA Encryption Certificates into EGDS EGDS replaces the DOE Legacy Critical Path Directory Architecture Moving From Legacy to Federally Approved PKI Certificates A user with a Legacy CA certificate may be encrypting to another user who has an HSPD-12 PIV or DOE SSP CA certificate, and vice versa User only has one encryption certificate published in EGDS Federally-Approved PKI DOE users will have and are using a federally-approved PKI certificate for encryption (as well as signatures and authentication) Sites may decommission their Legacy CA whenever they are ready to do so Slide 4

5 Energy Global Directory Service (EGDS) EGDS Node (aka Multi-Master) Legacy CA Site with Critical Path Directory GSA USAccess (HSPD-12/PIV Data) DOE SSP Slide 5

6 PKI at our Fingertips PKI Card Auth Key (CAK) PACS only PIV Auth Cert Logon, Websites, PACS Signature Cert Signing & Docs Encryption Cert Encrypting & Docs Key History 5 recently retired on-card "Will-be" PIV'd 15% DOE Already PIV'd 65% Slide 6

7 Signatures and Encryption: Consider this! Ignore authentication for the moment. Up to now, who at your site required a PKI certificate? Anyone currently with an Entrust account in order to send signed and encrypted , digitally sign forms, or encrypt files. A majority of those users* likely already have a PIV Card. *Feds, HQ contractors, and users with a clearance, per DOE Order Consider PIV ing the others *. *DOE Order allows for discretion. NNSA HQ has mandated that PIV shall be issued to all uncleared personnel. Your users are no longer dependent on Entrust client software to sign or encrypt. Purchase PIV-I or a PKI certificate from federally-approved provider for the small amount of users* who cannot get a PIV. *Foreign nationals living in US <3 years Slide 7

8 Authentication: Consider this! Now, that we have satisfied the long-standing business driver for PKI, let s address the requirement (or perhaps the desire) for 2-factor authentication using PKI and smart cards (e.g. PIV Card). First, assess the population at your site that: a. Is expected to logon to the local network(s) using 2-factor? b. Must access online (internal or external) applications or systems that expect the user to authenticate with a PIV Card or a federally-approved PKI certificate? A good portion of your user population * likely already has a PIV Card. *Feds, HQ contractors, and users with a clearance, per DOE Order Users that were issued PIV to replace their Entrust accounts (see prior slide) All users have similar experience when authenticating to networks and applications Consider PIV ing the others *, or at least those who need to access external applications. *DOE Order allows for discretion. NNSA HQ has mandated that PIV shall be issued to all uncleared personnel. Implement a local PKI * and smart card solution to satisfy local requirements. *DOE Order permits local PKIs to address local requirements when external interoperability is not required. Purchase PIV-I or a software certificate from federally-approved provider for users* who cannot get a PIV but need to access external applications. *Foreign nationals living in US <3 years Slide 8

9 DOE Federally Approved Brittle Directory Infrastructure Issues with Legacy PKI Directory at one site impacts users across the complex Stable and Robust Directory Infrastructure DOE users can access any other DOE person s encryption certificate as long as one multi-master node is operational CAs Operated and Maintained by the Sites Recurring license and hardware costs Knowledgeable staff required at all 8 CA sites DOE is No Longer in the Business of PKI Sites no longer have to own and operate DOE Legacy CAs, which will free up resources and money User Frustration Issues with client software performance and behavior impacts ability to sign and/or encrypt Entrust Software No Longer Required Eliminates one of the biggest headaches of IT staffs and one of the variables with troubleshooting issues with using PKI Not Trusted by Other Agencies Other agencies will not exchange encrypted or accept digitally signed or documents Business with Other Agencies DOE users are no longer hassled for not having PKI certificates that can be used for encryption and signatures Slide 9

10 Thank You Lynn Kluegel Glen Lee Lee Neely Melissa Nimmo Slide 10

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM) Department of Energy Identity, Credential, and Access Management (ICAM) Cyber Security Training Conference Tuesday, May 18, 2010 1 Announcement LACS Birds-of-a-Feather Session Logistics Wednesday, May

More information

Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010

Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010 Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010 Interagency Advisory Board Meeting Agenda, October 27, 2010 1. Opening Remarks 2. A Discussion

More information

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...

More information

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Tim Baldridge AWG

More information

Department of Defense PKI Use Case/Experiences

Department of Defense PKI Use Case/Experiences UNCLASSIFIED//FOR OFFICIAL USE ONLY Department of Defense PKI Use Case/Experiences PKI IMPLEMENTATION WORKSHOP Debbie Mitchell DoD PKI PMO dmmitc3@missi.ncsc.mil UNCLASSIFIED//FOR OFFICIAL USE ONLY Current

More information

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012 Federal CIO Council Information Security and Identity Management Committee IDManagement.gov What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form December 3, 2012 HSPD-12

More information

Required changes to Table 6 2 in FIPS 201

Required changes to Table 6 2 in FIPS 201 The PIV Working Group appreciates the opportunity to provide guidance on the initial scope for ICAM Part B. In addressing your request we created three bodies of content: Required changes to Table 6 2

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed. Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout

More information

U.S. Department of Energy Washington, D.C.

U.S. Department of Energy Washington, D.C. U.S. Department of Energy Washington, D.C. ORDER DOE O 206.2 Approved: SUBJECT: IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (ICAM) 1. PURPOSE. To establish requirements and responsibilities for DOE s identity,

More information

Enrolling with PIV and PIV-I Velocity Enrollment Manager

Enrolling with PIV and PIV-I Velocity Enrollment Manager Enrolling with PIV and PIV-I Velocity Enrollment Manager Overview The Homeland Security Presidential Directive 12 (HSPD-12) called for a common identification standard to be adopted by all Federal Government

More information

Strong Authentication for Future Web Applications

Strong Authentication for Future Web Applications Strong Authentication for Future Web Applications Chris Williams Leidos, Inc. July 18, 2014 For W3C Identity in the Browser Workshop Abstract Leidos (formerly SAIC), has been using strong authentication

More information

DEPARTMENTAL REGULATION

DEPARTMENTAL REGULATION U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 DEPARTMENTAL REGULATION SUBJECT: Identity, Credential, and Access Management Number: 3640-001 DATE: December 9, 2011 OPI: Office of the Chief Information

More information

Department of Defense SHA-256 Migration Overview

Department of Defense SHA-256 Migration Overview Department of Defense SHA-256 Migration Overview 18 March 2011 Tim Fong DoD-CIO/ IIA Timothy.Fong@osd.mil General Observations This is Important INFOSEC: Algorithms can be compromised over time. Crypto

More information

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Frequently Asked Questions (FAQs) SIPRNet Hardware Token Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:

More information

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics Jan Krhovják Outline Introduction and basics of PIV Minimum

More information

DOE Joint ICAM Program - Unclass & Secret Fabrics

DOE Joint ICAM Program - Unclass & Secret Fabrics DOE Joint ICAM Program - Unclass & Secret Fabrics GSA Federal ICAM Day, 16 April 2014 Mr. Frank Husson & Mr. Rich Tannich Unclassified Agenda Unclassified Initiative Mr. Frank Husson will share DOE s vision

More information

NIST Test Personal Identity Verification (PIV) Cards

NIST Test Personal Identity Verification (PIV) Cards NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper

More information

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management An information exchange For Information Security and Privacy Advisory Board Deb Gallagher

More information

GSA FIPS 201 Evaluation Program

GSA FIPS 201 Evaluation Program GSA FIPS 201 Evaluation Program David Temoshok Director, Federal Identity Policy and Management GSA Office of Governmentwide Policy NIST/DHS/TSA TWIC QPL Workshop April 21, 2010 1 HSPD-12 Government-wide

More information

Implementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware

Implementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware Implementing Federal Personal Identity Verification for VMware View By Bryan Salek, Federal Desktop Systems Engineer, VMware Technical WHITE PAPER Introduction This guide explains how to implement authentication

More information

STATEMENT OF WORK. For

STATEMENT OF WORK. For STATEMENT OF WORK For Credentialing and Validation Support for DC Homeland Security & Emergency Management Agency (DC HSEMA) IN SUPPORT OF THE GOVERNMENT OF THE DISTRICT OF COLUMBIA November 15, 2012 1.

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Siemens PKI Certificate Authority (CA) Hierarchy

Siemens PKI Certificate Authority (CA) Hierarchy Siemens PKI Certificate Authority (CA) Hierarchy Status July 2011 Siemens PKI CA Hierarchy Overview (1) Public Root (available in common OS / Browsers) Baltimore CyberTrust Root (Verizon) Siemens Trust

More information

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Audio: This overview module contains an introduction, five lessons, and a conclusion. Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules

More information

Strong Authentication for PIV and PIV-I using PKI and Biometrics

Strong Authentication for PIV and PIV-I using PKI and Biometrics Strong Authentication for PIV and PIV-I using PKI and Biometrics Adam Shane PSP, Product Manager and Sr. Systems Design Architect AMAG Technology Bob Fontana CSCIP/G, Vice President-Federal Identity Codebench/HID

More information

Lecture 10 - Authentication

Lecture 10 - Authentication Lecture 10 - Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Kerberos: What to know 1) Alice T rent : {Alice + Bob

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Lecture 10 - Authentication

Lecture 10 - Authentication CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 10 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

More information

Federal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1.

Federal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1. Federal Identity, Credentialing, and Access Management Personal Identity Verification Interoperable (PIV-I) Test Plan Version 1.1.0 Final February 22, 2011 Table of Contents 1 Introduction... 1 1.1 Background...

More information

Integration of Access Security with Cloud- Based Credentialing Services

Integration of Access Security with Cloud- Based Credentialing Services Integration of Access Security with Cloud- Based Credentialing Services Global Identity Summit September 17, 2014 All text, graphics, the selection and arrangement thereof, unless otherwise cited as externally

More information

Department of Defense External Interoperability Plan Version 1.0

Department of Defense External Interoperability Plan Version 1.0 Department of Defense External Interoperability Plan Version 1.0 The Office of the Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer 1 INTRODUCTION...

More information

7 Key Management and PKIs

7 Key Management and PKIs CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.

More information

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance December 2, 2011 Powered by the Federal Chief Information Officers Council and the Federal Enterprise Architecture

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May 2009. By Lynne Prince Defense Manpower Data Center

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May 2009. By Lynne Prince Defense Manpower Data Center Life After PIV Authentication In Federated Spaces Presented to Card Tech/Secure Tech By Lynne Prince Defense Manpower Data Center Interoperability with HSPD12 Capability PIV provides a secure common credential,

More information

The Costs of Managed PKI:

The Costs of Managed PKI: The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations

More information

Identity, Credential, and Access Management. Open Solutions for Open Government

Identity, Credential, and Access Management. Open Solutions for Open Government Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management www.idmanagement.gov Open Solutions for Open Government Judith Spencer Co-Chair, ICAM

More information

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1 Operational Research Consultants, Inc. Non Federal Issuer Certificate Policy Version 1.0.1 Operational Research Consultants, Inc. 11250 Waples Mill Road South Tower, Suite 210 Fairfax, Virginia 22030 June

More information

CS615 - Aspects of System Administration

CS615 - Aspects of System Administration CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration SSL, SSH Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu http://www.cs.stevens.edu/~jschauma/615/

More information

Egyptian Best Practices Securing E-Services

Egyptian Best Practices Securing E-Services Egyptian Best Practices Securing E-Services Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA Agenda Security Measures for E-Services Examples of E- Services Threats

More information

Identity & Privacy Protection

Identity & Privacy Protection Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550 CyberSecurity One of the most serious economic

More information

Public Key Infrastructure

Public Key Infrastructure UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported

More information

FICC Shared Service Provider (SSP) Industry Day, 3/11. Questions and Answers

FICC Shared Service Provider (SSP) Industry Day, 3/11. Questions and Answers FICC Shared Service Provider (SSP) Industry Day, 3/11 Questions and Answers A request to repeat the URL where the presentation and documents will be stored was made. -Judith Spencer repeated the URL, www.cio.gov/ficc/ssp_documents.htm,

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Stefan Kotes, Engineering Manager Agenda Tumbleweed company overview Certification

More information

Federal PKI TWG Federal PKI Directory Profile v2.3 (draft)

Federal PKI TWG Federal PKI Directory Profile v2.3 (draft) Federal PKI TWG Federal PKI Profile v2.3 (draft) 05 September, 2002 Agenda! Status of Federal PKI Profile! New Components to be Added to the Bridge! Connecting -based to the Bridge! Connecting Microsoft

More information

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013 MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013 Concept of identity Identity and Access Management Authoritive Identity Source User Identity Feed and Role Management

More information

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3 Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability Version 1.0.3 Prepared for: Department of Defense (DoD) PKI August 27, 2008 Page 1 Table of

More information

Enable Your Applications for CAC and PIV Smart Cards

Enable Your Applications for CAC and PIV Smart Cards Enable Your Applications for CAC and PIV Smart Cards Executive Summary Since HSPD-2 was signed in 2004, government agencies have issued over 5 million identity badges. About 90% of government workers and

More information

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys. Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS Status: Final Form Date: 30-SEP-13 Question 1: OPDIV Question 1 Answer: OS Question 2: PIA Unique Identifier (UID): Question 2 Answer: P-2277902-798208 Question 2A: Name: Question 2A Answer: Identity and

More information

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations WHITE PAPER Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations Contents The Mandate for Increased Security...1 Key Considerations...1 Critical Security Level Considerations...1

More information

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB

More information

Identity and Access Management Initiatives in the United States Government

Identity and Access Management Initiatives in the United States Government Identity and Access Management Initiatives in the United States Government Executive Office of the President November 2008 Importance of Identity Management within the Federal Government "Trusted Identity"

More information

Public Key Infrastructure. A Brief Overview by Tim Sigmon

Public Key Infrastructure. A Brief Overview by Tim Sigmon Public Key Infrastructure A Brief Overview by Tim Sigmon May, 2000 Fundamental Security Requirements (all addressed by PKI) X Authentication - verify identity of communicating parties X Access Control

More information

Practical Challenges in Adopting PIV/PIV-I

Practical Challenges in Adopting PIV/PIV-I UNCLASSIFIED Practical Challenges in Adopting PIV/PIV-I Hank Morris UNCLASSIFIED 2 UNCLASSIFIED // FOUO Purpose and Agenda Purpose: Explore the policy, process, and mechanisms to securely leverage biometrics

More information

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2. Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions

More information

Entrust Managed Services Non-Federal Public Key Infrastructure X.509 Certificate Policy

Entrust Managed Services Non-Federal Public Key Infrastructure X.509 Certificate Policy Entrust Managed Services Non-Federal Public Key Infrastructure X.509 Certificate Policy Version 1.4 September 30, 2010 Signature Page EMS PKI Policy Authority DATE i Revision History Document Version Document

More information

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

Identity, Credential, and Access Management at NASA, from Zachman to Attributes

Identity, Credential, and Access Management at NASA, from Zachman to Attributes Identity, Credential, and Access Management at NASA, from Zachman to Attributes Corinne Irwin Dennis Taylor VISION: Integrated, secure, and efficient information technology and solutions that support NASA

More information

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if

More information

Federal PKI. Trust Infrastructure. Overview V1.0. September 21, 2015 FINAL

Federal PKI. Trust Infrastructure. Overview V1.0. September 21, 2015 FINAL Federal PKI Trust Infrastructure Overview V1.0 September 21, 2015 FINAL This Page is Blank Table of Contents 1. Introduction... 1 2. Public Key Infrastructure Overview... 2 3. Federal Public Key Infrastructure

More information

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards GAO United States Government Accountability Office Report to Congressional Requesters September 2011 PERSONAL ID VERIFICATION Agencies Should Set a Higher Priority on Using the Capabilities of Standardized

More information

Federal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process

Federal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process Federal Identity, Credentialing, and Access Management Identity Scheme Adoption Process Version 1.0.0 Release Candidate July 8, 2009 ii Document History Status Release Date Comment Audience Draft 0.0.1

More information

Driving Safely on Information Highway. April 2006

Driving Safely on Information Highway. April 2006 Driving Safely on Information Highway April 2006 Agenda FIPS 201 and PK enabling Challenges of PK enabling Ways to meet the challenges PKIF Webcullis (demo) TrustEnabler (demo) FIPS 201 unique PK enabling

More information

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006 HSPD-12 Implementation Architecture Working Group Concept Overview Version 1.0 March 17, 2006 Table of Contents 1 PIV Lifecycle... 3 2 High Level Component Interaction Diagram... 4 3 PIV Infrastructure

More information

TeleTrusT IT Security Association Germany. TeleTrusT IT Security Association Germany. Overview

TeleTrusT IT Security Association Germany. TeleTrusT IT Security Association Germany. Overview TeleTrusT IT Security Association Germany Overview Introduction to TeleTrusT EBCA Since 2001 Consolidation of individual, equal PKIs in a PKI network of trust simple, secure email communication & data

More information

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn. CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange

More information

Issuance and use of PIV at FAA

Issuance and use of PIV at FAA Issuance and use of PIV at FAA Presented to: Government Smart Card Interagency Advisory Board By: Ed Ebright, Division Manager, ID Media Division Date: May 2011 Agenda What we use PIV Card Status FAA HSPD-12

More information

why PKI and digital signatures suck

why PKI and digital signatures suck why PKI and digital signatures suck some theories on real-world crypto usage chaos communication camp 2003 christian mock http://www.tahina.priv.at/~cm/talks/pkisucks.{sxi,pdf} version

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Identity Protection and Access Management (IPAM) Architectural Standard Identity Management Services ITP Number ITP-SEC013 Category Recommended Policy Contact RA-ITCentral@pa.gov

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

Authentication is not Authorization?! And what is a "digital signature" anyway?

Authentication is not Authorization?! And what is a digital signature anyway? Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information

More information

U.S. Department of Agriculture HSPD 12 Program. USDA HSPD-12 Implementing PIV cards @ USDA

U.S. Department of Agriculture HSPD 12 Program. USDA HSPD-12 Implementing PIV cards @ USDA U.S. Department of Agriculture HSPD 12 Program USDA HSPD-12 Implementing PIV cards @ USDA April 2009 USDA and the GSA HSPD-12 Shared Solution USDA has been at the forefront of driving a shared solution

More information

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 2013 PKI Made Easy: Managing Certificates with Dogtag Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 Agenda What is PKI? What is Dogtag? Installing Dogtag Interacting with Dogtag using REST Future

More information

AMSAC Open Mee*ng, Internet2 Member Mee*ng 10/4/2011 4:30PM 306A

AMSAC Open Mee*ng, Internet2 Member Mee*ng 10/4/2011 4:30PM 306A Client (Personal) Cer/ficates: Should We Be Thinking About Cer/ficate Use Cases or Should We Be Thinking About The Sort of Creden/al Deployment Model We Need? AMSAC Open Mee*ng, Internet2 Member Mee*ng

More information

Federal Public Key Infrastructure Technical Working Group Meeting Minutes

Federal Public Key Infrastructure Technical Working Group Meeting Minutes Federal Public Key Infrastructure Technical Working Group Meeting Minutes Prepared for the General Services Administration By SRA International Time Topic Friday March 25, 2015 1:00 p.m. 2:30 p.m. Teleconference

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC 20301-6000 CHIEF INFORMATION OFFICER OCT 05 2010 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOrNT CHIEFS OF STAFF

More information

HIPAA Security Regulations: Assessing Vendor Capabilities and Negotiating Agreements re: PKI and Security

HIPAA Security Regulations: Assessing Vendor Capabilities and Negotiating Agreements re: PKI and Security HIPAA Security Regulations: Assessing Vendor Capabilities and Negotiating Agreements re: PKI and Security March 2, 2001 Cy D. Ardoin, Ph.D. 2 Agenda Quick View of Security Strategy for Security Quick View

More information

GSA SCHEDULE PROGRAM Verizon s Advanced, Strategic IT Solutions for Government

GSA SCHEDULE PROGRAM Verizon s Advanced, Strategic IT Solutions for Government GSA SCHEDULE PROGRAM Verizon s Advanced, Strategic IT Solutions for Government Transformative technology cloud computing, virtualization, advanced security solutions, mobility, and IT networking is helping

More information

US Security Directive FIPS 201

US Security Directive FIPS 201 Security US Security Directive FIPS 201 Compliance Strategies Learn about compliance strategies for governmental agencies in meeting requirements of Homeland Security Presidential Directive 12 (HSPD-12),

More information

Red Hat Identity Management

Red Hat Identity Management Red Hat Identity Management Overview Thorsten Scherf Senior Consultant Red Hat Global Professional Services Agenda What is Red Hat Identity Management? Main values Architecture Features Active Directory

More information

Airbus Group Public Key Infrastructure. Certificate Policy. Version 4.6

Airbus Group Public Key Infrastructure. Certificate Policy. Version 4.6 Airbus Group Public Key Infrastructure Certificate Policy Version 4.6 DOCUMENT VERSION CONTROL Version Date Authors Description Reason for Change 4.6 2015-03-18 Carillon Revision Introduction of two new

More information

The Concept of Trust in Network Security

The Concept of Trust in Network Security En White Paper Date: August 2000 Version: 1.2 En is a registered trademark of En, Inc. in the United States and certain other countries. En is a registered trademark of En Limited in Canada. All other

More information

Derived credentials. NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials

Derived credentials. NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials Daon your trusted Identity Partner Derived Credentials A Use Case Cathy Tilton Daon 1 February 2012 Derived credentials NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials Derived credential

More information

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication

More information

NOAA HSPD-12 PIV-II Implementation October 23, 2007. Who is responsible for implementation of HSPD-12 PIV-II?

NOAA HSPD-12 PIV-II Implementation October 23, 2007. Who is responsible for implementation of HSPD-12 PIV-II? NOAA HSPD-12 PIV-II Implementation What is HSPD-12? Homeland Security Presidential Directive 12 (HSPD-12) is a Presidential requirement signed on August 27, 2004 requiring Federal agencies comply with

More information

Conclusion and Future Directions

Conclusion and Future Directions Chapter 9 Conclusion and Future Directions The success of e-commerce and e-business applications depends upon the trusted users. Masqueraders use their intelligence to challenge the security during transaction

More information

An Operational Architecture for Federated Identity Management

An Operational Architecture for Federated Identity Management An Operational Architecture for Federated Identity Management March 2011 Implementing federated identity management and assurance in operational scenarios Federated Identity Solution The Federated identity

More information

MCSE SYLLABUS. Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003:

MCSE SYLLABUS. Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003: MCSE SYLLABUS Course Contents : Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003: Managing Users, Computers and Groups. Configure access to shared folders. Managing and Maintaining

More information

For Official Use Only (FOUO)

For Official Use Only (FOUO) The FEMA Mission To support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, and

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Financial Security Symposium 2012. Singapore

Financial Security Symposium 2012. Singapore Financial Security Symposium 2012 Singapore Identity Assurance Solutions - Establishing Trust in Online Identities LEE Meng Chuan Regional Sales Manager, ASEAN Identity and Access Management (IAM) About

More information

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman The Slow Convergence of PKI and Kerberos At Connectathon 1995 Dan Nessett of Sun Microsystems was quoted saying Kerberos will

More information

2NV Update. A look at where we are in the delivery of 2NV Wayne Jones, NNSA CIO Melissa Ujczo-Kovachich, IT Project Manager

2NV Update. A look at where we are in the delivery of 2NV Wayne Jones, NNSA CIO Melissa Ujczo-Kovachich, IT Project Manager 2NV Update A look at where we are in the delivery of 2NV Wayne Jones, NNSA CIO Melissa Ujczo-Kovachich, IT Project Manager 2NV Overview 2NV is a suite of IT initiatives sponsored by NA-IM that will provide

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information