Issuance and use of PIV at FAA

Transcription

1 Issuance and use of PIV at FAA Presented to: Government Smart Card Interagency Advisory Board By: Ed Ebright, Division Manager, ID Media Division Date: May 2011

2 Agenda What we use PIV Card Status FAA HSPD-12 Systems PIV Card Health Check Visitor System Contactless Reader PIV Authoritative Database Forgotten PIV Cards Issues FAA PACS FAA LACS 2

3 What we use PKI Verisign/Symantec. CMS - Intercede IDMS Investigations Tracking System (ITS). FAA developed web based system. In production since Precise Biometrics 250 and 200. AWARE Facial Recognition. Customized for the FAA. 3

4 PIV Card Status As of May 1 st the FAA has issued 68,000 PIV Cards. Total Population 73, % of Federal Employees have their PIV Card. 99% of all Federal and Contractor employees have applied for the PIV Card. 170 Permanent sites issuing PIV Cards. (Accommodates approximately 85% of workforce. Remaining 15% complete while at permanent site and using Mobile Lite concept. (PIV in a Box). 4

5 FAA HSPD-12 Systems PIV Card Health Check The purpose of the PIV Card Health Check is to conduct and share an integrity check on individual PIV Cards. Cardholders can access a website and use a friendly GUI to view the health of their PIV Card. Cardholders may also submit a report to the PIV Helpdesk. 5

6 PIV Card Health Check Helpdesk personnel have real time access to review the same report as the card holder. The system will help in troubleshooting problems such as expired certificates, corrupted cards, and non-card issues such as malfunctioning card reader or login configuration problems. This system is available to other agencies to host and usage. 6

7 PIV Card Health Check 7

8 FAA HSPD-12 Systems Visitor System Web based system which allows FAA employees to sponsor visitors from other agencies. Visitor is notified through and the system automatically walks them through registering their smart card. (PIV and CAC) Data is automatically transferred to the FAA Secure PAD. Facility Manager assigns access to visitor. 8

9 Visitor Administrator Console 9

10 FAA HSPD-12 Systems Contactless Reader Contactless Reader. Windows based system which verifies the contactless has not been broken and provides information read from the contactless portion of PIV Card. Used by all 170 sites. Valuable tool used everyday at every site. To download go to: 10

11 Contactless Reader (Screenshot) 11

12 Additional Systems PIV Authoritative Database (PAD) The PAD is the official FAA repository of all PIV Cards issued. The data from the system is shared with both Physical and Logical Access. When an FAA PIV Card is cancelled or suspended access to FAA Physical and Logical systems is automatically revoked within 15 minutes. 12

13 Additional Systems PIV Authoritative Database (PAD) When other agency PIV Cards are cancelled or suspended access to FAA Physical and Logical system is automatically revoked within 8 hours. This timeframe is configurable. 13

14 14

15 Forgotten PIV Cards Employees will be issued a Temporary PIV Card. When issued, their existing PIV Card will automatically be suspended. Temporary PIV Card can immediately be used for Physical Access and any usage of the PIV Authoritative Certificate. Signing and Encryption certificate are not available on the Temporary PIV Card. Once Temporary PIV Card is returned the employees PIV Card is reinstated. 15

16 Forgotten PIV Cards Temporary PIV Cards are re-usable. 16

17 Issues Readers/Cards Some PIV Cards will work in one reader but not another. They always work in the SmartTerminal ST-1044 by Cherry. Electromagnetically Opaque Sleeve. Cost of the holder and the issues it causes for employees using the PIV Cards. 17

18 Issues Long Names Should be resolved in FIPS Fingerprint Capturing Should be resolved in FIPS with IRIS scanning included. 18

19 FAA PACS The FAA has 1100 facilities. The FAA has 100 sites PIV Compliant. Planning has already begun to PIV enable an additional 500 sites. The remaining 500 sites are under consideration in making PIV Compliant. Average 3-5 employees per site. May not be cost effective These sites are Security Level 1 Facilities. 19

20 FAA PACS We use Pegasus P2000. FAA HQs will begin using PIV Cards in early June. Turnstiles are installed and going through final testing. Handheld devices will be used for entry to garage. MicorFlex CE Codebench software configured with the P

21 FAA LACS Domain Controller Certificates issued from PKI. Network Logon has been completed. Implementation is in process. Office of Security & Hazardous Materials Safety (approximately 470 employees) use PIV Cards exclusively for Network Logon and internal Web Applications. 21

22 22

23 Contacts For more information or to arrange for demonstrations of the FAA systems please contact: Ed Ebright Guy Davidson

24 Questions & Answers