Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013

Transcription

1 Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management TSCP Symposium November 2013

2 Quantum Secure s Focus on FICAM and Related Standards Complete Suite of Physical Iden:ty and Access management tools, which align with FICAM Industry Leadership and Par:cipa:on v SIA Iden:ty Management CommiOee v SIA PIV Working Group v Smart Card Alliance v Open Security Exchange v Regular IAB Mee:ng AOendance v Public GSA EPTWG Par:cipa:on San Francisco Airport

3 Pressure Points and Conformance Driving FICAM Alignment FIPS HSPD- 12 OMB M FICAM NIST SP

4 What is FICAM? Federal Iden:ty, Creden:al and Access Management Roadmap and Guidance, Version page Document Authored by Federal CIO Council Best Prac:ces in Governance Defining Target (segment) Architectures Transi:oning from AS- IS to Target State Proper creden:al issuance Provisioning iden::es for logical and physical access Lifecycle privilege management for con:nuously updated access authoriza:ons Compliance, Audit, Accountability 4

5 Goals And Expected Outcomes For FICAM Implementa:on Increased protec1on of PII Secure data, secure access Increased security Close security gaps Elimina1on of redundancy Policies & procedures Compliance Internal, external controls Enhanced customer service User- friendly transac>ons Contractor Employee One Iden'ty Improved PIV card interoperability Within, between agencies Visitor

6 FICAM Alignment Both Logical and Physical are Held to the Same Standard Authoritative Identity Management Card issuance, etc. Authorita:ve Iden:ty Management HR, LDAP, IdM PIV/CAC CMS US Access, DEERS, etc. Access Management Policy-driven privilege assignment Automated Workflows Compliance, Enforcement Logical Iden>ty Access Management (LIAM or LACS) Physical Identity Access Management (PIAM) Resources: Software applications Database access Door access Metal keys Asset access HR, Payroll Produc1vity tools Web Sites PACS Brand A PACS Brand B PACS Brand C

7 Primary Themes in FICAM to Achieve Goals PACS are Held to the Same Standard as LACS Privilege Management for Physical Access Policy Automa:on - Automa:c assignment of access based on combina:on of business rules such as role/:tle, training, project or special work assignment, security clearance level, opera:ve, etc. Process Automa:on - Automated workflows requiring human approvals End to End Integra:on Bi- direc:onal integra:on with Authorita:ve Database(s) for real :me updates to PACS provisioning Centralized/Transparent support for all PACS (brands) within a given opera:onal en:ty (department, agency, etc.) Result Reduce/eliminate human error Apply uniform access policy across all users and processes Save money

8 Privilege Management for Physical Access Right Physical IDs Right Access Right Reasons Right Times Physical iden:ty and access management (PIAM) technologies provide authen:ca:on, authoriza:on and provisioning services in order to efficiently streamline the lifecycle of a physical iden:ty within a global organiza:on. PIAM ensures the right Physical ID s i.e. employees, visitors, contractors, vendors are properly authen:cated and have the right access to the right areas, for the right reasons for a specified dura:on of :me. Physical iden>ty and access management (PIAM) deployments are increasing due to technology and product development, compliance mandates, a greater desire to manage alterna>ve user popula>ons such as on- premises visitors and contractors, and a sharp emphasis on >mely and secure access 1 1 Gartner Research; Physical Iden:ty and Access Management; Feb 2012

9 The Current State of Physical Access Management (the As- is State) Contractor Database Corporate HR System LDAP Mul:ple disjointed systems many s:ll non- PIV compliant Limited use of PIV card for physical & logical access Mul:ple (onen manual) processes for iden:ty veong, on- /off- boarding, creden:aling and enrollment, background checks, etc. Audit & compliance process manual and costly Lack of interoperability Common framework for physical & logical security lacking Ability to put internal controls is manual Customer service is manual, slow, complicated, error prone Cost of security opera:on - high Phone Phone Mul1ple, Disparate Physical Access Control Systems Clearance Management Training Database Inter- Agency or PKI Infrastructure Standalone Readers, Locks, Keys, Tokens, Dosimeter

10 Case Study for Mapping a COTS product to FICAM Model

11 Mapping SAFE to the FICAM Target State: Figure SAFE Agents for Authorita1ve Datasources 2 SAFE Agents for Physical Access Control Systems 3 SAFE OCSP/ SCVP/ CRL Agent 4 4 SAFE Applica1on Modules for FICAM Personnel Mgmt/ Cardholder Database Privilege/Access Mgmt Visitor Mgmt Repor1ng (pre- defined reports) Rules/Workflow Engine

12 Mapping SAFE to FICAM Privilege Management Figure 34 3 SAFE Applica1on Self- service 2 SAFE Applica1ons Process and Policy Automa1on Privilege/Access Mgmt 4 SAFE Agent for Physical Access Control System 1 SAFE Agent for Authorita1ve Source SAFE Applica1on Pre- defined reports 5 SAFE Agent for

13 Policy Automa:on No Human Interven:on

14 Process Automation Human Driven One end user interface for making all types of physical security requests 14 Presentation Title and date (update in slide master)

15 Privilege Management Applica:on Suite Physical Iden:ty & Access Management Compliance & Risk Management Security Intelligence Iden:ty & Event Correla:on Physical Iden:ty and Access Manager Web Badging Compliance Regulator NERC/FERC SOX FDA/DEA Audit Management Robust Repor:ng Iden:ty Analy:cs SAFE Event Correla:on Engine Self Service Portal Document Management Alarm Analy:cs Asset Manager Infrac:on Manager Visitor Iden:ty Manager Watch List Manager Contractor Registra:on Portal AOesta:on Audit Tenant Management Portal Policy Server Integra:on Framework

16 Bringing it All Together: FICAM Security Management System Source: CIO Council FICAM Roadmap Modernized PACS Brochure

17 Payoff for Adop:ng FICAM Best Prac:ces Source: CIO Council FICAM Roadmap Modernized PACS Brochure

18 Thank you! Visit us in the Exposition for more discussion!