The Government-wide Implementation of Biometrics for HSPD-12



Similar documents
GSA FIPS 201 Evaluation Program

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

The Implementation of Homeland Security Presidential Directive 12

Personal Identity Verification (PIV) of Federal Employees and Contractors

Justice Management Division

Product Testing Programs

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

US Security Directive FIPS 201

E X E C U T I V E O F F I CE O F T H E P R E S I D EN T

U.S. Department of Housing and Urban Development

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Smart Cards and Biometrics in Physical Access Control Systems

Personal Identity Verification (PIV) of Federal Employees and Contractors

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

Personal Identity Verification

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

Personal Identity Verification (PIV) of Federal Employees and Contractors

Privacy Impact Assessment of. Personal Identity Verification Program

Federal Identity Management Handbook

Personal Identity Verification (PIV) of Federal Employees and Contractors DRAFT

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

Commonwealth of Virginia Personal Identity Verification-Interoperable (PIV-I) First Responder Authentication Credential (FRAC) Program

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May By Lynne Prince Defense Manpower Data Center

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

National Capital Region. Electronic Designation and Validation of Federal/Emergency Response Officials (F/EROs) in support of National Preparedness

Information Technology Policy

PIV Data Model Test Guidelines

Issuance and use of PIV at FAA

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Federal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1.

Small Business Administration Privacy Impact Assessment

NIST Cyber Security Activities

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

For Official Use Only (FOUO)

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

Practical Challenges in Adopting PIV/PIV-I

Identity - Privacy - Security

~ Final Credentialing Standards for Issuing Personal Identity Verification Cards under HSPD-12

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

HSPD-12 Homeland Security Presidential Directive #12 Overview

ARC Outreach on HSPD 12 and Mandatory Use of ODIN

Identity, Credential, and Access Management. Open Solutions for Open Government

Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

DEPARTMENTAL REGULATION

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

Identity and Access Management Initiatives in the United States Government

Enrolling with PIV and PIV-I Velocity Enrollment Manager

STATEMENT OF WORK. For

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION

SIGNIFICANT CHANGES DOCUMENT

NIST Test Personal Identity Verification (PIV) Cards

Personal Identity Verification Card

Strong Authentication for PIV and PIV-I using PKI and Biometrics

I N F O R M A T I O N S E C U R I T Y

Required changes to Table 6 2 in FIPS 201

Developing a Federal Vision for Identity Management

SecurityManager. Enterprise Personnel & Physical Security Case Management Solution for Federal Agencies

FIPS 201 Evaluation Program Development - Configuration Management Plan

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

2012 FISMA Executive Summary Report

Seeing Though the Clouds

Report No. D June 23, DoD Implementation of Homeland Security Presidential Directive-12

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation

Department of Defense INSTRUCTION

Government Compliance Document FIPS 201, FIPS 197, FIPS 140-2

I N F O R M A T I O N S E C U R I T Y

Department of Defense SHA-256 Migration Overview

Archived NIST Technical Series Publication

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

IDaaS: Managed Credentials for Local & State Emergency Responders

Security Language for IT Acquisition Efforts CIO-IT Security-09-48

Architecture for Issuing DoD Mobile Derived Credentials. David A. Sowers. Master of Science In Computer Engineering

FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT AND PERSONAL IDENTITY VERIFICATION (PIV) SOLUTIONS

Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.3

Chapter 15 User Authentication

CoSign by ARX for PIV Cards

U.S. Department of Energy Washington, D.C.

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Reclamation Manual Directives and Standards

An Operational Architecture for Federated Identity Management

December 8, Security Authorization of Information Systems in Cloud Computing Environments

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

NEIS HELP DESK FAQS. HSPD-12 Policy/Business Process. General HSPD-12 FAQs can be found online at:

Information Security Workforce Development Matrix Initiative. FISSEA 23 rd Annual Conference March 23, 2010

Transcription:

The Government-wide Implementation of Biometrics for HSPD-12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy September 24, 2008 1

The HSPD-12 Mandate Home Security Presidential Directive 12 (HSPD-12): Policy for a Common Identification Standard for Federal Employees and Contractors -- Signed by President: August 27, 2004 HSPD-12 has Four Control Objectives: Issue Identification based on sound criteria to verify an individual s identity. Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation. Personal Identity can be rapidly authenticated electronically. Issued by providers who s reliability has been established by an official accreditation process. 2

Government-wide Implementation Strategy OMB provides policy and implementation guidance. NIST provides HSPD-12 process and technical requirements (FIPS 201 and associated Special Publications). Government-wide interoperability is required. Implementation is controlled through acquisition process. GSA designated as Executive Agent for Acquisition for Information Technology for the implementation of HSPD-12. GSA is designated to establish an evaluation program to ensure that products/services conform to HSPD-12 (FIPS 201) requirements. GSA designated as Government-wide Shared Service Provider to provide shared services and infrastructure for government-wide implementation (MSO). Extremely aggressive milestones are needed to maintain focus and momentum. 3

The Quest for Interoperability Interoperability is defined as the ability of: Diverse systems and organizations to work together (inter-operate). Wikipedia Two or more systems or components to exchange information and to use the information that has been exchanged. IEEE Any government facility or information system, regardless of PIV issuer, to verify a cardholder s identity using the credentials on the PIV card. FIPS 201-1 Two or more devices, components, or systems to exchange information in accordance with defined interface specifications and to use the information that has been exchanged in a meaningful way. GSA 4

The Starting Gate for Government-wide Interoperability Standard data model CHUID FP Biometric Template PIV Authentication Certificate Optional digital credentials Interoperability and security standards PIV data interface specifications Standard Testing Programs - Products Reference Implementations - data interface specifications Standard Testing Program - data interface specifications FIPS 201 and associated NIST Special Publications SP 800-76-1 Biometric Data Specification for Personal Identity Verification PIV Interface Specifications Standard Testing Programs - Products - GSA FIPS 201 Evaluation Program - NIST - FBI - NVLAP - OPM 5

Status of GSA FIPS 201 Evaluation Program GSA administers the FIPS-201 Evaluation Program to determine conformance to FIPS-201 normative requirements. Certified laboratories perform all FIPS 201 conformance tests and evaluations GSA approves all evaluations and posts to Approved Product List Approved Product List posted at http://fips201ep.cio.gov/ GSA identified 24 categories of products/services which must comply with specific normative requirements contained in FIPS 201 Current product and services approvals: 360+ products on FIPS 201 Approved Product List Current certified labs: Require NVLAP accreditation, GSA FIPS 201 EP Certification Atlan Laboratories, InfoGard Laboratories Several more lab certifications in progress 6

FIPS 201 EP Product/Service Categories # Product/Service Category # Product/Service Category 1 Authentication Key Reader 13 Facial Image Capturing Middleware 2 Biometric Reader 14 Fingerprint Capture Station 3 Biometric Reader Authentication 15 Graphical Personalization 4 5 6 7 8 9 10 11 CHUID Authentication Reader (Contact) CHUID Authentication Reader (Contactless) CHUID Reader (Contact) CHUID Reader (Contactless) Cryptographic Module Electromagnetically Opaque Sleeve Electronic Personalization Electronic Personalization (Service) 16 17 18 19 20 21 22 23 24 OCSP Responder Single Fingerprint Capture Device PIV Card PIV Card Delivery PIV Middleware Fingerprint Template Generator Fingerprint Template Matcher Transparent Reader Card Printer Station 12 Facial Image Capturing Camera 7

APL Products for PIV Architecture Components PIV Enrollment Fingerprint Capture Station Facial Image Capture Camera/Station Facial Image Capture (middleware) FP Template Generator FP Template Matcher Authentication Use Cases PIV Card Reader Transparent PIV Card Reader CHUID PIV Card Reader Auth Key PIV Card Reader Biometric PIV Card Reader Biometric Auth PIV Middleware Cryptographic modules PIV IDMS (SIP) FP Template Generator FP Template Matcher Card Issuance/ Activation Single FP Capture Device FP Template Generator FP Template Matcher Cryptographic modules Card Sleeve OPM/FBI National Criminal History Check NACI Fingerprint Capture Station Card Production and Management System PIV Card PIV Middleware PIV Card Printer Station PIV Card Electronic Personalization (product, service) PIV Card Graph. Personalization PIV Card Delivery 8

FIPS 201 Evaluation Program Biometrics GSA FIPS 201 Evaluation Program evaluates 8 categories of biometric products 1. Fingerprint Capture Station 2. Single Fingerprint Capture Device 3. Facial Image Capture camera/station 4. Facial Image Capture (middleware) 5. Fingerprint Template Generator 6. Fingerprint Template Matcher 7. PIV Card Reader (Biometric) 8. PIV Card Reader (Biometric Authentication) NIST performs testing for FP Template Generator/Matcher. NIST Minutiae Interoperability Exchange Tests (MINEX) Intended to assess performance and sufficiency of algorithms under ANSI/INCITS 378 standard. NIST MINEX QPL at http://fingerprint.nist.gov/minex/qpl.html FBI performs testing and certification for FP scanning equipment. FIPS 201 Evaluation Program categories Fingerprint Capture Station and Single Fingerprint Capture Device FBI tests conformance to FBI IAFIS Quality Specifications. FBI Certification list at http://www.fbi.gov/hq/cjisd/iafis/cert.htm All products are approved by GSA FIPS 201 Evaluation Program 9

10

11

Accessing the FIPS 201 Approved Products List 12

Schematic for GSA FIPS 201 EP Lab Accreditation and Certification Steps for GSA EP Lab Certification: 1. Accreditation under NVLAP as a Basic Cryptographic and Security Testing (17BCS) laboratory. 2. Accreditation under NVLAP as a NIST Personal Identity Verification Program (NPIVP) Testing (17PIV) Laboratory. 3. Accreditation under NVLAP for all GSA FIPS 201 test methods (17GSAP). 4. Certification under GSA FIPS 201 Evaluation Program for all test, evaluation, and laboratory requirements. 13

HSPD-12 Systems Shared and Stand-Alone 3 SSPs for HSPD-12 16 stand-alone Shared HSPD-12 systems GSA Dept. State DoD Achieving interoperability across 3 separate and distinct systems is VERY HARD, achieving interoperability across 19 systems is well VERY, VERY HARD. Stand-Alone DOL DHS ED EOP EPA FAA FHFB FTC HHS HUD IBB NASA NCUA SBA SSA VA 14

Where We are Today Manage configurations across Govt for new technologies/requirements Extend PIV infrastructure to new Communities (FRAC, Healthcare) Implement and test standard interface Specifications across PIV systems Build and test standard use case applications Complete conversion to PIV Credentials for all contractors Complete conversion to PIV Credentials for all employees Stabilize issuance operations Across 19 HSPD-12 systems We re still climbing the first steps 15

For More Information Visit our Websites: http://www.idmanagement.gov http://fips201ep.cio.gov/index.php http://www.fedidcard.gov http://www.cio.gov/ficc http://www.csrc.nist.gov/piv-project Or contact: David Temoshok April Giles, CISM, CISA, CISSP Director, Identity Policy and FIPS 201 Evaluation Program Chief Management Architect 202-208-7655 202-501-1123 david.temoshok@gsa.gov april.giles@gsa.gov 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information