Issuance and use of PIV at FAA



Similar documents
HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

NEIS HELP DESK FAQS. HSPD-12 Policy/Business Process. General HSPD-12 FAQs can be found online at:

Audio: This overview module contains an introduction, five lessons, and a conclusion.

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Justice Management Division

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

The Convergence of IT Security and Physical Access Control

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

An Operational Architecture for Federated Identity Management

U.S. Department of Housing and Urban Development

Department of Defense PKI Use Case/Experiences

Smart Cards and Biometrics in Physical Access Control Systems

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

The Government-wide Implementation of Biometrics for HSPD-12

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May By Lynne Prince Defense Manpower Data Center

Strong Authentication for PIV and PIV-I using PKI and Biometrics

Practical Challenges in Adopting PIV/PIV-I

For Official Use Only (FOUO)

DEPARTMENTAL REGULATION

RAPIDS Self Service User Guide

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

U.S. Department of Agriculture HSPD 12 Program. USDA HSPD-12 Implementing PIV USDA

Department of Defense INSTRUCTION

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

Enrolling with PIV and PIV-I Velocity Enrollment Manager

Government Compliance Document FIPS 201, FIPS 197, FIPS 140-2

PIV Scheduler Tool. Screen Shots from May 1, :00am Eastern

intertrax MOBILE PIV

Personal Identity Verification

intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version

How to Use Your LincPass Credential

Executive Summary P 1. ActivIdentity

Personal Identity Verification (PIV) of Federal Employees and Contractors

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

GSA FIPS 201 Evaluation Program

The Convergence of IT Security and Physical Access Control

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

IDaaS: Managed Credentials for Local & State Emergency Responders

Moving to Multi-factor Authentication. Kevin Unthank

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

Frequently Asked Questions

solutions Biometrics integration

SPOT FAQ S Frequently Asked Questions

NASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

HSPD-12 Homeland Security Presidential Directive #12 Overview

WHITE PAPER Usher Mobile Identity Platform

Expiring Certificates on LincPass Cards

Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013

US Security Directive FIPS 201

NIST Test Personal Identity Verification (PIV) Cards

Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware

Small Business Administration Privacy Impact Assessment

Get Smart Card Ready. How to Recover Your Old (Expired) Certificates

DEPARTMENT OF DEFENSE GUIDEBOOK FOR CAC-ELIGIBLE CONTRACTORS FOR UNCLASSIFIED NETWORK ACCESS

Product Testing Programs

DUKE ENERGY CENTER BUILDING CARD ACCESS SYSTEM POLICY

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Information Technology Policy

Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

No additional requirements to use the PIV I card for physical facility access have been identified.

Help Desk Self Service Quick Start Guide

Federal Identity Management Handbook

U.S. Department of Energy Washington, D.C.

Emergency Response Official Credentials A Smart Card Alliance White Paper. Salvatore D Agostino CEO, IDmachines LLC sal@idmachines.

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

esign Online Digital Signature Service

2. APPLICABILITY AND SCOPE

TELSTRA RSS CA Subscriber Agreement (SA)

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

The Benefits of an Industry Standard Platform for Enterprise Sign-On

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 (HSPD-12) PROGRAM

SENDING AND RECEIVING PROTECTED INFORMATION VIA ELECTRONIC MAIL. Naval Medical Center Portsmouth IMD Training Division

Identity - Privacy - Security

Required changes to Table 6 2 in FIPS 201

IT Operations User Access Management Policies

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

Strong Authentication for Healthcare

Strong Identity Authentication for First Responders

AIE Frequently Asked Questions

The following questions and responses have been amended from those previously answered on Clarification No. 1, dated August 19, 2014:

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

The Implementation of Homeland Security Presidential Directive 12

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia.

Transcription:

Issuance and use of PIV at FAA Presented to: Government Smart Card Interagency Advisory Board By: Ed Ebright, Division Manager, ID Media Division Date: May 2011

Agenda What we use PIV Card Status FAA HSPD-12 Systems PIV Card Health Check Visitor System Contactless Reader PIV Authoritative Database Forgotten PIV Cards Issues FAA PACS FAA LACS 2

What we use PKI Verisign/Symantec. CMS - Intercede IDMS Investigations Tracking System (ITS). FAA developed web based system. In production since 1995. Precise Biometrics 250 and 200. AWARE Facial Recognition. Customized for the FAA. 3

PIV Card Status As of May 1 st the FAA has issued 68,000 PIV Cards. Total Population 73,000. 98% of Federal Employees have their PIV Card. 99% of all Federal and Contractor employees have applied for the PIV Card. 170 Permanent sites issuing PIV Cards. (Accommodates approximately 85% of workforce. Remaining 15% complete while at permanent site and using Mobile Lite concept. (PIV in a Box). 4

FAA HSPD-12 Systems PIV Card Health Check The purpose of the PIV Card Health Check is to conduct and share an integrity check on individual PIV Cards. Cardholders can access a website and use a friendly GUI to view the health of their PIV Card. Cardholders may also submit a report to the PIV Helpdesk. 5

PIV Card Health Check Helpdesk personnel have real time access to review the same report as the card holder. The system will help in troubleshooting problems such as expired certificates, corrupted cards, and non-card issues such as malfunctioning card reader or login configuration problems. This system is available to other agencies to host and usage. 6

PIV Card Health Check 7

FAA HSPD-12 Systems Visitor System Web based system which allows FAA employees to sponsor visitors from other agencies. Visitor is notified through email and the system automatically walks them through registering their smart card. (PIV and CAC) Data is automatically transferred to the FAA Secure PAD. Facility Manager assigns access to visitor. 8

Visitor Administrator Console 9

FAA HSPD-12 Systems Contactless Reader Contactless Reader. Windows based system which verifies the contactless has not been broken and provides information read from the contactless portion of PIV Card. Used by all 170 sites. Valuable tool used everyday at every site. To download go to: http://members.cox.net/pivprogram 10

Contactless Reader (Screenshot) 11

Additional Systems PIV Authoritative Database (PAD) The PAD is the official FAA repository of all PIV Cards issued. The data from the system is shared with both Physical and Logical Access. When an FAA PIV Card is cancelled or suspended access to FAA Physical and Logical systems is automatically revoked within 15 minutes. 12

Additional Systems PIV Authoritative Database (PAD) When other agency PIV Cards are cancelled or suspended access to FAA Physical and Logical system is automatically revoked within 8 hours. This timeframe is configurable. 13

14

Forgotten PIV Cards Employees will be issued a Temporary PIV Card. When issued, their existing PIV Card will automatically be suspended. Temporary PIV Card can immediately be used for Physical Access and any usage of the PIV Authoritative Certificate. Signing and Encryption certificate are not available on the Temporary PIV Card. Once Temporary PIV Card is returned the employees PIV Card is reinstated. 15

Forgotten PIV Cards Temporary PIV Cards are re-usable. 16

Issues Readers/Cards Some PIV Cards will work in one reader but not another. They always work in the SmartTerminal ST-1044 by Cherry. Electromagnetically Opaque Sleeve. Cost of the holder and the issues it causes for employees using the PIV Cards. 17

Issues Long Names Should be resolved in FIPS 201-2. Fingerprint Capturing Should be resolved in FIPS 201-2 with IRIS scanning included. 18

FAA PACS The FAA has 1100 facilities. The FAA has 100 sites PIV Compliant. Planning has already begun to PIV enable an additional 500 sites. The remaining 500 sites are under consideration in making PIV Compliant. Average 3-5 employees per site. May not be cost effective These sites are Security Level 1 Facilities. 19

FAA PACS We use Pegasus P2000. FAA HQs will begin using PIV Cards in early June. Turnstiles are installed and going through final testing. Handheld devices will be used for entry to garage. MicorFlex CE32408. Codebench software configured with the P2000. 20

FAA LACS Domain Controller Certificates issued from PKI. Network Logon has been completed. Implementation is in process. Office of Security & Hazardous Materials Safety (approximately 470 employees) use PIV Cards exclusively for Network Logon and internal Web Applications. 21

22

Contacts For more information or to arrange for demonstrations of the FAA systems please contact: Ed Ebright Ed.Ebright@faa.gov 202-439-7091 Guy Davidson Guy.Davidson@faa.gov 202-359-3638 23

Questions & Answers