For Official Use Only (FOUO)



Similar documents
National Capital Region. Electronic Designation and Validation of Federal/Emergency Response Officials (F/EROs) in support of National Preparedness

NATIONAL INCIDENT MANAGEMENT SYSTEM

Commonwealth of Virginia Personal Identity Verification-Interoperable (PIV-I) First Responder Authentication Credential (FRAC) Program

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

NIMS GUIDELINE FOR THE CREDENTIALING OF PERSONNEL DRAFT NOVEMBER 21, 2008

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

STATE OF LOUISIANA STANDARD OPERATING PROCEDURE. Statewide Credentialing/Access Program. All Hazards Access

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Smart Cards and Biometrics in Physical Access Control Systems

An Operational Architecture for Federated Identity Management

E X E C U T I V E O F F I CE O F T H E P R E S I D EN T

Enabling Security, Compliance and Efficiency: Achieve Your Federal Identification Credentialing Goals

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

JEM Establishing identity during a disaster: The Emergency Management Assistance Compact and the First Responder Authentication Credential

Type 3 All-Hazard Incident Management System Credentialing Guide

Department of Defense INSTRUCTION

STATEMENT OF WORK. For

Practical Challenges in Adopting PIV/PIV-I

Framework for Emergency Response Officials (ERO) Authentication and Authorization Infrastructure

Emergency Response Official Credentials A Smart Card Alliance White Paper. Salvatore D Agostino CEO, IDmachines LLC sal@idmachines.

Justice Management Division

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

INCIDENT SCENE AUTHORIZED ACCESS USING A MOBILE DEVICE

HSPD-12 Homeland Security Presidential Directive #12 Overview

Privacy Impact Assessment of. Personal Identity Verification Program

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

Federal Identity Management Handbook

IDaaS: Managed Credentials for Local & State Emergency Responders

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

DEPARTMENTAL REGULATION

Identity, Credential, and Access Management. Open Solutions for Open Government

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

ITTF POLICY STATEMENT 2010 (6)

Interagency Advisory Board Meeting Agenda, September 27, 2010

LARIMER COUNTY COMPREHENSIVE EMERGENCY MANAGEMENT PLAN. Larimer County Emergency Management 200 W. Oak Street Fort Collins, CO

Small Business Administration Privacy Impact Assessment

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

Identity & Privacy Protection

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

U.S. Department of Energy Washington, D.C.

U.S. Department of Housing and Urban Development

Mission Assurance and Security Services

No additional requirements to use the PIV I card for physical facility access have been identified.

Subject: Critical Infrastructure Identification, Prioritization, and Protection

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT AND PERSONAL IDENTITY VERIFICATION (PIV) SOLUTIONS

US Security Directive FIPS 201

Information Technology Policy

Lesson 1: What Is the National Incident Management System (NIMS)? Summary of Lesson Content

Larimer County Comprehensive Emergency Management Plan 2015

Personal Identity Verification

This page intentionally left blank.

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

NEBRASKA STATE HOMELAND SECURITY STRATEGY

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

ANNEX 3 ESF-3 - PUBLIC WORKS AND ENGINEERING. SC Budget and Control Board, Division of Procurement Services, Materials Management Office

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

The Government-wide Implementation of Biometrics for HSPD-12

Integration of Access Security with Cloud- Based Credentialing Services

Issuance and use of PIV at FAA

New Mexico Homeland Security and Emergency Management REQUEST TO USE FEDERAL GRANT FUNDS For Training, Conferences or Exercise Activities

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

NEBRASKA EMERGENCY MANAGEMENT AGENCY

Personal Identity Verification (PIV) of Federal Employees and Contractors

NIMS Study Guide. Lesson One: What Is the National Incident Management System (NIMS)? What is NIMS?

2. APPLICABILITY AND SCOPE

January 2008 National Response Framework: Overview Page i

Identity - Privacy - Security

Final Exam for: IS-700.a National Incident Management System (NIMS), I-700

Personal Identity Verification (PIV) of Federal Employees and Contractors

Personal Identity Verification (PIV) of Federal Employees and Contractors

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

Overview of Homeland Security Funding 1999 to Present National Incident Management System Mandates and Training Requirements

DEPARTMENT OF DEFENSE GUIDEBOOK FOR CAC-ELIGIBLE CONTRACTORS FOR UNCLASSIFIED NETWORK ACCESS

Identity and Access Management Initiatives in the United States Government

Final Exam for: IS-700.a: National Incident Management System (NIMS) An Introduction

Chapter 7. Response & Recovery. 9/11 Response. 9/11 Response (cont.) Chapter 7 Response and Recovery Fall Introduction to Homeland Security

A Uniform Identification Badge for Medical and Emergency Workers: Managing a Regional Personal Identification Verification Program

Credentialing of Personnel and Authentication Matrix

National Incident Management System (NIMS) Update. Matthew P Bernard NIMS Coordinator FEMA Region X April 2012

Strong Authentication for PIV and PIV-I using PKI and Biometrics

Personal Identity Verification (PIV) of Federal Employees and Contractors DRAFT

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 (HSPD-12) PROGRAM

Moving to Multi-factor Authentication. Kevin Unthank

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May By Lynne Prince Defense Manpower Data Center

North Carolina Emergency Management

Independent Study Program

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

A Smart Card Alliance Physical Access Council and Identity Council White Paper. Publication Date: January 2011 Publication Number: PAC-11001

State Identity Credential and Access Management (SICAM) Guidance and Roadmap

The following NIMS FAQ was prepared by NIMS on-line, which has additional information at

Transcription:

The FEMA Mission To support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, and recover from, and mitigate all hazards Response / Recovery Officials Must Trust Each Other to Work Together 1

Historical Disaster / Emergency Access Controls Federal SLTT CIKR Prior to the release of the NIMS Guideline for the Credentialing of Personnel no uniform process exists for entry decisions Contingency Relocation or Response/Recovery Integration Volunteers 9/11 Commission and Post-Katrina Reports 2

HSPD-12 Requirement (Personal Identity Verification (PIV) Credential) Presidential Mandate: August 27, 2004 Applicable to employees of the Federal Executive Branch and associated employees contracted for more than 180 days "Secure and reliable forms of identification" for purposes of this directive means identification that: is issued based on sound criteria for verifying an individual employee's identity; is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; can be rapidly authenticated electronically; and is issued only by providers whose reliability has been established by an official accreditation process. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application HSPD-12 Source: http://www.dhs.gov/xabout/laws/gc_1217616624097.shtm#1 Mandated Very Highly Trusted Cyber-Secure Identities 3

Personal Identity Verification Interoperability (Approved by Federal CIO Council May 6, 2009) PIV I Credential: Can be interoperable with the Federal government PIV systems Can be trusted by Federal government relying parties Identity Proofing: Applicant is required to appear in person and Applicant is to provide two forms of identity source documents in original form List of acceptable documents included in Form I-9 At least one of the documents must be a valid State or Federal government-issued picture identification (ID) Non-Federal Issuers (NFI) Identity Authentication PKI Certificate NFI PIV Interoperable credentials must include an Identity Authentication PKI Certificate issued by a Certification Authority (CA) Chains to the Federal Bridge Certification Authority (FBCA) at the Medium Hardware assurance level via cross-certification Source: Personal Identity Verification Interoperability (PIV I) http://www.idmanagement.gov/documents/piv_io_nonfed_issuers_may2009.pdf Established Very Highly Trusted Cyber-Secure Identities 44

NIMS Guideline for the Credentialing of Personnel Overview: 1. The Guideline provides guidance on GSA-approved PIV/PIV-I credentialing for: Federal, State, Local and Tribal Authorities Emergency Management Assistance Compact (EMAC) Private sector organizations Critical Infrastructure owners and operators Voluntary, not-for-profit, and nongovernmental organizations 2. Both PIV and PIV-I use the same Federal Information Processing Standards (FIPS) 201 open source technology 3. The PIV/PIV-I solution includes: Common terminology and issuance process Trusted identity, attributes, and privileges Interoperability in identification and access control systems 5

PIV / PIV-I Interoperable Features PIV F/ERO 6.Expiration Date 1. Color Photograph 4. 1443 Contactless Wire PIV-I ERO 2. Security Clearance Designator (If applicable) 3. Integrated circuit chip (ICC) * Requires 6-8 Digit Personal Identification Number (PIN) to unlock * Cardholder unique identifiers *Digital certificates to authenticate the cardholder *Contains facial and fingerprint Biometrics: - Digital Facial Photo - Two encrypted fingerprint templates 5. Affiliation Designator: Contractor, Affiliate, or blank PIV / PIV-I Credentials Support Biometric-based Authentication 66

F/ERO Cyber Attributes F/ERO eattribute sponsorship and registered designations depending on NRF, NIPP, NCPIP and NDRF responsibilities Federal / Emergency Response Official: When checking the yes box during PIV issuance, the sponsoring Agency must determine and keep current what NRF, NIPP, NCPIP or NDRF category is being sponsored as depicted in the drop down boxes shown. x x x x YES NO National Continuity Policy Implementation Plan (NCPIP) Essential Government Function Emergency Support Function (ESF) 5 - Emergency Management Contingency Personnel ESF 1 ESF 2 ESF 3 ESF 4 ESF 5 ESF 6 ESF 7 ESF 8 ESF 9 ESF 10 ESF 11 ESF 12 ESF 13 ESF 14 ESF 15 Transportation Communications Public Works and Engineering Firefighting Emergency Management Mass Care, Emergency Assistance, Housing and Human Services Logistics Management and Resource Support Public Health and Medical Services Search and Rescue Oil and Hazardous Materials Response Agriculture and Natural Resources Energy Public Safety and Security Long-Term Recovery External Affairs Recommended Agency Requirements 1. All Agencies are to designate NRF, NIPP, NCPIP, and NDRF Attribute Administrators 2. Attribute Administrators are to actively sponsor or revoke F/ERO registrations in the F/ERO Repository once established National Doctrine F/ERO Population Sector 1 Agriculture and Food Sector 2 Banking and Finance Sector 3 Chemical Sector 4 Commercial Facilities Sector 5 Dams Sector 6 Defense Industrial Base Sector 7 Emergency Services Sector 8 Energy Sector 9 Government Facilities Sector 10 Information Technology Sector 11 National Monuments and Icons Nuclear Reactors, Materials and Sector 12 Waste Sector 13 Postal and Shipping Sector 14 Public Health and Healthcare Sector 15 Communications Sector 16 Transportation Systems Sector 17 Water Sector 18 Critical Manufacturing RSF 1 RSF 2 RSF 3 RSF 4 RSF 5 RSF 6 Planning and Capacity Building Economic Development Health and Social Services Housing Infrastructure Systems Natural and Cultural Resources 7 7

PIV-I/FRAC TTWG Targeted Audience Federal Medical Fire and Rescue Transportation / HAZMAT State PIV / PIV-I Identities and F/ERO Attributes Integration Infrastructure Local Military / National Guard / USCG Retail Force Protection Volunteer Resident 8

PIV/PIV-I Interoperability & FIPS 201 Technology Logical Access PIV / PIV-I Routine Access and Use- Case Applications Physical Access Disaster / Emergency Access and Use-Case Applications F/EROs Streamlining Routine and Emergency Use-Case Investment Strategies 99

F/ERO Electronic Validation Process Federal SLTT Leveraging CAC, PIV, or PIV-I credentials and FIPS 201 mobile validation devices for communication-in or-out risk management decisions JRSOI Contingency Relocation or Response / Recovery Disaster Access CIKR JRSOI = Joint Receiving Staging Operations Integration Volunteers Provides a real-time roster Access Data: accountability traceability liability EOC Geospatial Human Situational Awareness Display Achieving NIMS Credentialing Guideline Interoperability 10 10

End State: Mutual Aid Preparedness Incident Management: To get the right people with the right attributes to the right places at the right times thus reducing response/recovery times and promoting restoration to pre-incident quality of life conditions Intended benefit: F/EROs will possess FIPS 201 identity credentials that align with Federal standards and enable e-authentication of identity and disaster response/recovery attribute information for determining access privileges Additional benefit: FIPS 201 identity credentials issued by respective sponsoring agencies in a distributed environment can be integrated into standards-based physical and logical access systems thus eliminating proprietary solutions that can be costly to maintain/sustain over life-cycle investments All-of-Nation/Whole Credentialing and Validation Standardization 11 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information