1 / 11

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005

Homeland Security Presidential Directive 12 (HSPD-12). “Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005. HSPD-12 Briefing Outline. Executive Summary Implementation Highlights Where We Are Now Issues. Executive Summary HSPD-12.

fidelia
Download Presentation

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Homeland Security Presidential Directive 12 (HSPD-12) “Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005

  2. HSPD-12 Briefing Outline • Executive Summary • Implementation Highlights • Where We Are Now • Issues

  3. Executive SummaryHSPD-12 • Homeland Security Presidential Directive 12 was signed by President Bush Aug. 27, 2004 • “…It is the policy of the United States to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy…” • Improved personal identity verification (PIV) of all federal employees and contractors. • Interoperable ID badges/“smart cards.”

  4. Executive SummaryHSPD-12 Control Objectives “Secure and reliable forms of identification” must be:  • Issued based on sound criteria for verifying an individual employee’s identity. • Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation. • Able to be rapidly authenticated electronically. • Issued only by providers whose reliability has been established by an official accreditation process.

  5. Executive SummaryTo implement, we must… • Strengthen and standardize identity verification process. • Operate a comprehensive PIV card authentication and personal identity verification system. • Procure standard ID badges/ smartcards, readers, and PKI services per FIPS 201. • Capture index fingerprints on PIV card, and store fingerprints in database.

  6. Executive SummaryGuidance and Standards • Federal Information Processing Standards 201 (FIPS) for HSPD-12 developed by NIST. • FIPS 201 breaks down requirements into “PIV I” and “PIV II.” • Includes NIST Special Publications • SP 800-73 – Smart card requirements. • SP 800-76 – Biometric requirements (fingerprints). • SP 800-78 – Cryptographic requirements (PKI). • SP 800-79 – Certification and accreditation (C&A). • SP 800-85 – Testing procedures for PIV products.

  7. Executive SummaryFIPS 201 (Part 1 & II) • PIV I – the process • Strengthens “identity-proofing” and background investigations. • Defines credential issuance process. • Mandates privacy protections. • PIV II - components of the PIV system • Interoperable PIV Card. • Card Management Subsystem. • Access Control Subsystem. • Identity Management System (IDMS). • PKI credential.

  8. Implementation HighlightsDue Dates • By Oct. 27, 2005: PIV-I: • Identity proofing and credential issuance process complies with FIPS 201, part 1. Completed. • By Oct. 27, 2006: PIV-II: • New employees/ contractors: Issue only PIV-II compliant cards and require use for both physical and logical access. • Existing employees/ contractors: Begin replacing cards. • FBI National Criminal History (fingerprint) Check portion of background investigation before PIV Card issuance. • Full National Agency Check with Inquiries (NACI) must follow. • By Oct. 27, 2007: • Finish replacing cards for current employees/ contractors and require use for both physical and logical access. • All federal employees with less than 15 years of service and all contractors must be identity proofed with a minimum of a NACI.

  9. Where We Are Now • Currently compliant with all FIPS 201 requirements for PIV I. • PIV I Guidance issued. • New PIV I form being utilized. • New HR hiring practices are in place. • Conducted training for all OSEP employees associated in PIV I process. • CPO conducted Contracting Officers training. • New HUDAR clause is written. • OSEP has started Certification and Accreditation process. • GSA currently working on hiring contractor support for future DSX upgrades and additional hardware.

  10. Government WideHUD Involvement • Federal Identity Credentialing Committee (FICC) • Interagency Partnership Working Group meetings • Smart Card Interagency Advisory Board (IAB) • Interagency Privacy Committee

  11. Next Steps • Future Issues: • High project implementation costs. • Integration of DSX to HUD infrastructure. • HUD computer network access will require use of PIV card (including PKI credential). • PKI credential has never been used in HUD environment. • Procurement risks: • Currently there are no products or services that are certified to be FIPS 201 compliant. • GSA will require purchases of products using Schedule 70 (HITS?). • GSA will not have new Schedule 70 in place until May 2006.

More Related