180 likes | 282 Views
Virginia’s First Responder Authentication Credential (FRAC) Program January 2008. Credentialing. During incidents such as natural and man-made disasters, there is a need to expeditiously authenticate and validate the Emergency Response Community (public and private).
E N D
Virginia’s First Responder Authentication Credential (FRAC) ProgramJanuary 2008
Credentialing During incidents such as natural and man-made disasters, there is a need to expeditiously authenticate and validate the Emergency Response Community (public and private) • Need to have a standard credential for Emergency Response Officials (not associated with the REAL ID Act) • Credential needs to verify the identity and other pertinent information of Emergency Responders at incident scenes • Credential needs to allow access into and out of secured areas and across multi-jurisdictions • Need to identify a person’s status within Sectors, Agency, or Emergency Support Function (ESF) which supports the National Response Plan (NRP) • Need a standard process and requirements to obtain the credential (trust model) • Trust Model is established when all participants agree upon credentialing and eligibility rules and therefore trust credentials issued through a partner
Arlington County 9/11 After Action Report • “Some firefighters said they had never seen so many volunteers, and wondered aloud if a volunteer firefighter tee shirt was the only required identification.” • “The last full activation of the EOC was in preparation for the anticipated problems associated with the arrival of the year 2000 (Y2K). As a result, although many county officials had EOC identification (ID) badges, they had long since expired. A current ID system was not in place.” • “Arlington County should work with neighboring jurisdictions and other emergency response agencies and volunteer organizations to implement a uniform identification system.”
Federal Response to Hurricane Katrina Lessons Learned • “[Complete] the development of a credentialing system … to allow authorized volunteers and workers restoring critical infrastructure access to relief sites” • “The Federal response should better integrate the contributions of volunteers and nongovernmental organizations into the broader national effort. This integration would be best achieved at the State and local levels, prior to future incidents. In particular, State and local governments must … credential their personnel, and provide them the necessary resource support for their involvement in a joint response.”
Federal Credentialing Standard: HSPD 12 • Signed by President Bush in August, 2004 • Mandatory for all Executive Branches of Government (ie: FBI, DEA, Secret Service, Pentagon Force Protection Agency [PFPA], etc.) • Established a mandatory Federal Government-wide interoperable standard for secure and reliable forms of identification that: • Can verify an individual’s identity • Are strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation • Can be rapidly authenticated electronically • Are issued through an official accreditation process
Federal Credentialing Standard: FIPS 201(Federal Information Processing Standards) • Created by the National Institute of Standards and Technology (NIST) • Response to HSPD-12 • Specifies the architecture, technical and administrative requirements • Defines requirements for: • Identity proofing • Registration • Issuance of identification credentials
Needed Standards • States, locals, and private sectors need to agree upon common identification standards for Emergency Response Community • In many high profile incidents, the lack of identity trust between jurisdictions resulted in the inability of Emergency Responders to reach incident scenes, and response and recovery activities were significantly delayed because incident scene commanders could not rapidly verify the person’s identity
State and Local Efforts • The following are voluntarily choosing to adopt the HSPD 12 and FIPS 201 standards, following Virginia’s lead, thereby achieving multi-jurisdictional interoperability between the Emergency Response Community, all levels of government, and the private sector: • Maryland has developed a standard FRAC for Emergency Responders which is interoperable with Virginia’s FRAC • Illinois is currently developing a FRAC program • Pennsylvania is in the early stages of developing a FRAC program • The San Antonio, Texas region is beginning the first steps toward full FIPS 201 compliance for their next generation unified ID badge for all Fire/EMS personnel and physicians • Denver, Colorado is developing a FIPS 201 compliant credential and wants to implement statewide
National Efforts • The National Fire Academy released a report recommending a FIPS 201 compliant National Fire Service Responder Credentialing System • National Incident Management System is developing a consensus on job requirements within each Emergency Support Function. • Transportation Worker Identification Card (TWIC) now follows FIPS 201 standards • DHS anticipates rolling out the FRAC program first in FEMA Region 3 and then the entire East Coast • Pentagon Force Protection Agency (PFPA) has identified the FRAC as it’s preferred identification for response to the Pentagon and other leased DOD facilities within the NCR
Virginia FRAC • The FRAC is a standards-based smart card that is issued to the Emergency Response Community in the NCR which will be recognized and accepted as a true representation of their identity and other pertinent data • The FRAC is the only interoperable identity credential for all Federal, State, local and private sector Emergency Responders • Facilitates quick identity verification • Supports NCR preparedness objectives • Supports EO 44 (culture of preparedness) • COOP/COG • Response and recovery efforts
FRAC • The Commonwealth FRAC is designed to: • Securely establish emergency responders’ identities at the scene of an incident. • Confirm first responders’ qualifications and expertise, allowing incident commanders to dispatch them quickly and appropriately. • Enhance cooperation and efficiency between federal, state and local first responders. • Nationally • Regionally • Locally
The Commonwealth’s Progress • The Commonwealth has developed a FRAC Program using NCR UASI grant funding • Virginia is the first nationally • Issued over 2,200 FRACs to Arlington County and the City of Alexandria Emergency Response Community
FRAC Statistics • Emergency Support Function (ESF) Registered • ESF #1: Transportation 35 • ESF #1: Transportation (Maritime) 3 • ESF #2: Communications 103 • ESF #3: Public Works and Engineering 25 • ESF #4: Firefighting 111 • ESF #4: Firefighting (Fire Chief) 3 • ESF #4: Firefighting (Career Firefighter) 477 • ESF #4: Firefighting (Volunteer Firefighter) 8 • ESF #5: Emergency Management 108 • ESF #5: Emergency Management (COOP/COG) 30 • ESF #5: Emergency Management (Director) 5 • ESF #5: Emergency Management (ERG) 8 • ESF #6: Mass Care, Housing and Human Services 42 • ESF #7: Resource Support 20 • ESF #8: Public Health and Medical Services 58 • ESF #8: Public Health and Medical Services (Physician) 4 • ESF #8: Public Health and Medical Services (Nurse) 24 • ESF #8: Public Health and Medical Services (EMT) 382 • ESF #8: Public Health and Medical Services (Paramedic) 135 • ESF #9: Urban Search and Rescue 75 • ESF #9: Urban Search and Rescue (Swiftwater Rescue) 104 • ESF #9: Urban Search and Rescue (Collapse Rescue) 102 • ESF #9: Urban Search and Rescue (Wilderness Rescue) 13 • ESF #10: Oil and Hazardous Materials Response 166 • ESF #11: Agriculture and Natural Resources 9 • ESF #12: Energy 26 • ESF #13: Public Safety and Security 212 • ESF #13: Public Safety and Security (Federal Agent) 1 • ESF #13: Public Safety and Security (Local Jurisdiction Police) 1061 • ESF #14: Long-Term Community Recovery 13 • ESF #15: External Affairs 28
FRAC Process • An Authorized FRAC Sponsor requests FRAC issuance for an Applicant • The Applicant presents two I9 forms of identification to the FRAC Registrar • The FRAC Registrar electronically authenticates the validity of the documentation, takes a digital photo and fingerprints to be used for issuance. • The FRAC Registrar uses the photograph and fingerprints to search the FRAC database to make sure that the Applicant has not previously been issued a FRAC • The FRAC Registrar approves the Applicant to proceed • The FRAC Applicant appears before the FRAC Issuer and presents two forms of I9 documentation • The FRAC Issuer prints the FRAC, compares the Applicant’s fingerprints with the fingerprints taken by the FRAC Registrar • The FRAC Applicant selects a Personal Identification Number (PIN) • The FRAC Issuer programs and activates the FRAC • The FRAC Issuer has the FRAC Applicant test the card by entering in their PIN and comparing their fingerprints with the fingerprints stored on the card • (Note: fingerprints cannot be read from the card unless the PIN is entered in first)
FRAC Authentication & Security • There are many different levels of assurance for identity authentication supported by the FRAC. Below is one example of how the FRAC has been used to authenticate the identity of the holder: • The FRAC holder presents their FRAC at a perimeter checkpoint • The perimeter security personnel examine the credential checking for mandatory topographical features, signs of tampering • The perimeter security personnel inserts the FRAC into a handheld device. The device checks the digital certificate on the card’s chip to make sure it was issued by an authorized issuer and has not expired or been revoked • The FRAC holder’s digital photograph appears for visual comparison • The FRAC holder enters in their PIN number to unlock the FRAC • The handheld authenticates the FRAC holder’s identity and displays Emergency Support Function (ESF) of the FRAC holder • The FRAC is given back to the FRAC holder • The FRAC holder, at the discretion of the perimeter security personnel/Incident Commander, may be granted access to the area
The Commonwealth of Virginia Pilot FRAC Arlington County AffiliationEmployeeAgencyPolice DeptIssued2005DEC31Expires2008DEC31 LAST,FIRST, MI. Sample This credential is the property of the Commonwealth of Virginia. The counterfeit, alteration, or misuse of this credential constitutes a violation of 18.2-204.2 of the Code of Virginia and section 499, Title 18 of the U.S. Code. Employee ID123456 Sample The bearer of this card is a designated Emergency Responder. After credential verification, bearer may be given access to controlled areas. Rank or ESF Lieutenant Return to: Lost Card Returns Commonwealth of Virginia FRAC Bay O 4262 Entre Court Chantilly, VA 20151 Emergency Response Official 0000000006010 00050150025
Next Steps • The Commonwealth has applied for and received additional funding to continue the FRAC program in other regions • Planning stages of issuing FRACs to the Hampton Roads Region • Continue to educate State and local officials on the FRAC program and it’s interoperability with partners • Continue to work with state agencies to implement FIPS 201 compliant FRAC programs • Continue to support state and local agencies adoption of FIPS 201 compliant credentials for employee identification and physical access control