1 / 9

PIV 1

PIV 1. Ketan Mehta Ketan.mehta@nist.gov May 5, 2005. PIV 1. What does it mean to agencies Role-based vs System-based Models Moving forward. What does PIV I mean to agencies?. PIV I requires. PIV I does not specify.

mgilliard
Download Presentation

PIV 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PIV 1 Ketan Mehta Ketan.mehta@nist.gov May 5, 2005

  2. PIV 1 • What does it mean to agencies • Role-based vs System-based Models • Moving forward

  3. What does PIV I mean to agencies? PIV I requires PIV I does not specify • Credentials may be issued by authorized entity only to individuals whose true identity has been verified • Only an individual with a background investigation on record may be issued a credential; • Fraudulent identity source documents are not accepted as genuine and unaltered; • A person suspected or known to the government as being a terrorist is not issued a credential; • No substitution occurs in the identity proofing process;  • No credential is issued unless requested by proper authority;  • A credential remains serviceable only up to its expiration date; • A single corrupt official in the process may not issue a credential with an incorrect identity or to a person not entitled to the credential; • An issued credential is not modified, duplicated, or forged. Separation of roles • A particular card technology • Requirements for fingerprint biometrics • Composition of the Identity Credentials • Roles within an agency • Identity proofing process or implementation models • Integration of Physical and Logical access security

  4. Role-based Model Applicant—The individual to whom a PIV credential needs to be issued. PIV Sponsor—The individual who substantiates the need for a PIV credential to be issued to the Applicant, and provides sponsorship to the Applicant. The PIV Sponsor requests the issuance of a PIV credential to the Applicant. PIV Registrar—The entity responsible for identity proofing of the Applicant and ensuring the successful completion of the background checks. The PIV Registrar provides the final approval for the issuance of a PIV credential to the Applicant. PIV Issuer—The entity that performs credential personalization operations and issues the identity credential to the Applicant after all identity proofing, background checks, and related approvals have been completed. The PIV Issuer is also responsible for maintaining records and controls for PIV credential stock to ensure that stock is only used to issue valid credentials.

  5. Identity Management System (IDMS) / Issuer Enrollment /Registrar Identity Verification • 1:n biometric search • Confirm employment • ID Validation through standard government wide services • Government DB’s • Threat risk Card Production & Personalization /Issuer System-based Model Approval Authority / Registrar 1 2 3 Employer/ Sponsorship / Sponsor 5 Employee Application Employee Enrolls 6 7 4 8 Issuer -Card Activation / Issuer Numbers Indicate Functional Areas of Responsibility Green functions manageChain of Trust for Identity Verification

  6. Understand your current environment Employees Employees Partners Partners Administrator Customers Customers User information fragmented, duplicated and obsolete; Redundant processes; Little to no visibility or auditability Administrator Administrator Administrator Timesheets Email Engineering HR Expense Customers Applications and Data Information Systems Resources

  7. Agencies should look to bring coherence to user identities, roles, privileges, and policies User Management Sets up and maintainsuser accounts and privileges (Digital Identities) Credentialing Assigns and manages attributes used to validate a user’s identity (Credentials) Storage Stores user credentials,privileges, and other attributes Authentication Validates identities basedon their credentials (Who you are) Authorization Grants user access to resources based on a secondary set of attributes (What you can access) Users Resources

  8. Only 20% of the planning involves technology

  9. Agencies that adopt a strategy based approach to their PIV investments will achieve the best return on their investment Strategy Based Approach Produces Maximum ROI Architect the Solution Manage Construction Define The Need What is your current environment? What form will your solution take? How will you implement? • What is your current baseline? • Who are responsible for identity management in your agency? • What are the current processes? • What FIPS 201 objectives are not met in the current environment? • What are the gap areas? • What are your architecture choices? • Insource / Outsource • Federation vs. Not Fed • Trust Path • What is your migration strategy? • What stages will your implementation follow? • How will you leverage prototypes and pilots? How will you manage? • How will you mange the change program? • How will you communicate changes to the organization? • How will you mitigate program risks?

More Related