1 / 8

NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman

NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman December 10, 2009 Mark.Silverman@nih.gov. HSPD-12. Homeland Security Presidential Directive 12 Issue smart card ID badges, known as personal identity verification (PIV) cards

perdy
Download Presentation

NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman December 10, 2009 Mark.Silverman@nih.gov

  2. HSPD-12 • Homeland Security Presidential Directive 12 • Issue smart card ID badges, known as personal identity verification (PIV) cards • PIV cards must be used to obtain logical access to IT systems and physical access to facilities. • All NIH staff will have PIV cards by June 2010 The smart card authentication policy provides the framework and timeline for NIH to satisfy the logical access requirements of HSPD-12.

  3. Purchase Smart Card Readers Enable staff to use their PIV cards by requiring NIH computers to support them. • New computer purchases must include smart card readers in accordance with HHS policy • All NIH-networked desktops, laptops and servers to have readers by December 31, 2010 • NITAAC pre-competed the purchase of USB smart card readers, ICs can acquire them under ECS III

  4. Accept Smart Cards Enable use of PIV cards for logical access by requiring NIH systems to accept them. • Applications that use NIH Login must be capable of accepting smart cards by May 30, 2010 • Networked desktops, laptops and servers to support smart card logon by December 31, 2010 • Currently supported by NIH Windows systems

  5. Use Smart Cards Enable NIH to comply with Federal IT security requirements by requiring smart card logon on systems where the use of passwords is not permitted. • Smart cards shall be used to log in to sensitive systems by December 31, 2010 • Smart cards shall be used to log in to laptops by May 30, 2011

  6. Policy Exceptions Policy does NOT apply where not practicable • Smart card use is not required on systems that can not support it (e.g., PDAs, stand-alone systems) or where it would inhibit the operation of the system (e.g., medical equipment) • Passwords may still be used on less sensitive systems, as permitted by NIST 800-53

  7. Smart Card Resources • http://pki.nih.gov • Information about smart cards, readers, policy, etc. • User and diagnostic guides • Windows, Macintosh, Linux and Unix • Authentication, digital signatures and encrypted email • Currently being created by Smart Card Support Project • Subscribe to smartcard-l • Intended for technical support staff • Announcements • Technical issues/solutions

  8. Conclusion • NIH Staff are getting smart cards! • Computers must have readers and middleware! • Applications that use NIH Login must be able to accept smart cards! • Smart cards must be used to access sensitive systems. • If it cannot be done, it is not required!

More Related