200 likes | 567 Views
Homeland Security Presidential Directive-12 (HSPD-12) Previously Known As E-Authentication/Smart Card. Prior to HSPD 12. My Background- DOI Senior Consultant BLM Lead Bureau – biz process reinvention DOD/DOI partnership (eg ; initial aggregate buy) Interagency Advisory Board ( IAB)
E N D
Homeland Security Presidential Directive-12(HSPD-12) Previously Known As E-Authentication/Smart Card
Prior to HSPD 12 • My Background- DOI Senior Consultant • BLM Lead Bureau – biz process reinvention • DOD/DOI partnership (eg ; initial aggregate buy) • Interagency Advisory Board ( IAB) • GSC 2.1 (especially contactless chip)
HSPD-12 Policy Directs a Common Identification Standard* for Federal Employees and Contractors with Unescorted Access to Federal Facilities and Access to Networks and Systems *Referred to as the Personal Identity Verification (PIV) Card
HSPD-12 (Con’t.) One of the largest collaborative efforts in Government with leadership through the Interagency Advisory Board (IAB) National Institute for Standards and Technology (NIST) General Services Administration (GSA) Office of Management & Budget (OMB) Private Sector Partners Enabling a common Government Information Technology (IT) architecture The DOI team played a prominent role over the last 5 years
HSPD-12 Program Team • Senior Executive Sponsor- Larry Parkinson • Program Manager- Bob Donelson • Project Management- David Belchick • Organizational Leads • OLES- Glenn Smith • OCIO- Hap Huynh • HR- Beres Muschett • PIV/E-process- Andrew Goldsmith • Privacy- Marilyn Legnini • Budget- Tricia Hall • PAM- Willie Davis • Records- Ed McCeney
PHYSICAL SECURITY HR LOGICAL SECURITY Synergy to Success Intra-discipline Workgroups Executive Leadership CFO Inter-discipline Workgroups Legal / Privacy Advocate Program Managers Site Managers Procurement (Contracts) Inspector General
HSPD-12 Control Objectives • Secure and reliable forms of identification • Issued based on sound criteria for verifying an individual employee's identity • Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation • Can be rapidly authenticated electronically • Issued only by providers whose reliability has been established by an official accreditation process 2
HSPD-12 Policy FIPS 201 REQUIREMENTS: Phased-implementation In Two parts • Part 1 – Common Identification and Security Requirements • HSPD-12 control objectives • Identity proofing, registration and issuance requirements • (revised from November draft) • Effective October 2005 • Part 2 - Common Interoperability Requirements • Detailed technical specifications • Most elements (revised) of October preliminary draft • No set deadline for implementation in PIV standard • Migration Timeframe (i.e., Phase I to II) • Agency implementation plans to OMB before July 2005 • OMB to develop schedule
OMB-300 and business case complete for E-Authentication/Smart Card • Gap analysis underway to change to HSPD-12 OMB-300 for 2007 • HSPD-12 plan due to OMB June 27 • E-Authentication project plan is being revised for HSPD-12 to meet target due dates HSPD-12 Current Status
PIV Identity Verification and Issuance FPPS Enrollment Identity Verification • 1:n biometric search • Confirm employment • NACI or Equivalent ID Validation through standard government wide services • Government DB’s • Threat risk Approval Authority 1 2 3 Employer/ Sponsorship 5 Employee Application HR Employee and Contractor Enrolls 6 HR 4 725 Physical Access Database OLES PIV/E-process/HR 7 Card Production & Personalization Black Arrows: Links exist today Orange Arrows: Links partially exist today Red Arrows: Links do not exist today Centralized SSP Cert Issuance OCIO Other DOI Organizations: Privacy, Records, Budget, PAM
Have Web based E-process architecture in place for enrollment(#1-4) • Provides secure, paperless in-processing of employees/contractors • Plan to use FPPS as HR system of record for unique employee ID numbers (#5) • Selected Enterprise Physical Access system (#7) • AMAG 725, currently starting C&A process • Public Key Infrastructure (PKI) Shared Service Provider (SSP) selected (#7) • Central printing and card provisioning must be in place to be successful • Policy Gaps are being identified and drafted • OMB is asking either Shared Service Provisioning or acquisition by a SSP similar to the Payroll Model • Current DOI roles mapped to new HSPD-12 roles by 1 August HSPD-12 Technical Current Status
HSPD-12 Guidance • Supporting Publications • SP 800-73 – Interfaces for Personal Identity Verification (card interface commands and responses) • SP 800-76 – Biometric Data Specification for Personal Identity Verification • SP 800-78 – Recommendation for Cryptographic Algorithms and Key Sizes • Future SP – Issuer Accreditation Guideline • NIST PIV Website (http://csrc.nist.gov/piv-project/) • Draft Documents • Frequently Asked Questions (FAQs) • Comments Received in Original Format • Forthcoming Planned Guidance • OMB Guidance (Policy) {http://www.whitehouse.gov/omb/inforeg/hspd-12_guidance_040105.pdf} • FICC Guidance (Implementation – Identity Management Handbook) • {http://www.cio.gov/ficc/documents/FedIdentityMgmtHandbook.pdf} • NIST Guidance on Certification and Accreditation
HSPD-12 Policies • Existing OCIO Memo 2004-008 • Freezes purchases on ID cards that do not conform to standard • Requires all new PCs to include a smart card reader • Recently Issued OLES Policies • Released 5-25-05 • Policy Memo 1: Sets standard DOI Card Design based on FIPS 201 • Policy Memo 2: Sets minimum threshold for physical access readers • Readers will be situated along with security guards at all operational access points to National Critical Infrastructures and Security Level IV facilities. • At the discretion of each Bureau, card readers may be located at other facilities or sections there of. • C&A must be done on all physical access systems. • Facilities that are not immediately moving to the FIPS 201 card can continue to use their current ID card system for access to a building. However, these can not be used for visual ID and cannot have anything printed on them. • Full implementation to be completed by the end of fiscal year 08.
Joint Federal Committee Requirement • 2001-2005 NCR “Incident Snapshot” • Sep 11, 2001 Terrorist attack on Pentagon • Anthrax crisis • Sniper incident • W. Wilson Bridge “rush-hour” attempted suicide • Washington Monument “tractor man” • 2005 Anthrax scare • May 11, 2005 “no fly zone” violation ALL LACKED FEDERAL/STATE/LOCAL MULTI-JURISDICTIONAL “COMMON IDENTITY TRUST”
Targeted Population Transportation / HAZMAT Community Fire and Rescue Community Federal Community Medical Community Emergency Management Community Infrastructure Community State Community Military / National Guard Local Community Retail Community Force Protection Community Volunteer Community Resident / Tribal / NGO Community
Valid Trusted:… Trusted:… Trusted:… Valid Valid Trusted:… Valid National Interoperability Privileged Lists Compressed, Signed Validation Lists Authorization Handhelds Credential Issuers ID Cards *CRLs (produced and synchronized every 24 hours at minimum) DoD CAC DoD / DHS / DOI Other Federal/State/Local Validation Authority NCR Governments Other Issuer *CRLs – certificate revocation lists
Questions and Comments Please Contact: Bob Donelson HSPD-12 Program Manager Phone: 202.452.5190 Email: bdonelson@blm.gov
Questions? • Office of National Capital • Region Coordination • 202-254-2301 • Craig A. Wilson • Program Manager • 202-254-2305 (office) • 703-597-4113 (cell) • craig.wilson1@associates.dhs.gov