1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,

Slides:



Advertisements
Similar presentations
For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Advertisements

June 27, 2005 Preparing your Implementation Plan.
1 U.S. General Services Administration E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
Institutional Transformation of Government in the Network Society Jane E. Fountain Director, National Center for Digital Government Harvard University.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 2005 The E-Authentication Federation.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.
U.S. Federal Enterprise Architecture World Bank Seminar November 22, 2006 Dick Burk Chief Architect and Manager, Federal Enterprise Architecture Program,
Status of E-Government. E-Government: the use of digital technologies to transform government operations in order to improve effectiveness, efficiency,
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.
Transforming the Business of Government Through Shared Services JOHN SINDELAR Deputy Associate Administrator United States General Services Administration.
EAuthentication Components of USDA’s Enterprise Architecture February 2004.
1 The Government-wide Implementation of Homeland Security Presidential Directive 12 (HSPD-12) David Temoshok Director, Identity Policy and Management GSA.
“FEA: Beyond Reference Models” September 07, 2006 Dick Burk Chief Architect and Manager, Federal Enterprise Architecture Program Management Office – OMB.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Jane E. Fountain Director, National Center for Digital Government (supported by the National Science Foundation) Associate Professor,
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
The E-Authentication Federation
Transforming the Business of Government Through Shared Services JOHN SINDELAR Deputy Associate Administrator United States General Services Administration.
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Authentication: What Technologies Are Effective?
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
The E-Authentication Initiative
E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management GSA Office of Governmentwide.
Presentation transcript:

1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15, 2007

2 Prioritize E-Government President’s Management Agenda: 1. Strategic Management of Human Capital 2. Competitive Sourcing 3. Improved Financial performance 4. Expanded Electronic Government 5. Budget and Performance Integration E-Government Act of 2002 OMB Office of E-Government and Technology

3 Government to Govt.Internal Effectiveness and Efficiency Lead 1. e-Vital (business case) 2. Grants.gov 3. Disaster Assistance and Crisis Response 4. Geospatial Information One Stop 5. Wireless Networks 1. e-Training 2. Recruitment One Stop 3. Enterprise HR Integration 4. e-Travel 5. e-Clearance 6. e-Payroll 7. Integrated Acquisition 8. e-Records Management President’s E-Gov Agenda OPM GSA OPM GSA NARA Lead SSA HHS FEMA DOI FEMA Lead GSA Treasury DoED DOI Labor Government to Business 1. Federal Asset Sales 2. Online Rulemaking Management 3. Simplified and Unified Tax and Wage Reporting 4. Consolidated Health Informatics 5.Business Gateway 6.Int’l Trade Process Streamlining Lead GSA EPA Treasury HHS SBA DOC Cross-cutting Infrastructure: E-Authentication GSA Government to Citizen 1. USA Service 2. EZ Tax Filing 3. Online Access for Loans 4. Recreation One Stop 5. Eligibility Assistance Online

4 E-Authentication Key Policy Considerations  For Government-wide deployment : No National ID No National unique identifier No central registry of personal information, attributes, or authorization privileges Different authentication assurance levels are needed for different types of transactions Authentication – not authorization  For E-Authentication technical approach : No single proprietary solution Deploy multiple COTS products – user’s choice Products must interoperate together Controls must protect privacy of personal information

5 Key Sources for Privacy Requirements Privacy Act of 1974 OMB Circular A-130, Management of Federal Information Resources Federal Information Security Management Act (Pub. L ) Federal Information Processing Standards Publication (FIPS) 199, Standards for Security Classification of Federal Information and Information Systems NIST SP , Recommended Security Controls for Federal Information Systems, and SP A, Guide for Assessing the Security Controls in Federal Information Systems E-Government Act of 2002 (Pub. L ) OMB Memoranda M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, M-06-06, Sample Privacy Documents for Agency Implementation of HSPD-12, M-06-16, Protection of Sensitive Agency Information

6 Multi-Factor Token Very High Medium Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website PIN/User ID - Knowledge Strong Password -Based PKI/ Digital Signature HSPD-12 PIV Card Increased $ Cost Increased Need for Identity Assurance Four Authentication Assurance Levels to meet multiple risk levels M Biometrics

7 Governments Federal States/Local International Higher Education Universities Higher Education PKI Bridge Healthcare RHIOs IHE Healthcare providers Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Central Issue with Federated Identity – Who do you Trust? E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay E-Authentication Trust Network Financial Services Industry Home Banking Credit/Debit Cards Absent a National ID, the e-Authentication initiative has used federated identity through trusted credentials providers at determined assurance levels. 300 Million Americans Millions of Businesses State/local/global Govts

8 Core Federation Infrastructure Trust Establish common trust model Administer common identity management/authentication policies for Federation members Interoperability Determine intra-Federation protocol/communication standards and architecture Administer common interface specifications, use cases, profiles Test all products and interfaces for compliance Manage Relationships Establish and administer common business rules Manage relations among relying parties and CSPs Manage compliance/dispute resolution

9 Government Adoption of Federated IDM  Necessary in order to meet President’s E-Gov mandates GSA is directed to provide common authentication infrastructure for all Federal E-Gov business applications and E-access control.  In 2004 GSA established the EAI Federation EAI Federation allows identity federation between multiple industry and government entities and the Federal Government Technical architecture supports multiple authentication technologies, protocols, and IDM software products and components  In 2004 GSA partnered with industry to establish the Electronic Authentication Partnership Incorporated non-profit public/private sector forum to advance and accelerate IDM federation EAP Trust Framework issued 12/04  Key Federal Identity Federations HSPD-12 E-Authentication Initiative Federal Bridge Certificate Authority

10 A Snapshot of the U.S. Federal PKI Treas. PKI Higher ED Bridge CA NASA PKI WF PKI Illinois PKI Federal Bridge CA ACES PKI DOD PKI DOE PKI DOJ PKI GPO PKI PTO PKI USDA PKI State Dept. PKI PKI SSPs DHS PKI SAFE Bridge CA Certipath Bridge CA ORC – Trusted PKI Provider for HIMSS Pilot

11 The HSPD-12 Mandate Home Security Presidential Directive 12 (HSPD-12): “Policy for a Common Identification Standard for Federal Employees and Contractors” -- Signed by President: August 27, 2004  HSPD-12 has Four Control Objectives:  Issue Identification based on sound criteria to verify an individual’s identity.  Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation.  Personal Identity can be rapidly authenticated electronically.  Issued by providers who’s reliability has been established by an official accreditation process.

12 Key Milestones TimelineAgency/Department Requirement/Milestone August 27, 2004HSPD-12 signed and issued Not later than 6 months (February 27, 2005) NIST Issue standard (FIPS-201) Not later than 8 months following issuance of standard (October 27, 2005) Compliance with FIPS-201 Part One: Identity Proofing and Enrollment. PIV-I Not later 20 months following issuance of standard (October 27, 2006) Commence deployment of FIPS- 201 compliant Identity Credentials (FIPS-201 Part Two). PIV-II Convert all employees to PIV standard (October 27, 2008) Compliance with FIPS-201 Part Two for all employees and contractors.

13 Multiple Authentication Technologies To provide multiple authentication assurance levels, FIPS 201 requires multiple authentication technologies: Authentication using PIV Visual Credentials – Facial Image Authentication using the Cardholder Unique Identifier (CHUID) – contact or contact-less Authentication using PIN Authentication using Biometric (match on/off card) – fingerprint template Authentication using PIV asymmetric Cryptography (PKI) – authentication digital certificate Something I have – PIV Card Something I know - PIN Something I am - Biometric

14 Key Architecture Design Considerations Different authentication assurance levels are needed for different types of transactions. Architecture must support multiple authentication technologies – PIN, biometric template, CHUID, authentication keys. Architecture must support multiple protocols. Federal Government will not mandate a single proprietary solution, therefore, Architecture must support multiple COTS products. All architecture components must interoperate with ALL other components (see – requires product testing. Interface specifications are necessary for inter-system data exchange. Controls must protect privacy of personal information.

15 Why Shared Services for E-Authentication, Federal Bridge CA and HSPD-12 Implementation? Efficiencies – Eliminate need for redundant infrastructure. Enhance Interoperability – Much easier to ensure interoperability across a limited number of systems (GSA & DOI bring 75+ customer agencies to common, shared solution). Accelerate implementation timeframes. Reduce cost/implementation for HSPD-12 system interfaces. Aggregate Federal acquisitions to maximize potential for volume buys. Organize Federal marketplace for all of the above.

16 Conclusion This is the THE START … surface is only scratched There is much work … –Roll-out hundreds of enrollment stations nationwide –Issue to 2 million users in next 23 months –Test and Qualify systems –Build common applications for access control and e-Government Physical security Logical access E-commerce Emergency Response Stabilize operations … –Commitment to continue issuance –Protect and promote interoperability Testing, monitoring, auditing and configuration control Make life-cycle easier –Government procurement rules provide discipline Extend to other communities

17 For More Information ● Visit our Websites: ● Or contact: David Temoshok Director, Identity Policy and Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.