E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

Slides:



Advertisements
Similar presentations
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Advertisements

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.
Public Key Infrastructure (PKI) Hosting Services.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
U.S. Department of Justice Drug Enforcement Administration Office of Diversion Control Electronic Prescriptions for Controlled Substances Michelle Ferritto,
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Levels of Assurance in Authentication Tim Polk April 24, 2007.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Government of India Department of Electronics and Information Technology Ministry of Communications and Information Technology.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.
NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Identity and Access Management
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
E-Authentication: What Technologies Are Effective?
Federal Requirements for Credential Assessments
The E-Authentication Initiative
HIMSS National Conference New Orleans Convention Center
The E-Authentication Initiative
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session The E-Authentication Initiative

2 E-Authentication: What’s IN, What’s OUT  The Federal Government going it alone: an authentication system and operating rules that are “agency-specific,” “State-unique,” etc. OUT!

3 The E-Authentication Initiative E-Authentication Bugle: What’s IN, What’s OUT  Developing a partnership between Government, relying parties, IT vendors and advocacy groups – collaboration! IN!

4 The E-Authentication Initiative E-Authentication Bugle: What’s IN, What’s OUT  Developing Government-only, proprietary solutions, e.g. Gateways OUT!

5 The E-Authentication Initiative E-Authentication Bugle: What’s IN, What’s OUT  Enabling interoperability between disparate systems. IN!

6 The E-Authentication Initiative E-Authentication Bugle: What’s IN, What’s OUT  Being beholden to one particular approach. OUT!

7 The E-Authentication Initiative E-Authentication Bugle: What’s IN, What’s OUT  Movement towards common standards that all interested parties can adopt. IN!

8 The E-Authentication Initiative Policy + Technology + Credentials + Agency Applications + Management & Administration = E-Authentication

9 The E-Authentication Initiative E-Authentication 5 Work Packages POLICY APPLICATIONS INTEGRATION CREDENTIALS MANAGEMENT TECHNOLOGY PROGRAM MANAGEMENT OFFICE

10 The E-Authentication Initiative Factor Token Very High Medium Standard Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website Surfing the Internet Click-wrap Knowledge Pin/Password -Based PKI/ Digital Signature Multi- Increased $ Cost Increased Need for Identity Assurance Approaching Authentication…

11 The E-Authentication Initiative Part of a Larger Policy Framework Federal Identity Credentialing Component Credential Assessment Framework Federal PKI Bridge Certificate Policy NIST Authentication Technical Guidance E-Authentication Guidance for Federal Agencies FINAL: OMB M-04-04, December 16, 2003 SP-83, Out for Comment Jan 29, 2004 Expected final March 04 Interim version now final Policies Ongoing

12 The E-Authentication Initiative Role of OMB ….  Mandate implementation FEA Budget Authority Policy Authority  Issue Govt wide information policy  Oversee and ensure success of Presidential E- Government Initiative.

13 The E-Authentication Initiative OMB Authentication Guidance  M Signed by OMB Director on 12/16/2003  Supplements OMB Guidance on implementation of GPEA  Establishes 4 identity authentication assurance levels  Requires agencies to conduct “e-authentication risk assessments” Result: A more consistent application of electronic authentication across the Federal Government

14 The E-Authentication Initiative Assurance Levels M-04-04:E-Authentication Guidance for Federal Agencies OMB Guidance establishes 4 authentication assurance levels NIST SP-83 Electronic Authentication NIST technical guidance to match technology implementation to a level Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity (e.g. self identified user/password) Some confidence in asserted identity (e.g. PIN/Password) High confidence in asserted identity (e.g. digital cert) Very high confidence in the asserted identity (e.g. Smart Card)

15 The E-Authentication Initiative Scope Applies To:  Remote authentication of human users of Federal agency IT systems for e-government.  Identification and analysis of the risks associated with each step of the authentication process Does Not Apply To:  Authentication of servers, or other machines and network components.  Authorization -- the actions permitted of an identity after authentication has taken place.  Issues associated with “intent to sign,” or agency use of authentication credentials as electronic signatures.  Identifying which technologies should be implemented.

16 The E-Authentication Initiative Risk Assessment Steps 1. Conduct a risk assessment of the e-government system. 2. Map identified risks to the applicable assurance level. 3. Select technology based on e-authentication technical guidance. 4. Validate that the implemented system has achieved the required assurance level. 5. Periodically reassess the system to determine technology refresh requirements.

17 The E-Authentication Initiative Categories of Harm and Impact  Inconvenience, distress, or damage to standing or reputation  Financial loss or agency liability  Harm to agency programs or public interests  Unauthorized release of sensitive information  Personal safety  Civil or criminal violations.

18 The E-Authentication Initiative Maximum Potential Impacts Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1234 Inconvenience, distress or damage to standing or reputation LowMod High Financial loss or agency liabilityLowMod High Harm to agency programs or public interestsN/ALowModHigh Unauthorized release of sensitive informationN/ALowModHigh Personal SafetyN/A LowMod High Civil or criminal violationsN/ALowModHigh

19 The E-Authentication Initiative NIST SP 83: Recommendation for Electronic Authentication  Maps to OMB E-Authentication guidance  Covers conventional token based remote authentication May be additional guidance on “knowledge based authentication”  Draft for comment at:  Comment period ends: March 15

20 The E-Authentication Initiative NIST SP 83: Recommendation for Electronic Authentication  What type of token should be used for each level? Password? PKI?  What Protections required for each level?  What type of ID proofing is required?  How does it map to the Federal Bridge?

21 The E-Authentication Initiative Effective Dates  90 days from completion of the final NIST E- Authentication Technical Guidance—New authentication systems should begin to be categorized, as part of the system design.  December 15, 2004—Systems classified as “major” should be categorized.  September 15, 2005—All other existing systems requiring user authentication should be categorized.

22 The E-Authentication Initiative Wrapping Up  Questions? Jeanette Thornton

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.