A Quick Tour of the FIPS 201 Revision

Slides:

Advertisements

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

Advertisements

June 27, 2005 Preparing your Implementation Plan.

Mobile Devices in the DoD

Single Sign-On and Federated Authentication at NIH and Beyond

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Federal Identity Management

Enterprise PACS Best Practices

United States DoD Public Key Infrastructure: Deploying the PKI Token

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

Department of Labor HSPD-12

Spring 2013 ICAM Day Value of ICAM Breakout Session Paul D. Grant Director of Cybersecurity Policy, DoD CIO Co-Chair, Federal Identity, Credential &

FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

1 1 PAIIWG++ Meeting #1 William I. MacGregor National Institute of Standards and Technology 16 Sep 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Certificate and Key Storage Tokens and Software

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.

NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.

IdM Identity Proofing & Registration Gary Chapman David Millman September 2006.

Homeland Security Presidential Directive-12 (HSPD-12)

HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.

Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 9,

Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.

PIV 1 Ketan Mehta May 5, 2005.

Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.

Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Federal Preparedness Credentialing & Typing. H.R. 1 - Requirement Title IV of the “Implementing Recommendations of the 9/11 Commission Act of 2007” directs.

1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,

Identity Crisis: Defining the Problem and Framing a Solution for Terrorism Incident Response Presented by Mark Landahl Supervisor – Homeland Security Section.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.

NIST Computer Security Activities

Privacy, Security, and Identity Management Update

NIST Computer Security Activities

NAAS 2.0 Features and Enhancements

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

E-Authentication: What Technologies Are Effective?

Federal Requirements for Credential Assessments

HIMSS National Conference New Orleans Convention Center

Introduction of ISO/IEC Identity Proofing

NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

A Quick Tour of the FIPS 201 Revision William I. MacGregor NIST ITL Computer Security Division william.macgregor@nist.gov NIST, Gaithersburg 7Apr2011

HSPD-12 Implementation First the eggs, then the chickens… PIV Cards are the eggs Applications are the chickens How many eggs? Roughly, 4.6M PIV Cards issued to employees (80%) 1.6M PIV Cards issued to contractors (30%) Now it’s time for chickens… “Federal Identity Credentialing and Access Management (FICAM) Roadmap and Implementation Guidance” Part A: ICAM Segment Architecture completed Sep2009 Part B: Implementation Guidance work-in-progress

Useful URLs http://www.whitehouse.gov/omb/e-gov/hspd12_reports/ - OMB quarterlies http://csrc.nist.gov/groups/SNS/piv/standards.html - FIPS 201 & NIST pubs http://www.idmanagement.gov/ - ICAMSC & GSA ID management resources http://www.idmanagement.gov/drilldown.cfm?action=hspd12_faqs - FAQs http://fips201ep.cio.gov/ - HSPD-12 Evaluation Program (APL) http://www.nist.gov/itl/iad/ - NIST biometrics resources http://www.whitehouse.gov/omb/memoranda_default/ - OMB Memoranda There are now dozens of OMB Memoranda, NIST publications, CIO Council publications, Federal PKI Policy Authority publications, GSA documents, OPM documents, and others relevant to HSPD-12. And, of course, OMB M-11-11.

The Larger Context Built on DoD Common Access Card experience. Enhanced to scale US Government-wide: Simple, self-contained app, with assurance processes. Authenticate, Encrypt/Decrypt, Sign/Verify. Defined issuance processes, limited crypto capabilities. Expanding to other communities: PIV Interoperable (PIV-I) Cards issued by Non-Federal Issuers. PIV-I uses same blank card stock as PIV. The Federal Bridge unifies the trust model for all participants. After five years, new requirements are being heard!

The Revision of FIPS 201-1 NIST was obligated to consider the need for revision of FIPS 201 five years after publication (i.e., in 2010). NIST determined that FIPS 201-1 should be revised, and prepared Draft FIPS 201-2. The revision was announced in the Federal Register on 8Mar2011. On the same day, Draft FIPS 201-2 was available on the NIST website for a 90 day public comment period.

The Revision of FIPS 201-1 2010: NIST studied the need for revision 8Mar2011: revision was launched See the launch announcement http://csrc.nist.gov/news_events/index.html#mar8 Leads to Draft FIPS 201-2 (clean & diff) Also Federal Register Notice (a handy index) Workshop at NIST on 18-19Apr2011 Attend in person, registration fee $160 Watch & listen via webcast, free Comments must be received by 6Jun2011

Selected Changes Proposed Make card lifecycle management more efficient Synchronize card, cert, and biometric data lifetimes Allow biometric reconnect to identity chain-of-trust Add additional biometric modality, iris Allow all newly-issued cards to have max lifetime Replace NACI Indicator with online status check (cond) Remove ambiguity in implementation of PKI Make asymmetric CAK mandatory, symmetric optional Make signature verification and PDVAL mandatory Introduce New Functional Capabilities On Card Comparison for card activation & authentication Improve adaptability and resilience of readers Secure Sessions from reader or application to PIV Card Trust Anchors for readers or applications

NIST is often asked… Shouldn’t smartphones, USB tokens, tablets, and form factors be supported? If mutually authenticated secure sessions are added, what are the End Entities? Could authentication mechanisms become location- aware? Shouldn’t the credential protect the user against unnecessary disclosure of sensitive information?