The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

Slides:



Advertisements
Similar presentations
For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Advertisements

June 27, 2005 Preparing your Implementation Plan.
3SKey 3SKey.
NRL Security Architecture: A Web Services-Based Solution
Brian Epley, VA PIV Program Manager
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
United States DoD Public Key Infrastructure: Deploying the PKI Token
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12
Spring 2013 ICAM Day Value of ICAM Breakout Session Paul D. Grant Director of Cybersecurity Policy, DoD CIO Co-Chair, Federal Identity, Credential &
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
Bill Maaske CIO AZ Secretary of State
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.
HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.
Overview… Three core areas: Policy / Process, Automated Contractor Management Tool, and Execution / Boots on the Ground Synchronized Predeployment & Operational.
HIPAA COMPLIANCE WITH DELL
DAS: State Controller's Division1January 2010 Department of Administrative Services State Controller’s Division Updated January, 2010.
Procurement Strategy AG/RES
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
PIV 1 Ketan Mehta May 5, 2005.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
·
Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Scalable Trust Community Framework STCF (01/07/2013)
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Presented by: Defense Manpower Data Center Access Card Office
Connecticut Interactive (CI) Customer Database Billing System (CDB)
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 Export Control of Dual-Use Items and Arms: Industry Outreach Sofia, May, 2006 POLAND’S EXPERIENCES INDUSTRY OUTREACH and PERSONNEL TRAINING JACEK.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Session 11 Other Assurance Services
Inter operability of e-GP System
NAAS 2.0 Features and Enhancements
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
HIMSS National Conference New Orleans Convention Center
NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.
Appropriate Access InCommon Identity Assurance Profiles
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios

UNCLASSIFIED 2 Common Issues with Physical and Logical Security How do we protect our facilities and systems, balanced with ease of use?  Easy, secure access for those who belong  Simple identification verification of visitors and users Identity assurance for contractors & suppliers must:  Incorporate strong vetting for those that require access  Follow DoD and all Federal guidelines Access decisions must be automated & reliable The facility or system owner is ultimately responsible-- so how do we help?  Improve decisions through interoperable electronic authentication  Make it more secure, smarter & cost efficient per system  Develop applications that work with multiple level credentials How do we protect our facilities and systems, balanced with ease of use?  Easy, secure access for those who belong  Simple identification verification of visitors and users Identity assurance for contractors & suppliers must:  Incorporate strong vetting for those that require access  Follow DoD and all Federal guidelines Access decisions must be automated & reliable The facility or system owner is ultimately responsible-- so how do we help?  Improve decisions through interoperable electronic authentication  Make it more secure, smarter & cost efficient per system  Develop applications that work with multiple level credentials

UNCLASSIFIED 3 FiXs - The Federation for Identity & Cross-Credentialing Systems ---What is it? A 501(c)6 not-for-profit trade association initially formed in 2004 while working with the Department of Defense to provide secure and inter-operable use of identity credentials between and among government entities and industry A coalition of diverse companies/organizations supporting development and implementation of inter-operable identity cross-credentialing standards, systems and end to end solutions for various applications Members/Subscribers include: government contractors, technology companies, major firms, small businesses, sole- proprietors, not-for-profit organizations, Department of Defense, state governments, etc. A 501(c)6 not-for-profit trade association initially formed in 2004 while working with the Department of Defense to provide secure and inter-operable use of identity credentials between and among government entities and industry A coalition of diverse companies/organizations supporting development and implementation of inter-operable identity cross-credentialing standards, systems and end to end solutions for various applications Members/Subscribers include: government contractors, technology companies, major firms, small businesses, sole- proprietors, not-for-profit organizations, Department of Defense, state governments, etc.

UNCLASSIFIED 4 FiXs is a Standards, C & A and Network Access Organization Complete Legal Governance structure for member firms Certification and Accreditation program for issuing identity credentials and securing personal identifying information A secure network switch through which transactions can be passed for PACS and LACS applications Standards for interfacing with the network switch and interoperability of applications Secure Network access to certified service providers and sponsors of individuals holding certified credentials Clearinghouse for objective consideration of technologies, business processes, rules and requirements Complete Legal Governance structure for member firms Certification and Accreditation program for issuing identity credentials and securing personal identifying information A secure network switch through which transactions can be passed for PACS and LACS applications Standards for interfacing with the network switch and interoperability of applications Secure Network access to certified service providers and sponsors of individuals holding certified credentials Clearinghouse for objective consideration of technologies, business processes, rules and requirements

UNCLASSIFIED 5 Governance Structure Defined Trust Model Operating Rules Security Guidelines Policy Standards, including Privacy Act compliance Technical Architecture Specifications and Standards Implementation Guidelines Formal, legal flow down agreements for members/subscribers Defined Trust Model Operating Rules Security Guidelines Policy Standards, including Privacy Act compliance Technical Architecture Specifications and Standards Implementation Guidelines Formal, legal flow down agreements for members/subscribers

UNCLASSIFIED 6 The Basic Principles Individual personal identifying information, such as biometrics, ss#, and other unique personal identifying information is captured once and accessed as required for authentication of ones’ identity This information is maintained in a federated manner, whereby there is no single database of every individual’s identifying information. The data is maintained in a distributed manner under the authority and control of the organization who “sponsors” the individual holding the certified identity credential Structured to emulate the ATM and credit card network model of the banking industry Individual personal identifying information, such as biometrics, ss#, and other unique personal identifying information is captured once and accessed as required for authentication of ones’ identity This information is maintained in a federated manner, whereby there is no single database of every individual’s identifying information. The data is maintained in a distributed manner under the authority and control of the organization who “sponsors” the individual holding the certified identity credential Structured to emulate the ATM and credit card network model of the banking industry

UNCLASSIFIED 7 Identity Federation between DCCIS & FiXs Users: Member company employees w/ their credentials or CAC holders

UNCLASSIFIED 8 Meeting Policy Objectives Certified Credentials that can be trusted with confidence  “FiXs network fully operational for worldwide use in support of identity authentication purposes & applications” – DMDC July, 16, 2007  “The DoD shall establish & maintain the ECA program to support the issuance of DoD-approved certificates to industry partners & other external entities & organizations.” -- DoDI 8520  “FiXs credentials that include PKI certificates issued from DoD ECA vendors are acceptable for use by DoD web based systems”-- -ASD/NII July 11, 2008 Short term return on investment (ROI)  Existing highly available architectures for identity deployment & revocation information -- immediate cost avoidance of CAC issuance “outside of the fence” Certified Credentials that can be trusted with confidence  “FiXs network fully operational for worldwide use in support of identity authentication purposes & applications” – DMDC July, 16, 2007  “The DoD shall establish & maintain the ECA program to support the issuance of DoD-approved certificates to industry partners & other external entities & organizations.” -- DoDI 8520  “FiXs credentials that include PKI certificates issued from DoD ECA vendors are acceptable for use by DoD web based systems”-- -ASD/NII July 11, 2008 Short term return on investment (ROI)  Existing highly available architectures for identity deployment & revocation information -- immediate cost avoidance of CAC issuance “outside of the fence”

UNCLASSIFIED 9 FiXs Chain of Trust

UNCLASSIFIED 10 Robust revocation processes “A revocation process must exist such that an expired or invalidated credential is swiftly revoked.” Certified Credentials issuers are required to maintain FiXs enrollment, privacy, administrative control, revocation, and audit information Maintenance & updating of the revocation information is the joint responsibility of the sponsoring organization & the Certified Credential issuer Card & Certificate Revocation Lists are issued immediately upon revocation Certified Credentials issuers are required to maintain FiXs enrollment, privacy, administrative control, revocation, and audit information Maintenance & updating of the revocation information is the joint responsibility of the sponsoring organization & the Certified Credential issuer Card & Certificate Revocation Lists are issued immediately upon revocation

UNCLASSIFIED 11 FiXs & Certified Credentials Value Proposition & ROI Inter-operable with DoD systems—can be used by other Federal organizations Under review to be accepted as PIV Inter-operable per Fed CIO Council guidance Achieved enterprise-wide capability and best practices Provides Security & Privacy of staff, systems, data and facilities in compliance with latest identity assurance and identity management processes Comply with FAR contract requirements Supports HSPD – 12 and NIST PIV Proven uniform approach is possible and realistic across government and industry Inter-operable with DoD systems—can be used by other Federal organizations Under review to be accepted as PIV Inter-operable per Fed CIO Council guidance Achieved enterprise-wide capability and best practices Provides Security & Privacy of staff, systems, data and facilities in compliance with latest identity assurance and identity management processes Comply with FAR contract requirements Supports HSPD – 12 and NIST PIV Proven uniform approach is possible and realistic across government and industry

UNCLASSIFIED Kantara Initiative IDDY Award (Identity Deployment of the Year) 12

UNCLASSIFIED 13 Contact Information Dr. Michael Mestrovich, President - FiXs   Robert Martin, Corporate Secretary - FiXs   Larry Mendenhall, Board Member- FiXs   Dr. Michael Mestrovich, President - FiXs   Robert Martin, Corporate Secretary - FiXs   Larry Mendenhall, Board Member- FiXs  