Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Slides:



Advertisements
Similar presentations
June 27, 2005 Preparing your Implementation Plan.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
PIV-I Issuing Procedures for Applicants (New Contractors) v1.1
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.
Personal Identity Verification Program
Department of Health and Human Services Personal Identity Verification Training APPLICANT.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Enterprise PACS Best Practices
U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Issuers.
1 Homeland Security Presidential Directive 12 (HSPD-12) Policies & Procedures Veronica McCann - Security Specialist Western Region Security Office March.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12
PIV-I Issuing Procedures for Applicants (Current Contractors) v1.1.
Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
PIV Data Model Testing Ketan Mehta March 3, 2006.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
PIV-I Issuing Procedures for Applicants (New Volunteers / Affiliates) v1.1.
PIV-I Issuing Procedures for Applicants (New Employees) v1.1.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.
Complying With The Federal Information Security Act (FISMA)
U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Registrars.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
IdM Identity Proofing & Registration Gary Chapman David Millman September 2006.
Homeland Security Presidential Directive-12 (HSPD-12)
Biometric Access Control in TWIC Read Hardware and Card Application Specification Roger Roehr.
HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.
EmpowHR Sponsorship.
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
Page 1 EmpowHR Adjudicator.
PIV 1 Ketan Mehta May 5, 2005.
PIV-I Issuing Procedures for Applicants (Current Employee) v1.1.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
Homeland Security Presidential
U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Sponsors.
Levels of Assurance in Authentication Tim Polk April 24, 2007.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Non-Employee Identity System (NEIS) Adjudicator Training.
Non-Employee Identity System (NEIS) Adjudicator Training.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.
11/18/2003 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
TAG Presentation 18th May 2004 Paul Butler
Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.
TAG Presentation 18th May 2004 Paul Butler
Personal Identity Verification Program
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Authentication: What Technologies Are Effective?
Preparing your Implementation Plan
NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May 4, 2005

HSPD-12 Presidential Policy Driver Home Security Presidential Directive 12 (HSPD-12): “Policy for a Common Identification Standard for Federal Employees and Contractors” Dated: August 27, 2004

HSPD 12 Requirements Secure and reliable forms of personal identification that is: o Based on sound criteria to verify an individual employee’s identity o Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation o Rapidly verified electronically o Issued only by providers whose reliability has been established by an official accreditation process

HSPD 12: Requirements (cont.) o Applicable to all government organizations and contractors except identification associated with National Security Systems o Used for access to Federally-controlled facilities and logical access to Federally-controlled information systems o Flexible in selecting appropriate security level – includes graduated criteria from least secure to most secure o Implemented in a manner that protects citizens’ privacy

FIPS 201 REQUIREMENTS Phased- Implementation In Two Parts Part 1 – Common Identification and Security Requirements HSPD 12 Control Objectives Identity Proofing, Registration and Issuance Requirements Privacy Requirements (Effective October 2005) Part 2 - Common Interoperability Requirements Detailed Technical Specifications No set deadline for implementation in PIV standard Migration Timeframe (i.e., Phase I to II) Agency implementation plans to OMB before July 2005

Part 1 PIV Requirements

FIPS 201 REQUIREMENTS PIV Identity Proofing and Registration Requirements  Organization shall adopt and use an approved identity proofing and registration process.  Process shall begin with initiation of a National Agency Check with Written Inquiries (NACI) or other Office of Personnel Management (OPM) or National Security community investigation required for Federal employment.  National Agency Check (NAC) component of the NACI shall be completed before credential issuance.  Applicant must appear in-person at least once before the issuance of a PIV credential.

FIPS 201 REQUIREMENTS PIV Identity Proofing and Registration Requirements (Cont.)  Applicant shall be required to provide two forms of identity source documents in original form. Source documents must come from the list of acceptable documents included in Form I-9, OMB No , Employment Eligibility Verification. At least one document shall be a valid State or Federal government-issued picture identification (ID).  PIV identity proofing, registration and issuance process shall adhere to the principle of separation of duties to ensure that no single individual has the capability to issue a PIV credential without the cooperation of another authorized person.

FIPS 201 REQUIREMENTS PIV Issuance and Maintenance Requirements  The organization shall use an approved PIV credential issuance and maintenance process.  Ensure completion and successful adjudication of a National Agency Check (NAC), National Agency Check with Written Inquiries (NACI), or other OPM or National Security community investigation as required for Federal employment. The PIV credential shall be revoked if the results of the investigation so justify.  At the time of issuance, verify that the individual to whom the credential is to be issued (and on whom the background investigation was completed) is the same as the intended applicant/recipient as approved by the appropriate authority.

FIPS 201 REQUIREMENTS PIV Issuance and Maintenance Requirements (Cont.)  The organization shall issue PIV credentials only through systems and providers whose reliability has been established by the agency and so documented and approved in writing (i.e., accredited).

FIPS 201 REQUIREMENTS Privacy Requirements  HSPD 12 requires that PIV systems are implemented with all privacy controls specified in this standard, as well as those specified in Federal privacy laws and policies including but not limited to the E-Government Act of 2002, the Privacy Act of 1974, and Office of Management and Budget (OMB) Memorandum M-03-22, as applicable.  All agencies must:  have a privacy official role,  conduct Privacy Impact Assessment (PIA) in accordance with standards,  have procedures to handle Information in Identifiable Form (IIF),  have procedures to handle privacy violations,  maintain appeals procedures for denials/revocation of credentials.

Part 2 PIV Requirements

FIPS 201 REQUIREMENTS PIV Card Visual Data Mandatory  Photograph  Name  Employee Affiliation  Organizational Affiliation  Card Expiration Date  Card Serial Number (Unique to Issuer)  Issuer Identification Optional  Card Holder’s Written Signature  Rank  Agency Seal  Issue Date  Information for Returning Lost Card  Color codes  Agency Specific Information

FIPS 201 REQUIREMENTS PIV Card Requirements  Mandatory  Integrated Circuit to Store/Process Data  Optional  Magnetic Stripe  Bar Code  Linear 3 of 9 Bar Code  Interfaces:  Contact ( ISO/IES 7816)  Contactless (ISO/IES 14443)

FIPS 201 REQUIREMENTS PIV Electronically Stored Data Mandatory:  PIN (used to prove the identity of the cardholder to the card)  Cardholder Unique Identifier (CHUID)  PIV Authentication Data (asymmetric key pair and corresponding PKI certificate)  Two biometric fingerprints Optional:  An asymmetric key pair and corresponding certificate for digital signatures  An asymmetric key pair and corresponding certificate for key management  Asymmetric or symmetric card authentication keys for supporting additional physical access applications  Symmetric key(s) associated with the card management system

FIPS 201 REQUIREMENTS Graduated Assurance Levels for Identity Authentication Authentication for Physical and Logical Access PIV Assurance Level Required by Application/Resource Applicable PIV Authentication Mechanism Physical Access Applicable PIV Authentication Mechanism Logical Access Local Workstation Environment Applicable PIV Authentication Mechanism Logical Access Remote/Network System Environment SOME confidenceVIS, CHUIDCHUIDPKI HIGH confidenceBIO PKI VERY HIGH confidenceBIO-A, PKI PKI

Further Guidance  Supporting Publications  SP – Interfaces for Personal Identity Verification (card interface commands and responses)  SP – Biometric Data Specification for Personal Identity Verification  SP –Cryptographic Algorithms and Key Sizes for Personal Identity Verification  NIST PIV Website (  Documents  Frequently Asked Questions (FAQs)  Comments Received in Original Format  Guidance  OMB Guidance (Policy)  FICC Guidance (Implementation)  Forthcoming NIST Guidance on Certification and Accreditation