Download presentation
Presentation is loading. Please wait.
1
PIV 1 Ketan Mehta Ketan.mehta@nist.gov May 5, 2005
2
PIV 1 What does it mean to agencies Role-based vs System-based Models Moving forward
3
What does PIV I mean to agencies? PIV I requires PIV I does not specify Credentials may be issued by authorized entity only to individuals whose true identity has been verified Only an individual with a background investigation on record may be issued a credential; Fraudulent identity source documents are not accepted as genuine and unaltered; A person suspected or known to the government as being a terrorist is not issued a credential; No substitution occurs in the identity proofing process; No credential is issued unless requested by proper authority; A credential remains serviceable only up to its expiration date; A single corrupt official in the process may not issue a credential with an incorrect identity or to a person not entitled to the credential; An issued credential is not modified, duplicated, or forged. Separation of roles Credentials may be issued by authorized entity only to individuals whose true identity has been verified Only an individual with a background investigation on record may be issued a credential; Fraudulent identity source documents are not accepted as genuine and unaltered; A person suspected or known to the government as being a terrorist is not issued a credential; No substitution occurs in the identity proofing process; No credential is issued unless requested by proper authority; A credential remains serviceable only up to its expiration date; A single corrupt official in the process may not issue a credential with an incorrect identity or to a person not entitled to the credential; An issued credential is not modified, duplicated, or forged. Separation of roles A particular card technology Requirements for fingerprint biometrics Composition of the Identity Credentials Roles within an agency Identity proofing process or implementation models Integration of Physical and Logical access security A particular card technology Requirements for fingerprint biometrics Composition of the Identity Credentials Roles within an agency Identity proofing process or implementation models Integration of Physical and Logical access security
4
Role-based Model Applicant—The individual to whom a PIV credential needs to be issued. PIV Sponsor—The individual who substantiates the need for a PIV credential to be issued to the Applicant, and provides sponsorship to the Applicant. The PIV Sponsor requests the issuance of a PIV credential to the Applicant. PIV Registrar—The entity responsible for identity proofing of the Applicant and ensuring the successful completion of the background checks. The PIV Registrar provides the final approval for the issuance of a PIV credential to the Applicant. PIV Issuer—The entity that performs credential personalization operations and issues the identity credential to the Applicant after all identity proofing, background checks, and related approvals have been completed. The PIV Issuer is also responsible for maintaining records and controls for PIV credential stock to ensure that stock is only used to issue valid credentials.
5
System-based Model Employee Application 1:n biometric search Confirm employment ID Validation through standard government wide services Government DB’s Threat risk 1:n biometric search Confirm employment ID Validation through standard government wide services Government DB’s Threat risk Identity Verification Enrollment /Registrar Identity Management System (IDMS) / Issuer Card Production & Personalization /Issuer 21 4 5 Numbers Indicate Functional Areas of Responsibility Green functions manage Chain of Trust for Identity Verification Employer/ Sponsorship / Sponsor Issuer - Card Activation / Issuer 6 7 8 Approval Authority / Registrar 3 Employee Enrolls
6
User information fragmented, duplicated and obsolete; Redundant processes; Little to no visibility or auditability Employees Administrator Customers Partners Employees Customers Partners Administrator Email Timesheets Engineering HR Customers Expense Applications and Data Systems Resources Information Understand your current environment
7
Agencies should look to bring coherence to user identities, roles, privileges, and policies User Management Sets up and maintains user accounts and privileges (Digital Identities) Credentialing Assigns and manages attributes used to validate a user’s identity (Credentials) Authentication Validates identities based on their credentials (Who you are) Authorization Grants user access to resources based on a secondary set of attributes (What you can access) Storage Stores user credentials, privileges, and other attributes Users Resources
8
Only 20% of the planning involves technology
9
Agencies that adopt a strategy based approach to their PIV investments will achieve the best return on their investment Strategy Based Approach Produces Maximum ROI What is your current environment? What form will your solution take? How will you implement? What is your current baseline? Who are responsible for identity management in your agency? What are the current processes? What FIPS 201 objectives are not met in the current environment? What are the gap areas? What are your architecture choices? o Insource / Outsource o Federation vs. Not Fed o Trust Path What is your migration strategy? What stages will your implementation follow? How will you leverage prototypes and pilots? Define The Need Architect the SolutionManage Construction How will you manage? How will you mange the change program? How will you communicate changes to the organization? How will you mitigate program risks?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.