i deployment in the icam environmentand target states, universities, etc to build piv-i...
TRANSCRIPT
“PIV – I Deployment in the ICAM environment:
State level deployment of trusted identity credentials”
Presentation Will Cover States are independent
Introduction of NASCIO
NASCIO Identity Working Group
Identity Vetting Work by the States
Actions to Achieve Enhanced Identification Credentials
PIV-I Opportunities
Industry Federal and Stakeholder Opportunities!
National Association of State Chief Information Officers (NASCIO) Represents the 50 States , Territories and the District of
Columbia CIO’s and has a representative with the Federal CIO Council
Has a Governance Body Similar to the Smart Card Alliance as the Alliance supports the Interagency Advisory Board at the behalf of their membership.
Is a body that has a Philosophy to support the Harmonization of Architectures and Requirements across the 50 States, Territories and the District of Columbia and Supports a Lot of Work for the States with Nine Major Initiatives.
http://www.nascio.org/
NASCIO has many Advantages over this Prestigious Body
Best Practices of PIV Operations Across the Federal Sector are in Steady State Operations with Continuous Improvements Ongoing!
PIV Credentials are supported by a Stable Standard via FIPS-201 and the Accompanying Special Publications.
FIPS-201 has a mature Suite of Tests available and are continuously visited to meet the needs of the Federal Sector and is the basis of PIV-I testing.
Over 5 Million CAC/PIV Credentials are in use in Relying Party Infrastructures across the Federal Landscape.
Products to support PIV and PIV-I are on the GSA APL and are approaching 500
NASCIO Sees the Challenge!
“Every Aspect of our Work across the States and with NASCIO has a dependency directly related to Identity
and Credential Management”
NASCIO President:
Stephen Fletcher,
Chief Information Officer,
State of Utah
NASCIO has a Plethora of Cool Graphics that exist to Tell the story!
EnrollmentBroker
`
225+ geographically distributed & shared Enrollment Stations
• Card Mgmt System• ID Mgmt System
GSA Shared Service
SIP
`
`
`
`
`
`
`
`
`
FBI
Station 1
Station 2
Station 3
Station 4
Station 5
Station 6
Station 7
Station 8
Station “n”
Add. NeedsStations
The Shared Service Enrollment Stations transmit enrollment data to the SIP for consolidated FTS fingerprint transactions to OPM directly from the SIP.
OPM
MSO
Enrollment
& Biometrics
Data
NASCIO’s and Their Member State Identity Challenge in Addition to the 9 Major Initiatives Meet the Needs of their Governments and their Citizens as to their
requirements of Identity, Credential and Access Management as NASCIO works through a Harmonization Process
A Work Group was established at the NASCIO Digital Identity Workshop as part of their mid-year conference.
A great deal of interest was confirmed by NASCIO board members and member states and staff.
NASCIO is working through an ad-hoc working group and put together a charter for a NASCIO Digital Identity Working Group approved by their Executive Committee.
NASCIO is following the White House Draft Cyber Identity, Authentication Strategy calling for
National Strategy for Trusted Identities in Cyberspace which will recommend policy changes and create federal offices on digital identity.
Policy is in Place for PIV-I Personal Identity Verification Interoperability For
Non-Federal Issuers Issued by Federal CIO Council May 2009
http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdf
Again Endorsed by Standards Bodies both Public and Private, National and International
Organizations like AAMVA and NASPO are looking to improve the Identity Proofing and Vetting Processes
PIV/PIV-I is Uniquely Elegant An Issued PIV/PIV-I represents uniquely a Personal Proper
Name or Identity more so than any other representation or document.
It can be used for Authentication or Access
It enables digital signatures , and approaches or is comparable to a Notarized Signature.
It enables enhanced encryption through portability of the encryption keys separating the keys from the material encrypted.
PIV-I implementation is the most predictable Strategy to achieve all 4 levels of Credential for Privacy, Security and Use at a predictable Cost and Value!
NASCIO is not beginning from Scratch, They Have Made Major Progress In Identity Vetting and
Verification As You Recall: HSPD-12 has Four Control Objectives:
Issue Identification based on sound criteria to verify an individual’s identity.
Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation.
Personal Identity can be rapidly authenticated electronically.
Issued by providers who’s reliability has been established by an official accreditation process.
National Impact Analysis In February 2006, the National Governors Association,
National Conference of State Legislators, and the American Association of Motor Vehicle Administrators published the “The Real ID Act: National Impact Analysis”.
Responses were completed by 47 of 51 polled jurisdictions representing 89.6% of all state issued DL/ID cards. At the time the Read ID Act was under fire mostly related to the implementation cost and privacy concerns.
States move Toward WHTI/Real ID In January 2008, the State of Washington began issuing
Enhanced Drivers Licenses (EDL) and Enhanced Identification (EID) Cards that securely denotes identity and citizenship, and is an acceptable alternative to a passport for re-entry into the U.S. at land and sea border crossings.
Vermont followed in Feb 2009,
New York State in Jun 2009,
and Michigan in Oct 2009.
In May 2010, Minnesota enacted a law enabling EDL and EID. Minnesotans will begin receiving the new credentials June 2012.
Additionally the State of Delaware began issuing Real ID Act Compliant Drivers Licenses and Identity Cards to everyone who wish as of Jul 2010 and are not WHTI compliant.
Other States Progress 16 States Now Use Central Printing and Require Multiple
People in the Identity Vetting and Issuance Process for their Drivers License and their Identity Credentials
Social Security Matching. New York DMV cross-checked Social Security numbers provided by applicants for driver’s licenses and IDs against the Social Security Administration database. This practice was upheld by the New York Supreme Court, creating a precedent for other states to use.
North Carolina followed suite and 27,000 license and ID applicants SSNs were considered false.
Digital Photo-Matching Pilot. Matching found 100 individuals had multiple licenses in the system. Law Enforcement arrested 35 individuals. One individual was on New York’s 100 Most Wanted list.
Identity Vetting and PIV-IThe Question or What If?
If States are completing PIV-I Vetting or better, including binding individuals with Biometrics to the enrollment application process, this could be considered enrollment and provide and easy road-map for anyone meeting this standard for a PIV-I .
The Smart Card Alliance is looking at a Survey or Gap Analysis Process and Tool to Assist NASCIO and the States in their self determination as to the Progress they have made toward a PIV-I Enrollment/Application Process
PIV-I Identity Vetting in an IDMS/CMS redundant Infrastructure that has the NIST SP Protection of encrypted data and separation of roles that is protected by PIV-I Credentials is an Asset to Any State and their Population! This Data has an Intrinsic Value.
Many Leaders in States with PIV-LiteDeployments or Strategies looking forward to
PIV-I
Illinois
Virginia
Colorado
District of Columbia
Pennsylvania
Hawaii
New York
New Jersey
Rhode Island
Texas
West Virginia
PIV-I Infrastructure Built for Industry Certipath for Aerospace
and Defense Contractors
Verizon Business is issuing PIV-I FRAC Credentials to their Own First Responders by this August!
STRAC is issuing Credentials to Doctors and Emergency Medical Personnel
Relying Party Infrastructure Built Out in One State has Application for Reuse across the U.S.
The District of Columbia PIV-I Enabled Smart Meter Solution
Has Application for First Responder Vehicles, for Fire, Police and Ambulances
Has Application for Hazardous Material Transportation Purposes
NASCIO Leading State Deployment by Illinois PKI Migration to PIV-I Already Demonstrates The Realized Value of PKI http://www.idmanagement.gov/docume
nts/RealizedValueFederalPKI.pdf PKI qualitative benefits include: 1. Strong digital signature; 2. Support for technical non-
repudiation; 3. Strong authentication; 4. Strong Encryption; and 5. Trusted interoperability between
disparate systems.
PKI quantitative benefits (measured by return on investment) include:
1. Synergy with HSPD-12; (or PIV-I) 2. Multi-factor authentication; 3. Network security; and 4. PKI-enabled applications.
Demonstrates the Reuse Capabilities and Improvement of Electronic Business to any and all jurisdictions across the U.S.
The Cost Benefit with PIV-I has improved vastly over the cost of the Illinois deployment that was cross certified in 2003.
Many Reasons for the State to Invest in Infrastructure to Support State ICAM Goals Versus the Federal ICAM
State Discussions are focused based upon Stakeholder.
Emergency Management Staff on FRAC
CIO Staff have focused on Citizen Credentials
CIO wants a Business Focus Following the Illinois Experience
Opportunities Exist for Federal Agencies to Support States Broaden Grant Activities Should DHS FEMA or HHS
Grants be limited to FRAC or Health Care deployments?
Should Grants cross Agencies and Target States, Universities, etc to build PIV-I Infrastructure
PIV-I Relying Party Laboratories are very reasonable to build out to demonstrate functionality and aid in the to be architecture
Federal Agencies should consider e-signing or other use for PIV-I Credentials being issued by States, Businesses and Locals for all Business and the www.business.gov website.
The Federal DOT is accepting DC’s PKI signatures from DC DOT
Lot of Carrots! 490 Items Currently Exist
on the APL
Beyond the APL Physical Access Systems are in Steady State and many can tie to Energy Management and other Building Systems
Simple Sign-on out of the Box with current Enterprise OS with built in capabilities
Support Alternative Workplace Strategies
Support Electronic Health Records
Support Smart Grid
Issue Once Reuse Across Businesses, Universities, Cities, Counties, States and the Federal Space.
Steady State ROI Experiences.
And Plenty of Sticks! The California Department of
Public Health (“CDPH”) recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records
To put that in perspective, if a California hospital suffered a breach involving 100,000 medical records, using the average stated here, their potential fines could be $276 million
The Past, Present, and Future of CybersecurityWalter Gary Sharp, Sr.*
As of September 14, 2009, more than 10,450,000 U.S. residents had beenvictimized by identity theft in 2009 alone, and that number increases by onevictim each second. Fifteen million victims will lose more than fiftybillion dollars each year.
http://www.jnslp.com/read/vol4no1/03_Sharp.pdf
Journal of National Security Law & PolicyPublished by the Pacific McGeorge School of Law & Syracuse University Institute for National Security and Counter Terrorism.
PIV-I is Uniquely Elegant And an Architectural Approach for Identity, Credential
and Access Management will Meet the Harmonized Needs and Requirements for the States, Territories, the District of Columbia and Businesses
For All Levels of Credentials Defined by OMB Memorandum 04-04, NIST SP-800-63 and Endorsed by Standards Bodies both Public and Private, National and International
Let’s All Help Citizens receive the Infrastructure they Need to Experience a True Evolution of Business, Security and Privacy.
`Contact Information Bob Donelson – 888-316-8881
Member of the Smart Card Alliance
Member of the Physical Access Committee
Leading a White Paper Development Effort
Personal Identification Verification Interoperability for Non-Federal Issuers: PIV-I Trust for Citizens across States, Counties, Cities and Businesses