State of the Industry and Councils Reports. Access Control Council

Transcription

1 State of the Industry and Councils Reports Access Control Council Chairman: Lars R. Suneborn, Sr. Manager, Technical Marketing, Government ID, Oberthur Technologies Property of the Smart Card Alliance 2013

2 ACC The Council works on projects to stimulate the use of smart card technology for access control. Activities include: Developing white papers and briefings on best practices for using smart card technology for physical and network access control; Providing industry resources to assist the Federal government, state and local organizations, and enterprises in the implementation of FIPS 201 Personal Identity Verification (PIV) cards and PIV interoperable cards for access control; Participating in the development of standards and specifications for using smart cards in physical and logical access control systems; Collaborating with other industry organizations to influence standards and develop best practices.

3 Introduction ACC Steering Committee members: Lars Suneborn; Oberthur Technologies Lolie Kull; HP Sal D Agostino; IDMachines Dave Adams; HID Global Tony Damalas; Stanley Security Solutions Michel Escalant; Gemalto Frazier Evans; BAH Walter Hamilton; IDTP David Helbock; X-Tec Andy Kuchel; Quantum Secure Roger Roehr; Roehr Consulting Steve Rogers; IQ Devices Adam Shane; AMAG Mike Sulak; Dept. of State Joe Tassone; Identive Group Mike Zercher; NXP

4 Projects 2013 Submit comments to GSA EPTWG (APL) Cross industry outreach to Security Industry Association Submitted commentary to USCG re. TWIC NPRM Cross council project with IDC & Mobile/NFC Supporting the PIV Application in Mobile Devices with the UICC" white paper Submitted comments to NIST SP Submitted recommendations to EPTWG re; Procurement Language document PKI for PACS Meeting to discuss long term system sustainability, certification maintenance policies and procedures Initiate communication with ISC

5 Current State; Market Maturity Introduction Trust Framework Requirements, Standards & Guidelines Reference documents

6 Introduction: Assurance - Trust Resistance to: Ø Forgery, duplication and alteration Ø Use by non-owner Support: Ø e-authentication mechanisms Ø Binding to card owner Ø Various levels of assurance Issuer controls 6 Property of the Smart Card Alliance 2013

7 Trust is key - Digital Identity - Documents Binding Privilege Authentication December 23, Property of the Smart Card Alliance 2013

8 Evolving Guidance - Trust Framework (GSA FICAM office) Trust Framework Solutions TFS (Draft) Trust Framework Provider Adoption Process (TFPAP) for all levels of assurance Authority To Offer Services (ATOS) for FICAM TFS approves identity services Identity scheme and protocol profile and protocol profile adoption Relying party guidance for accepting externally issued credentials E-Government trust service certificate authority

9 Product Maturity 2 nd Generation equipment, hardware Early personalization & hardware issues corrected End user training improved Growing ecosystem for PIV Native PIV support WIN 7 Client CISCO VPN

10 HSPD-12 (PIV, PIV-I, CAC) Market & Issuance Nearly all Federal Employees issued PIV, CAC Most Contractors issued PIV-I PIV-I Issuers growing EID Verizon Cassidian X-TEC No mass adoption yet, but slowly growing

11 Standards evolving - FIPS FIPS 201 updated to incorporate Public comments Lessons Learned Emerging technologies Enhanced contactless interface

12 Standards evolving- SP SP will be updated Enhanced contactless interface (VCI) as in FIPS Details of ANSI 504 update being addressed by B10 Discussions involve NIST, NSA and DMDC

13 Standards evolving SP Implementation guidance will be updated to include Public comments Lessons Learned Authentication mechanisms mapped to site security plan

14 Industry evolving GSA APL Updated 2013 End-to-end PACS system testing Old categories deprecated i.e. Transparent Reader New categories introduced, Validation System Head End (Server) PKI Validation Engine Card reader Systems are submitted and certified

15 Market evolving CIV Commercial, non- federal uses CIV issuance is increasing Financial sector Aerospace and defense contractors Non PIV qualified visitors

16 Projects 2014 Defining road map at this time Will include activities in Government PACS & LACS Technical & Policy related efforts Commercial market evolving agenda New participants are welcome

17 Reference Documents NIST FIPS NIST SP FPKIPA FBCA PIV Interoperability for Non-Federal Issuers TFS 17 Property of the Smart Card Alliance 2013

18 Thank You! Lars R. Suneborn Sr. Manager, Technical Marke7ng, Government ID Oberthur Technologies Tel: E- Mail: L.Suneborn@Oberthur.com

19 Speaker Contact Information Lars R. Suneborn Oberthur Technologies Phone: (703) Property of the Smart Card Alliance 2013