National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT
|
|
- Myles Solomon Goodwin
- 6 years ago
- Views:
Transcription
1 Purpose: National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT 1. The primary goal of the CDAG is to fashion a nationwide transportation worker identity solution that: Precepts: verifies the identity of transportation workers, validates their background information, assists transportation facilities with managing their security risks, and accounts for personnel access to transportation facilities and activities of authorized personnel 1. The CDAG sought a solution that: Applicability: would be fully intermodal, would build on existing technology, and existing agency business processes and infrastructure as much as possible, would minimize the need for redundant credentials, would minimize risk of unauthorized release of personal information, would be compatible with the intent and provisions of the Hollings Bill (S.1214; The Port and Maritime Security Act of 2001), and would be both scalable and expandable to address future access enabling technologies 1. The focus of the CDAG s solution was on workers in the transportation system, while achieving sufficient flexibility to accommodate future needs to address identification of users of the transportation system. 2. The identification card system developed would apply to any person who has unescorted access to a transportation facility or who has access to control of a transportation conveyance. Page 1 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
2 Intended conveyances include: ships/vessels that carry freight or passengers for hire; aircraft that carry freight or passengers for hire; rail conveyances that carry freight or passengers for hire; trucks and buses whose operation requires a commercial drivers license (CDL), and pipelines. Intended transportation facilities include those locations where passengers or freight are boarded/loaded onto a transportation conveyance or where freight is received, stored, and staged attendant with being loaded onto a transportation conveyance. This definition is intended to include pipeline facilities. General Concepts: 1. The Card: SmartCard technology would be used to manage the information on the card as a means of controlling access to that information and as a means of ensuring the integrity of the information. The SmartCard architecture will incorporate, to the maximum extent practicable standards, which allow maximum interoperability across hardware and software platforms. 1 This will facilitate use of the card both domestically and for international enforcement regimes. The TWIC would incorporate a reliable and standard biometric (to be determined by the Transportation Security Administration) that would ensure that the holder of the card was the individual whose information is recorded on the card. The TWIC would incorporate GSA Smart Card Interoperability Branding as a means to authenticate the card (i.e., to verify that the card is not a forgery and was actually produced within the TWIC system).2 1 The General Services Administration (GSA) published the Government Smart Card Interoperability Specification (GSC-IS) Version 1 in August This specification describes the criteria and mechanisms for making smart cards interoperable through a standard application-level API, a common data set, and a common interpretation for card-level commands. Solutions acquired under the GSA Smart Card Contract are required to meet this standard and are thus assured of being interoperable with all other GSA supplied solutions. 2 In the secure environments that smart cards operate, it is important to be certain that the card being used is the genuine article. In principal, authentication works through the verification of a shared secret. Members of a club to restrict access to a clubhouse, for example, use a password. Entities that know this secret will be part of a select group, and only bona fide entities will have this knowledge. If an entity can prove that it knows the secret, then it is considered genuine. Revealing the secret, however, exposes it to possible scrutiny by untrustworthy entities and could spoil its use. To avoid revealing the secret, a challengeresponse technique is used. With a challenge-response, the entity, a smart card for example, is required to demonstrate that it can correctly encrypt a random number using a secret key. The GSA Smart Card Interoperability Branding is the only specification developed to give US government agencies the ability to identify and authenticate smart cards. Page 2 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
3 DRAFT The TWIC would incorporate a standard architecture (i.e., design) that would be usable by all necessary agencies and facilities. (See Architecture below) The TWIC would have a 5-year period of validity and would require renewal thereafter. The card itself would not necessarily be physically replaced, but its renewed period of validity would be recorded on the card s microprocessor. The SmartCard The TWIC system would, by incorporating necessary interagency connectivity, permit authorized sharing and updating of information. The Smart Card should have a standard data model set. 2. Controlling Facility Access: A physical access security requirement, as adopted by local management, will establish a regime of security levels that would be used to manage access to various identified spaces aboard facilities or conveyances. A system of four (4) levels (1 through 4) is envisioned. Level 1 would indicate an escort was required; level 4 would indicate full access to the facility or conveyance. This standard would be incorporated into a system of approved vessel or facility security plans such that spaces applicable to each level would be identified in the plan. This would allow facilities and conveyances substantial flexibility in identifying physical security regimes that meet the broad spectrum of industry needs. Cardholders would be required to submit to a standard security check as a condition of card issuance. The standard would include FBI criminal records check as a minimum, and some level of National Agency Check as a maximum. Compatibility with S.1214 would be incorporated. Based on the results of the security check, the standard would establish one of the four security levels and this would be recorded on the card. The specific results of the security check would not be placed on the card but would be retained by the entity evaluating the results against the standard. Security checks would be initiated by the organization from which the worker is seeking the TWIC. The cost of the check would be borne by the worker or the employing organization in accordance with local custom. Disputes regarding the security level assigned would be subject to an appeal process adjudicated by the TSA. This would ensure consistent application of the standard security checks and standard security levels across all modes. DRAFT Page 3 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
4 Interim checks of criminal record or other relevant databases would be made periodically to ensure that a TWIC s qualification for the assigned security level remained valid. DRAFT 3. Credential Redundancy By using an interoperable SmartCard architecture, the TWIC will provide a single, standard mechanism for confirming the validity of the card and the identity of the holder. Card reading hardware is relatively inexpensive. Government grants could be used to offset initial costs to private industry. The establishment of a standard security level system, based on standard security checks, in conjunction with a system of approved facility/conveyance security plans, will allow the TWIC to serve as a single secure-space access card. Facilities or conveyances that wish to adopt additional security regimes will be free to do so, but would not be required to. By reserving a segment of the SmartCard architecture for each modal operating agency and for appropriate state motor vehicle agencies, the TWIC can incorporate secure verification of specific qualifications to which the holder is entitled. The TWIC architecture would support incorporation of the driver s license (including CDL), HAZMAT carrier permits, merchant mariner qualifications (license, ratings, and STCW), pilot licenses, rail operating permits, etc. 4. Management of Personal Information Personal information would be held, as it is now, by the organization(s) who generate(s) it. Information recorded on the card would be kept to a minimum. Identity information (i.e., name, biometric, DOB, address, security level, cargo authorization, unique ID#) would be held by the organization last updating it. Using the security key structure developed by GSA, access to information on the card would be compartmentalized so that organizations could access (either for read-only or update) only their respective relevant segment of the TWIC. Normally, no access would be available without the cardholder s authorization. Identification information would be updateable only by qualified agencies (see Additional Considerations below). 5. Additional Considerations Page 4 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
5 Transportation Security Administration to define data encryption and data exchange requirements for system citing appropriate standards. This approach would minimize concerns over sharing of personal information. DRAFT Standards will be developed for 4 security levels plus HAZMAT endorsement. They would apply to the various transportation modes across the board. Facility and vessel/conveyance security plans would identify specific spaces to which each security level applied (i.e., spaces accessible by persons with each security level). A worker s security level would be an aspect of his/her identification and would be based on a standard security check. (Note: We should be careful when using the term background check because its broad spectrum of meanings depending on context. We have used the term in the Coast Guard to refer to the criminal records check that we perform with the FBI and NDR. These are relatively inexpensive and quick to perform. In the intelligence community, the term background check connotes a prohibitively slow and costly examination of a candidate s behavior.) The facility/conveyance security plan would specify which areas were accessible to a TWIC holder and specify any additional measures deemed appropriate for local conditions. The concept of Qualified Agency is used to identify those organizations that would have update authority for any part of the card s information. At the national level, this would include the federal transportation agencies, state driver s license bureaus and state/local business units. The specific information that could be updated would be limited to information relevant only to that agency. Any qualified agency would be able to update the identity information. This provides the most convenience to the ID holder. This would require that all qualified agencies have connection to the identity database held by the Transportation Security Administration, on a need to know basis, so that the information on the holder s card is, at all times, identical to the information in the central ID database. The concept described in the table above envisions the states issuing SmartCard driver s licenses which would carry the necessary architecture to be used by any of the modes, should the individual require a Transportation Worker ID Card (TWIC). An alternative would be for the state s to issue conventional (i.e., non-smartcard) drivers licenses to those persons who do not require a TWIC (undoubtedly the vast majority). In the event the person subsequently required a TWIC, they would have to obtain one from the relevant qualified agency. Page 5 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
6 The concept would require development/adoption of a variety of standards (ID documentation, biometric(s), security check, security levels, card architecture, etc.). Concept will also require very wide availability of card reading equipment throughout the transportation industry. Exception and appeal processes to be defined by TSA in a public rulemaking. DRAFT DOT/Customs/INS are established as the major keyholders that authorize keys to issuing officials. All keys have a unique ID, which is branded to the cards. There can be multiple levels e.g.ost-fmcsa-states or OST-USCGports. The reporting and exchange of information to endorse other keys for the holders (such as training credentials and security clearances, drivers licenses) on top of the basic ID would be permitted. Each issuer and endorser maintains its own database. Appropriate linkages are established to enable verification of credentials when presented for additional keys or to grant first time access to a facility or asset. Operating protocols or standards need to be developed for appropriate response times, including any pre-notifications to a key holder to permit online or offline verifications of existing credentials. Recommend that we start with a 48-hour parameter for issuance of new credential or to obtain endorsements. This will allow more offline processing and also help limit how much information leakage or exposure may accumulate. A standard for establishing an individual s identity is required prior to issuing a TWIC. Once this identity has been established, the rights or privileges of the individual are further determined by the specific application or use for which the TWIC is issued. Presently, among the credentials that are generally accepted, the state driver s license is the most ubiquitous documentary evidence linking a specific identity to a specific individual. Others include employee ID cards and passports. A determination must also be made if presentation of these credentials requires in-person appearance before a qualified agency representative. A need is recognized to incorporate the categories of credentials presently in use to the architecture of the TWIC and the security definitions. To the extent resources are appropriated by Congress, the Department of Transportation could pay software development and maintenance costs required for SmartCard architecture development. In addition, DOT will expect to share the costs of establishing necessary linkages among participating organizations. In recognition of the need for a transition from Page 6 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
7 existing systems, DOT expects that data linkages accomplished within 5 years of first implementation will also be eligible for some DOT funding. DRAFT Page 7 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/
8 Page 8 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/ :13 AM
9 DRAFT 6. GSA Proposed Key Structure Page 9 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/ :13 AM
10 Page 10 of 109Last Saved: 1/23/2002 9:00 AM1/23/2002 8:31 AM1/18/ :13 AM
TWIC Transportation Worker Identification Credential. Overview
TWIC Transportation Worker Identification Credential Overview TWIC Program Vision Goals Improve the security of identity management by establishing a system-wide common credential, universally acceptable
More informationTWIC or TWEAK The Transportation Worker Identification Credential:
TWIC or TWEAK The Transportation Worker Identification Credential: Issues and Challenges for MTSA-Regulated Facility Owner/Operators THE USUAL DISCLAIMER By: Presentation at AAPA Administrative & Legal
More informationCONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014
CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014 1. Welcome 1.1 Welcome to the Connect Transit Card Program. The Connect Card Program makes using public transit easier
More informationTWIC Program Overview for the Smart Cards in Government Conference March 10, 2004
Transportation Worker Identification Credential (TWIC) TWIC Program Overview for the Smart Cards in Government Conference March 10, 2004 TWIC Program Vision Improve security by establishing a system-wide
More informationJune 17, The NPRM does not satisfy Congressional intent
Comments of the Smart Card Alliance to the U.S. Coast Guard: Transportation Worker Identification Credential (TWIC) Reader Requirements Notice of Proposed Rulemaking (NPRM) Docket ID: USCG-2007-28915 June
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationCredentialing Project Technical Architecture
Credentialing Project Technical Architecture Presented to Transportation Industry Association Stakeholder Meetings April 11-29, 2002 1 Agenda Overview of High Level Architecture Vision Components of Architecture
More informationTransportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005 Who Am I? How do you know? 2 TWIC Program Vision A high-assurance identity credential that
More informationTOWING VESSEL INSPECTION BUREAU (TVIB)
TOWING VESSEL INSPECTION BUREAU (TVIB) The Recognized Professional Organization of Marine Auditors and Surveyors PO Box 14169 Kansas City, MO 64152 636.778.9772 Office 636.728.0305 Fax www.thetvib.org
More informationSecuring Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS
Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS Introduction The expectations and requirements on government contracts for safety and security projects
More informationCIVIL AVIATION REQUIREMENT SECTION 2 - AIRWORTHINESS SERIES E PART XII EFFECTIVE : FORTHWITH
GOVERNMENT OF INDIA OFFICE OF THE DIRECTOR GENERAL OF CIVIL AVIATION TECHNICAL CENTRE, OPP SAFDURJUNG AIRPORT, New Delhi CIVIL AVIATION REQUIREMENT SECTION 2 - AIRWORTHINESS SERIES E PART XII, 2017 EFFECTIVE
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationCalifornia Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT
California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT SUBCHAPTER 2.5. VOLUNTARY CERTIFIED ACCESS SPECIALIST PROGRAM Program
More informationOffice of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)
Office of Transportation Vetting and Credentialing Transportation Worker Identification Credential (TWIC) Program Briefing for the American Association of Port Authorities Chicago, IL 27 April 2005 TWIC
More informationMultiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation
Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation Insert Company logo here A Smart Card Alliance Educational Institute Course Multiple credential
More informationDefense Information System for Security (DISS) Frequently Asked Questions (FAQs)
Defense Manpower Data Center Personnel Security & Assurance Defense Information System for Security (DISS) Frequently Asked Questions (FAQs) Document Version 1.3 28 March 2017 Document History Version
More informationTWIC Readers What to Expect
TWIC Readers What to Expect Walter Hamilton Chairman International Biometric Industry Association Walter Hamilton International Biometric Industry Association 1155 F Street, NW Washington, DC 20004 (727)
More informationEV^CLMH} MEMORANDUM OF UNDERSTANDING BETWEEN THE FEDERAL BUREAU OF INVESTIGATION AND
EV^CLMH} MEMORANDUM OF UNDERSTANDING BETWEEN THE FEDERAL BUREAU OF INVESTIGATION AND MARYLAND DEPARTMENT OF PUBLIC SAFETY AND CORRECTIONAL SERVICES INFORMATION TECHNOLOGY AND COMMUNICATIONS DIVISION FOR
More informationTWIC / CAC Wiegand 58 bit format
This document was developed by the Smart Card Alliance Physical Access Council to respond to requests for sample Wiegand message formats that will handle the additional fields of the Federal Agency Smart
More informationISSUE BRIEF SC DMV ELECTRONIC TICKET TRANSMISSION MANDATE (November, 2017)
551 Tollgate Road Suite B Elgin, IL 60123-9357 (847) 922-9480 Telephone stever@ecitationcoalition.com Email www.ecitationcoalition.com ISSUE BRIEF SC DMV ELECTRONIC TICKET TRANSMISSION MANDATE (November,
More informationEDUCATOR. Certified. to know to become a. What you need. in Florida. General Certification. Requirements for. Individuals Applying
What you need to know to become a Certified EDUCATOR in Florida General Certification Requirements for Individuals Applying for Initial Certification Beginning July 1, 2002 Bureau of Educator Certification
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationTWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011
TWIC Implementation Challenges and Successes at the Port of LA 1 July 20, 2011 Agenda Port of LA TWIC Field Test Background Objectives Approach Results Implementation Challenges and Successes! Recommendations
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationExecutive Summary of the Prepaid Rule
1700 G Street NW, Washington, DC 20552 October 5, 2016 This summary is current as of October 5, 2016. It has not been updated to reflect final rules, guidance, or other interpretations issued after this
More informationTHE BEST OF BOTH WORLDS. Dual-frequency RAIN RFID cards add flexibility while increasing smarts and security. By Mahdi Mekic, NXP Semiconductors
THE BEST OF BOTH WORLDS Dual-frequency RAIN RFID cards add flexibility while increasing smarts and security By Mahdi Mekic, NXP Semiconductors A new generation of contactless smartcards, built to support
More informationSection I. GENERAL PROVISIONS
LAW OF THE RUSSIAN FEDERATION NO. 5151-1 OF JUNE 10, 1993 ON CERTIFICATION OF PRODUCTS AND SERVICES (with the Additions and Amendments of December 27, 1995, March 2, July 31, 1998) Federal Law No. 154-FZ
More informationThe Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services
The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services This document was developed by the Smart Card Alliance Health and Human Services Council in response to the GAO
More informationRenewal Registration & CPE for CPAs in Iowa
1. When must I renew my certificate? Renewal Registration Process You must renew your certificate annually with the Iowa Accountancy Examining Board (IAEB). Online renewal is typically available May 15
More informationFrequently Asked Question Regarding 201 CMR 17.00
Frequently Asked Question Regarding 201 CMR 17.00 What are the differences between this version of 201 CMR 17.00 and the version issued in February of 2009? There are some important differences in the
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationProcedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors
(Rev.0 July 2009) (Rev.1 Sep 2012) (Rev.2 Nov 2014) Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors Note: 1. This procedural requirement applies
More informationTOWING VESSEL INSPECTION BUREAU (TVIB)
TOWING VESSEL INSPECTION BUREAU (TVIB) The Recognized Professional Organization of Marine Auditors and Surveyors 15201 East Freeway, Suite 213 Channelview, TX 77530 Office 832-323-3992 www.thetvib.org
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More information5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.
Annex to the Financial Services Businesses Handbook Using Technology in the Customer Due Diligence Process A.1. Technology Risk Evaluation 1. A financial services business must, prior to deciding whether
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationTHE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY
Office of Deputy Commissioner of Maritime Affairs THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY Marine Notice SEA-003 Rev. 09/08 TO: SUBJECT: ALL SHIPOWNERS, OPERATORS, MASTERS AND OFFICERS OF MERCHANT
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationSummary Comparison of Current Data Security and Breach Notification Bills
Topic S. 117 (Nelson) S. (Carper/Blunt) H.R. (Blackburn/Welch) Comments Data Security Standards The FTC shall promulgate regulations requiring information security practices that are appropriate to the
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationThe Corporate Security Review (CSR) Program September 11, 2008
The Corporate Security Review (CSR) Program September 11, 2008 Transportation Sector Network Management Highway and Motor Carrier Security Division Corporate Security Review Background Spring 2003 TSA
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationPetroleum Mechanic Certification Program Policies and Procedures
Certification Program Effective: Document Uncontrolled if Printed Table of Contents 1. Background... 3 2. Certificate Requirements... 3 3. Training Standards... 4 4. Certification Rights, Privileges and
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationSECTION.0900 LEAD-BASED PAINT HAZARD MANAGEMENT PROGRAM FOR RENOVATION, REPAIR AND PAINTING
SECTION.0900 LEAD-BASED PAINT HAZARD MANAGEMENT PROGRAM FOR RENOVATION, REPAIR AND PAINTING 10A NCAC 41C.0901 GENERAL (a) In addition to the definitions found in 40 CFR Part 745 Subpart E and Subpart L
More informationSupply Chain Security Since 9/11
Supply Chain Security Since 9/11 2011 TRB SUMMIT 24 AUGUST 2011 SETH M.M. STODDER, Palindrome Strategies, LLC Agenda Introduction Supply Chain Security Since 9/11 Pre-9/11 View Post-9/11 Actions Where
More informationCOLORADO DEPARTMENT OF LABOR AND EMPLOYMENT Arapahoe Street Denver, CO
STANDARD PROCEDURE COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT 1515 Arapahoe Street Denver, CO 80202-2117 Number... Effective Date...12/13/90 Supersedes... Revision Date... Executive Director's SP-71 Approval...
More informationSecure Web Fingerprint Transaction (SWFT) Access, Registration, and Testing Procedures
Defense Manpower Data Center Personnel Security & Assurance Secure Web Fingerprint Transaction (SWFT) Access, Registration, and Testing Procedures Version 3.2 July 20, 2016 CONTRACT NUMBER GS00Q09BGD0027
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationSTANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season
STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season IBERIA PARISH STATE OF LOUISIANA STANDARD OPERATING PROCEDURE Critical Infrastructure Owners/Operators
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationPrevention of Identity Theft in Student Financial Transactions AP 5800
Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to
More informationRepublic of the Philippines Department of Transportation and Communications MARITIME INDUSTRY AUTHORITY STCW OFFICE
Republic of the Philippines Department of Transportation and Communications MARITIME INDUSTRY AUTHORITY STCW OFFICE STCW Circular No. 2015-06 TO: ALL SEAFARERS, MARITIME INDUSTRY STAKEHOLDERS, MARITIME
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationMobile Validation Solutions
227 Mobile Validation Solutions John Bys Executive Vice President Copyright 2007, CoreStreet, Ltd. Who has requirements? Maritime Safety Transportation Act Ports / MTSA Facilities Vehicle check points
More informationIntegration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11
OpenLAB CDS Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11 Technical Note Introduction Part 11 in Title 21 of the Code of Federal Regulations includes
More informationCELL PHONE POLICY Page 1 of 5 City of Manteca Administrative Policy and Procedure
CELL PHONE POLICY Page 1 of 5 Section 1: Purpose The City of Manteca recognizes that cellular telephones enhance the level of City services by allowing employees to remain in contact with the office or
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationCell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.
Cell Phone Policy 1. Purpose: Establish a policy for cell phone use and compensation allowance. 2. Authority: The Clinton County Board of Commissioners. 3. Application: This Cell Phone Policy (the Policy)
More informationWill Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?
Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions? Jack Radzikowski,, Northrop Grumman & FiXs Smart Card Alliance Annual Meeting La Jolla, California
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationAppendix 2. Level 4 TRIZ Specialists Certification Regulations (Certified TRIZ Specialist) Approved for use by MATRIZ Presidium on March 21, 2013
Appendix 2 Level 4 TRIZ Specialists Certification Regulations (Certified TRIZ Specialist) Approved for use by MATRIZ Presidium on March 21, 2013 1. General provisions 1.1. TRIZ Level 4 Specialist Certificate,
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationFederal Registry Functionality Summary
Copyright 2011 State Regulatory Registry LLC Page 1 of 13 Contents 1 Overview... 3 2 Entitlement... 3 2.1 Institutions... 3 2.2 Individuals (MLOs)... 4 3 Two-Factor Authentication... 4 4 Federal Agency-Regulated
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationInteragency Advisory Board Meeting Agenda, Wednesday, February 27, 2013
Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013 1. Opening Remarks 2. Discussion on Revisions Contained in Draft SP 800-63-2 (Bill Burr, NIST) 3. The Objectives and Status of Modern
More information000027
000026 000027 000028 000029 000030 EXHIBIT A 000031 Homeland Security Presidential Directive/Hspd-12 For Immediate Release Office of the Press Secretary August 27, 2004 Homeland Security Presidential Directive/Hspd-12
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationGENERAL CONDITIONS FOR POWER ENGINEERING EXAMINATIONS AND REFRIGERATION OPERATORS A AND B AND COMPRESSOR OPERATORS
GENERAL CONDITIONS F POWER ENGINEERING EXAMINATIONS AND REFRIGERATION OPERATS A AND B AND COMPRESS OPERATS TABLE OF CONTENTS PAGE 1. Definitions..3 2. Classification..3 3. Applications for Examinations.3
More informationCandidate Handbook Certified Commissioning Firm (CCF) Program
Candidate Handbook Certified Commissioning Firm (CCF) Program Building Commissioning Certification Board 1600 NW Compton Drive, Suite 200 Beaverton, OR 97006 Phone: (844) 881-8601 E-mail: certification@bcxa.org
More informationCandidate Manual Certified Commissioning Firm (CCF) Program
Candidate Manual Certified Commissioning Firm (CCF) Program Building Commissioning Certification Board 1600 NW Compton Drive, Suite 200 Beaverton, OR 97006 Phone: 1-877-666-BCXA (2292) E-mail: certification@bcxa.org
More informationWireless Communication Stipend Effective Date: 9/1/2008
Category: Financial Policy applicable for: Faculty/Staff Policy Title: Policy Number: Wireless Communication Stipend Effective Date: 9/1/2008 Enabling Act(s) IRS rule 2.1.7 Policy Owner: Sr. VP for Administration
More informationISSUES FOR RESPONSIBLE USER-CENTRIC IDENTITY
ISSUES FOR RESPONSIBLE USER-CENTRIC IDENTITY November 2009 Version 1.0 In light of the announcement of a series of federal pilots for federated identity providers, we have analyzed the governance and policy
More informationX.509 Certificate Policy. For The Federal Bridge Certification Authority (FBCA)
X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) September 10, 2002 Signature Page Chair, Federal Public Key Infrastructure Policy Authority DATE Table of Contents 1. INTRODUCTION...
More informationHID goid Mobile ID Solution
HID goid Mobile ID Solution Citizen ID Solutions Introducing HID goid for Citizen IDs on Smartphones HID goid platform for mobile IDs delivers the secure infrastructure to allow citizen ID s to be safely
More informationImplementing Electronic Signature Solutions 11/10/2015
Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment
More informationDuring each cycle of three years every installer must accumulate CPD Points to qualify for designation renewal of his/her registration.
CPD POLICY The Flooring Industry Training Association has applied for official recognition by the South African Qualifications authority (SAQA) as the professional body for the flooring industry in South
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationDELAWARE RIVER AREA LOCAL DOWNTIME POLICY
DELAWARE RIVER AREA LOCAL DOWNTIME POLICY 11/27/2018 Table of Contents I. CBP OUTAGES... 1 A. ACE OUTAGE... 1 For manifests/entries already on file... 1 For manifests/entries not yet filed... 2 For stow
More informationCustomer Proprietary Network Information
Customer proprietary network information (CPNI) means information that relates to the quantity, technical configuration, type, destination, location, and amount of use of our service by you and information
More informationDEFINING FEATURES OF QUALITY CERTIFICATION AND ASSESSMENT-BASED CERTIFICATE PROGRAMS (Draft) Rev. 5.1 August 8, 2007
Introduction In January 2007, the National Organization for Competency Assurance (NOCA) Board of Directors established a Certificate Task Force to: identify characteristics of quality certification and
More informationHID goid Mobile ID Solution
HID goid Mobile ID Solution Government ID Solutions It s Time for Mobile IDs HID Global is poised to lead this shift, providing the secure ecosystem needed to facilitate the provision of citizen IDs to
More informationInteragency Advisory Board Meeting Agenda, Wednesday, May 23, 2012
Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Revision of the Digital Signature Standard (Tim Polk, NIST) 3. Update on Content
More informationData Security at Smart Assessor
Data Security at Smart Assessor Page 1 Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5
More informationNebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015
Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015 Definitions Cellular Telephone Service For the purposes of this policy, cellular telephone
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationUSA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036
US-China Business Council Comments on The Draft Measures for Security Review of Online Products and Services March 6, 2017 On behalf of the more than 200 members of the US-China Business Council (USCBC),
More informationDraft Model Rules for Continuing Professional Education (CPE)
Draft Model Rules for Continuing Professional Education (CPE) Approved for exposure for comment by NASBA Board of Directors on January 6, 2017 Comment deadline: April 17, 2017 Send comments to lhaberman@nasba.org
More informationTWIC Next Generation Card Design
TWIC Next Generation Card Design Authentication Guide June 2018 First issued by the Transportation Security Administration (TSA) in October 2007, the (TWIC) is a biometrically enabled card credential mandated
More informationStakeholder and community feedback. Trusted Digital Identity Framework (Component 2)
Stakeholder and community feedback Trusted Digital Identity Framework (Component 2) Digital Transformation Agency This work is copyright. Apart from any use as permitted under the Copyright Act 1968 and
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationREQUIREMENTS FOR PILOT ESCORT QUALIFIED TRAINING AND CERTIFICATION PROGRAMS
DEPARTMENT OF TRANSPORTATION Transportation Commission REQUIREMENTS FOR PILOT ESCORT QUALIFIED TRAINING AND CERTIFICATION PROGRAMS 2 CCR 601-6 [Editor s Notes follow the text of the rules at the end of
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More information[Utility Name] Identity Theft Prevention Program
[Utility Name] Identity Theft Prevention Program Effective beginning, 2008 Minnesota Municipal Utilities Association Sample Red Flag policy I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed
More informationExecutive Summary of the 2018 Prepaid Amendments
1700 G Street NW, Washington, DC 20552 January 25, 2018 Executive Summary of the 2018 Prepaid Amendments On January 25, 2018, the Consumer Financial Protection Bureau (Bureau) issued a final rule (2018
More information