FiXs - Federated and Secure Identity Management in Operation

Similar documents
Helping Meet the OMB Directive

Interagency Advisory Board Meeting Agenda, April 27, 2011

DoD & FiXs : Identity Superiority

Federated Access. Identity & Privacy Protection

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Version 3.4 December 01,

Strategies for the Implementation of PIV I Secure Identity Credentials

TWIC Transportation Worker Identification Credential. Overview

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Single Secure Credential to Access Facilities and IT Resources

DATA SHEET. ez/piv CARD KEY FEATURES:

Secure Government Computing Initiatives & SecureZIP

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

IMPLEMENTING AN HSPD-12 SOLUTION

Cryptologic and Cyber Systems Division

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

PKI and FICAM Overview and Outlook

Interagency Advisory Board Meeting Agenda, December 7, 2009

Information Systems Security Requirements for Federal GIS Initiatives

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

dataedge CA Certificate Issuance Policy

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Interagency Advisory Board Meeting Agenda, February 2, 2009

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Appendix 12 Risk Assessment Plan

000027

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Appendix 12 Risk Assessment Plan

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

Revision 2 of FIPS 201 and its Associated Special Publications

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

Department of Defense Fiscal Year (FY) 2013 IT President's Budget Request Defense Technical Information Center Overview

INFORMATION ASSURANCE DIRECTORATE

ECA Trusted Agent Handbook

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

SAC PA Security Frameworks - FISMA and NIST

Certification Authority

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

No More Excuses: Feds Need to Lead with Strong Authentication!

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

TEL2813/IS2820 Security Management

INFORMATION ASSURANCE DIRECTORATE

Executive Order 13556

Security Architecture

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

SSL Certificates Certificate Policy (CP)

Physical Access Control Systems and FIPS 201

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

Streamlined FISMA Compliance For Hosted Information Systems

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

FISMA Cybersecurity Performance Metrics and Scoring

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Test & Evaluation of the NR-KPP

FedRAMP Digital Identity Requirements. Version 1.0

State of the Industry and Councils Reports. Access Control Council

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

How to Plan, Procure & Deploy a PIV-Enabled PACS

NIST Special Publication

Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.

Leveraging the LincPass in USDA

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

PIV-Interoperable Credential Case Studies

Guide to Understanding FedRAMP. Version 2.0

MIS Week 9 Host Hardening

INFORMATION ASSURANCE DIRECTORATE

FPKIPA CPWG Antecedent, In-Person Task Group

Technical Trust Policy

DoDD DoDI

FISMAand the Risk Management Framework

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

Strategies for the Implementation of PIV I Secure Identity Credentials

IT-CNP, Inc. Capability Statement

GovernmentOnline Gatekeeper The Government s Public Key Infrastructure

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

Security Management Models And Practices Feb 5, 2008

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Introduction to AWS GoldBase

Paul A. Karger

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

Transcription:

FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems (FiXs) www.fixs.org

FiXs - The Federation for Identity & Cross-Credentialing Systems ---What is it? A 501(c)6 not-for-profit trade association initially formed in 2004 while working with the Department of Defense to provide secure and inter-operable use of identity credentials between and among government entities and industry A coalition of diverse companies/organizations supporting development and implementation of inter-operable identity cross-credentialing standards, systems and end to end solutions for various applications Members/Subscribers include: government contractors, technology companies, major firms, small businesses, sole-proprietors, not-for-profit organizations, Department of Defense, state governments, etc. 2

FiXs is a Standards, C & A and Network Access Organization Complete Legal Governance structure for member firms Certification and Accreditation program for issuing identity credentials and securing personal identifying information A secure network switch through which transactions can be passed for PACS and LACS applications Standards for interfacing with the network switch and interoperability of applications Secure Network access to certified service providers and sponsors of individuals holding certified credentials Clearinghouse for objective consideration of technologies, business processes, rules and requirements 3

Federal Acquisition Regulations and Identity Management 4.1301 Contract clause The contracting officer shall insert the clause at 52.204-9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have physical access to a federally controlled facility or access to a Federal information system. 52.204-9 Personal Identity Verification of Contractor Personnel (a) The Contractor shall comply with agency personnel identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have physical access to a federallycontrolled facility or access to a Federal information system. 4

The Foundation In January 2006 FiXs entered into a formal Memorandum of Understanding (MOU) with the Department of Defense which established terms and conditions under which FiXs and DoD will use their respective systems as part of an identity suite of systems The MOU was updated and renewed in February 2009. The terms and conditions include: an operational framework for inter-operability between DoD and FiXs specific operational responsibilities legal governance structure ATO Granted by DMDC in July 2007 5

Governance Structure Defined Trust Model Operating Rules Security Guidelines Policy Standards, including Privacy Act compliance Technical Architecture Specifications and Standards Implementation Guidelines Formal, legal flow down agreements for members/subscribers 6

The Basic Principles Individual personal identifying information, such as biometrics, ss#, and other unique personal identifying information is captured once and accessed as required for authentication of ones identity This information is maintained in a federated manner, whereby there is no single database of every individual s identifying information. The data is maintained in a distributed manner under the authority and control of the organization who sponsors the individual holding the certified identity credential Queries of this information are logged to support privacy (akin to the processes followed when someone accesses your credit report) Structured to emulate the ATM and credit card network model of the banking industry 7

Identity Federation between DCCIS & FiXs Users: Member company employees w/ their credentials or CAC holders Users: Member company employees w/ their credentials or CAC holders 8

Meeting Policy Objectives Certified Credentials that can be trusted with confidence FiXs network fully operational for worldwide use in support of identity authentication purposes & applications DMDC July, 16, 2007 The DoD shall establish & maintain the ECA program to support the issuance of DoD-approved certificates to industry partners & other external entities & organizations. -- DoDI 8520 FiXs credentials that include PKI certificates issued from DoD ECA vendors are acceptable for use by DoD web based systems -- -ASD/NII July 11, 2008 Short term return on investment (ROI) Existing highly available architectures for identity deployment & revocation information -- immediate cost avoidance of CAC issuance outside of the fence 9

FiXs Chain of Trust 10

Identity Authentication Architecture 11

Certified & Accredited Subsystems FiXs Network - The Defense Cross Credentialing Identification System (DCCIS) infrastructure and its interface to the FiXs Network are now fully operational for worldwide use in support of identity authentication purposes and applications. The architecture is in place today to inter-operate similarly with non-dod organizations in a secure manner. Credential Issuers (CI) - Each CI undergoes an extensive and complete review in accordance with the highest industry standards and cover all requirements of the solution proposed in the solution. This is documented in detailed Certification and Accreditation (C&A) reports. Authentications Station - FiXs certified authentication stations enable FiXs and Department of Defense (DoD) CAC credentials to be verified and accepted for physical access authentication purposes by implementing the cross-credentialing services supported by this combined network. Final decisions on physical access privileges, whether at a government or vendor site, are local decisions. 12

Identity Superiority Hardware tokens [FiXs] & associated certificates issued by the ECA providers have the same assurance level as a Common Access Card (CAC). -- EPMA 13

HSPD-12 Compliant & PIV Inter-operable Credential Management FIPS 201 compliant lifecycle management of users, their identity devices, & associated credentials with the strength of DoD Medium Hardware Assurance 14

Multi-Levels of Vetting for Certified Credentials allow for multiple levels of granting physical and logical Access Control All certificates on a FiXs credential include an Organizational Unit ID and identifies the FiXs vetting assurance level as follows: ou=fixs4, for FiXs credentials asserting FiXs equivalent High ou=fixs3, for FiXs credentials asserting FiXs equivalent Medium High ou=fixs2, for FiXs credentials asserting FiXs equivalent Medium ou=fixs1, for FiXs credentials asserting FiXs equivalent Low 15

Robust revocation processes Certified Credentials issuers are required to maintain FiXs enrollment, privacy, administrative control, revocation, and audit information Maintenance & updating of the revocation information is the joint responsibility of the sponsoring organization & the Certified Credential issuer Card & Certificate Revocation Lists are issued immediately upon revocation A revocation process must exist such that an expired or invalidated credential is swiftly revoked. 16

Facility, Installation and Network Access Today s Problem No uniform compliance Vulnerability Lack of vision Who s on - Who s off No threat flexibility DHS NIMS code deployment plan PX & commissary services Suppliers to docks Maintenance and repair access to grounds Network applications Occasional Visitors 17

Common Issues with Physical and Logical Security How do we protect our facilities and systems, balanced with ease of use? Easy, secure access for those who belong Simple identification verification of visitors and users Identity assurance for contractors & suppliers must: Incorporate strong vetting for those that require access Follow DoD and all Federal guidelines Access decisions must be automated & reliable The facility or system owner is ultimately responsible-- so how do we help? Improve decisions through interoperable electronic authentication Make it more secure, smarter & cost efficient per system Develop applications that work with multiple level credentials 18

Do we re-invent the wheel? Identity assurance policy & standards have been developed Vetting and security is in place for FiXs, DoD/ECA CAC, & HSPD-12 All are secure identities All can be used for access decisions All provide 2 factor authentication Its been done, decided, now lets use it. 19

FiXs & Certified Credentials Value Proposition & ROI Inter-operable with DoD systems can be used by other Federal organizations Under review to be accepted as PIV Inter-operable per Fed CIO Council guidance Achieved enterprise-wide capability and best practices Provides Security & Privacy of staff, systems, data and facilities in compliance with latest identity assurance and identity management processes Comply with FAR contract requirements Supports HSPD 12 and NIST PIV Proven uniform approach is possible and realistic across government and industry 20

Contact Information Dr. Michael Mestrovich, President - FiXs Michael.Mestrovich@fixs.org 703 928 3157 Robert Martin, Corporate Secretary - FiXs Bob.Martin@fixs.org 703 321 6951 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback