Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Similar documents
Interagency Advisory Board Meeting Agenda, February 2, 2009

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

PKI and FICAM Overview and Outlook

Strategies for the Implementation of PIV I Secure Identity Credentials

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

Revision 2 of FIPS 201 and its Associated Special Publications

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

Leveraging HSPD-12 to Meet E-authentication E

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Smart Card Alliance Comments and Considerations on Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Interagency Advisory Board Meeting Agenda, July 28, 2010

Interagency Advisory Board Meeting Agenda, April 27, 2011

The Leader in Unified Access and Intrusion

Interagency Advisory Board Meeting Agenda, Wednesday, June 29, 2011

Helping Meet the OMB Directive

TWIC / CAC Wiegand 58 bit format

IMPLEMENTING AN HSPD-12 SOLUTION

Interagency Advisory Board Meeting Agenda, December 7, 2009

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

State of the Industry and Councils Reports. Access Control Council

000027

Biometric Use Case Models for Personal Identity Verification

Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories

Identiv FICAM Readers

Guidelines for the Use of PIV Credentials in Facility Access

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

IAB Minutes Page 1 of 6 April 18, 2006

Cryptologic and Cyber Systems Division

Secure Government Computing Initiatives & SecureZIP

Physical Access Control Systems and FIPS 201

Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Draft Version 2.3E

Interagency Advisory Board Meeting Agenda, February 2, 2009

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Interagency Advisory Board Meeting Agenda, March 5, 2009

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

FiXs - Federated and Secure Identity Management in Operation

Interfaces for Personal Identity Verification Part 1: PIV Card Application Namespace, Data Model and Representation

Strong Authentication for Physical Access using Mobile Devices

Leveraging the LincPass in USDA

No More Excuses: Feds Need to Lead with Strong Authentication!

Match On Card MINEX 2

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Using PIV Technology Outside the US Government

Velocity Certificate Checking Service Installation Guide & Release Notes

Unlocking The CHUID. Practical Considerations and Lessons Learned for PIV Deployments. Eric Hildre 07/18/2006

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

NFC Identity and Access Control

IAB Minutes Page 1 of 6 January 18, 2006

Paul A. Karger

g6 Authentication Platform

Physical Access Control Systems and FIPS 201 Physical Access Council Smart Card Alliance December 2005

US Federal PKI Bridge. Ram Banerjee VP Vertical Markets

TWIC Update to Sector Delaware Bay AMSC 8 June 2018

PIV Data Model Test Guidelines

I N F O R M A T I O N S E C U R I T Y

Interagency Advisory Board Meeting Agenda, August 25, 2009

pivclass FIPS-201 Reader Operation and Output Selections APPLICATION NOTE , F.0 February Barranca Parkway Irvine, CA 92618

Velocity 3.6 SP2.1 Product Release Bulletin. August 2017

Interagency Advisory Board Meeting Agenda, December 7, 2009

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

I N F O R M A T I O N S E C U R I T Y

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

Information Systems Security Requirements for Federal GIS Initiatives

Changes to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

Physical Access Control System (PACS) in a Federal Identity, Credentialing and Access Management (FICAM) Framework

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Secure Lightweight Activation and Lifecycle Management

FICAM Configuration Guide

U.S. E-Authentication Interoperability Lab Engineer

Electronic Signature Policy

FIPS and Mobility (SP Derived PIV Credentials) Sal Francomacaro FIPS201/PIV Team NIST ITL Computer Security Division

INFORMATION ASSURANCE DIRECTORATE

DATA SHEET. ez/piv CARD KEY FEATURES:

TWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

How to Plan, Procure & Deploy a PIV-Enabled PACS

Single Secure Credential to Access Facilities and IT Resources

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Appendix 12 Risk Assessment Plan

NIST E-Authentication Guidance SP

Version 3.4 December 01,

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Click to edit Master title style

TWIC Transportation Worker Identification Credential. Overview

Introduction of the Identity Assurance Framework. Defining the framework and its goals

August, Actividentity CTO Office

Strategies for the Implementation of PIV I Secure Identity Credentials

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

Appendix 12 Risk Assessment Plan

CA3000 Plug-in Manual. Codebench, Inc 6820 Lyons Technology Circle Ste. 140 Coconut Creek, FL 33073

Transcription:

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013 1. Opening Remarks 2. Discussion on Revisions Contained in Draft SP 800-63-2 (Bill Burr, NIST) 3. The Objectives and Status of Modern Physical Access Working Group (MPAWG) (Will Morrison and J'son Tyson, MPAWG Co-Chair) 4. Overview of PACS Specification from the Security Industry Association (SIA) to Include All PIV Functionality (Rob Zivney, Chair of the SIA PIV Working Group and Vice Chair of the Standards Committee) 5. Closing Remarks

Federal CIO Council Information Security and Identity Management Committee IDManagement.gov Expectation of PIV use with Physical Access Systems J son Tyson & Will Morrison Co-Chair, ICAMSC Modernized Physical Access Working Group (MPAWG) February 27, 2013

Agenda MPAWG Overview Evolution of PIV & PACS FASC-N, CHUID, CAK, PKI Challenge Factors (1,2,3) PACS-Enabled Authentication Mechanisms PACS in EPACS Requirements 25

MPAWG Overview Working Group Description: Functions: Membership Profile: Facilitates the implementation and use of the technology and processes related to a modernized PACS. Coordinate with the Interagency Security Committee (ISC) to harmonize policy and guidance related to PACS Create guidance on enabling and configuring PACS to accept PIV and PIV-I credentials Coordinate with industry and PACS product vendors on behalf of the ICAMSC to ensure alignment with ICAM guidance and requirements Minimum of one standing member who is a member of the ISC Representatives designated by their agency for physical security implementation/development Experience writing/reviewing technical physical access guidance Understanding of PIV-enablement for PACS (or a desire to understand) Federal Employee or Contractor sponsored by agency 26

MPAWG Docket Item Name Item Description Status Enterprise PACS Guidance (PIV in EPACS) Selecting PIV Authentication Mechanisms for PACS PACS Implementation Metrics PACS Policy and Guidance Gap Analysis GSA Schedule Analysis Mandatory PIV Usage Guidance Guidance on establishing Enterprise PACS Guidance to bridge the ISC facility risk assessment process and ICAM guidance for using PIV in PACS A set of metrics to track and capture PACS implementations across agencies to be submitted as part of annual FISMA metric reporting. An analysis of the gaps between PACS policy and guidance. An analysis of where there are inconsistencies across the PACS products on the schedules and contradictions with the APL Technical guidance on how to implement a mandatory PIV usage From AWG's 2011 docket Recommended from ICAMSC Governance Review Recommended from ICAMSC Recommended from ICAMSC Governance Review Recommended from ICAMSC Governance Review Recommended from ICAMSC Governance Review 27

Basics of HSPD-12 Enhance security Increase Government efficiency Reduce identity fraud Government-wide standard for secure and reliable forms of identification 28

Brief Evolution of PIV for PACS August 2004, HSPD-12 Signed February 2005, FIPS 201 Published March 2006, FIPS 201-1 Published November 2008, NIST SP 800-116 Published November 2009, FICAM Roadmap Guidance (v1) Published February 2011, OMB Memo M-11-11 Promulgated December 2011, FICAM Roadmap Guidance (v2) Published (Chapter 10, Modernized PACS) ANTICIPATED, 2013: ICAMSC PIV in EPACS Guidance Released (Update to Federated PACS Guidance Doc dtd 6-2011) ANTICIPATED, 2013: FIPS 201-2 Published 29

FASC-N, CHUID, CAK, PKI Federal Agency Smart Credential Number (FASC-N): A fixed length (75 Bit) data object; The primary identified on the PIV Card for physical access control FASC-N Identifier: A subset of the FASC-N, it is a unique identifier. For full interoperability of a PACS it must at a minimum be able to distinguish fourteen digits (i.e., a combination of an Agency Code, System Code, and Credential Number) when matching FASC-N based credentials to enrolled card holders. Cardholder Unique Identifier (CHUID): An authentication mechanism that is implemented by transmission of the data object from the PIV Card to the PACS Card Authentication Key (CAK) [ keyk ]: Defined in NIST SP 800-73; An authentication mechanism that is implemented by a key challenge/response protocol Source: NIST SP 800-116 30

Public Key Infrastructure (PKI): Defined in X.509 Certification Policy for the Federal Bridge Certification Authority (FBCA); A set of policies, processes, server platforms, software, and workstations used for administering certificates and public/private key pairs, including the ability to issue, maintain, and revoke public key certificates. PKI-PIV Authentication Key (PKI-AUTH) or (PAK): Defined in FIPS 201-2; A PIV authentication mechanism that is implemented by an asymmetric key challenge/response protocol using the PIV authentication key of the PIV card and a contact reader. 31

Change? Federal Information Processing Standards Publication 201-2 (FIPS 201-2) Anticipated: Nexus for updating NIST SP 800-116 Deprecates use of CHUID as an authentication mechanism (low) CAK becomes mandatory Impose use of PKI-AUTH (PAK) or CAK for token authentication 32

Challenge Factors HAVE e.g., PIV or PIV-I Card (Challenge/Response) KNOW e.g., PIN (either to unlock card or PACS verification) ARE e.g., Biometrics (fingerprint, et cetera) 33

Challenge Factors Security Areas Number of Authentication Factors Required Controlled 1 Limited 2 Exclusion 3 Source: NIST SP 800-116 34

PACS-enabled Authentication Mechanisms CL? = Authentication Mode is available on the contactless interface INT? = Authentication Mode is interoperable across cards from other PIV issuers 35

PACS-enabled Authentication Mechanisms Factors PACS-enabled Authentication Mechanism Max Confidence CL? INT? Factors CAK + PIN to PACS High Confidence CL Have + Know Two Factor CAK + BIO to PACS High Confidence CL Are + Have PKI-Auth (PAK) High Confidence - Know + Have Three Factor PKI-Auth (PAK) + BIO Very High Confidence - PKI-Auth (PAK) + BIO to PACS Very High Confidence - CAK + BIO Very High Confidence - CAK + BIO to PACS + PIN to PACS Very High Confidence CL BIO-A Very High Confidence Know + Are + Have Know + Are + Have Know + Are + Have Know + Are + Have Know + Are + Have CL? = Authentication Mode is available on the contactless interface INT? = Authentication Mode is interoperable across cards from other PIV issuers 36

PIV in EPACS PACS will need to: Provision or register the PIV Authentication Key (PKI- AUTH / PAK) or Card Authentication Cert (CAK) OR Provision or register a PKI credential derived from PAK/CAK AND Electronically validate PKI certificate Validate/Challenge the private key of registered PIV/PKI certificate 37

Align Collaborate Enable 38

Challenge Factors Grayed areas do not appear in NIST SP 800-116 Low assurance factors indicate no cryptographic verification The CAK may be a symmetric or asymmetric key 39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback