TWIC Update to Sector Delaware Bay AMSC 8 June 2018

Similar documents
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

TWIC Next Generation Card Design

TWIC Readers What to Expect

TWIC / CAC Wiegand 58 bit format

Interagency Advisory Board Meeting Agenda, February 2, 2009

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Using the Prototype TWIC for Access A System Integrator Perspective

TWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011

Interagency Advisory Board Meeting Agenda, Wednesday, June 29, 2011

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

June 17, The NPRM does not satisfy Congressional intent

TWIC Transportation Worker Identification Credential. Overview

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

TWIC Reader Technology Phase

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

NMSAC. Industry update. AAPA Security & Safety Seminar Wade Battles Managing Director Port of Houston Authority

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

TWIC Program Overview for the Smart Cards in Government Conference March 10, 2004

Single Secure Credential to Access Facilities and IT Resources

Unlocking The CHUID. Practical Considerations and Lessons Learned for PIV Deployments. Eric Hildre 07/18/2006

TWIC or TWEAK The Transportation Worker Identification Credential:

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

Meal Pattern Requirements

Strategies for the Implementation of PIV I Secure Identity Credentials

Match On Card MINEX 2

Physical Access Control Systems and FIPS 201

Credentialing Project Technical Architecture

Provider Monitoring Process

Security Checkpoints: Evolving Technology and Planning Considerations

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Revision 2 of FIPS 201 and its Associated Special Publications

FiXs - Federated and Secure Identity Management in Operation

IMPLEMENTING AN HSPD-12 SOLUTION

000027

December 8, The Honorable John D. Rockefeller, IV Chairman Committee on Commerce, Science, and Transportation United States Senate

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

CMS Contractor PIV Credentialing Focus & Role of EFI

Welcome! facebook.com/schoolnutritionfoundation. Copyright 2012 School Nutrition Foundation. All Rights Reserved.

Interagency Advisory Board Meeting Agenda, February 2, 2009

CRS Report for Congress

EU Passport Specification

Texas Commission on Fire Protection

TWIC Reader Hardware And Card Application Specification May 30, 2008

Student & Exchange Visitor Information System (SEVIS) SEVIS II Briefing

g6 Authentication Platform

Biometrics 101. Presented by The International Biometrics & Identification Association (IBIA)

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Development Authority of the North Country Governance Policies

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

The Leader in Unified Access and Intrusion

Implementing Electronic Signature Solutions 11/10/2015

Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories

CA3000 Plug-in Manual. Codebench, Inc 6820 Lyons Technology Circle Ste. 140 Coconut Creek, FL 33073

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

NGI and Rap Back Focus Group Briefing

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Leveraging HSPD-12 to Meet E-authentication E

Monthly Cyber Threat Briefing

Session 2: CORSIA MRV System: Monitoring of CO 2 Emissions. ICAO Secretariat

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

Ministry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

FISMA Cybersecurity Performance Metrics and Scoring

Base Access. Smart Identity Card Program. November 16, Jay Orgeron. BISA Program Manager

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

PIPELINE SECURITY An Overview of TSA Programs

Verifying emrtd Security Controls

The NIST Cybersecurity Framework

Highway & Motor Carrier Orientation & Modal Overview. June 2018

Guidelines for the Use of PIV Credentials in Facility Access

FICAM Configuration Guide

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

NFC Identity and Access Control

Strong Authentication for Physical Access using Mobile Devices

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Supply Chain Security Since 9/11

A Quick Guide to EPCS. What You Need to Know to Implement Electronic Prescriptions for Controlled Substances

FY Bay Area UASI Risk and Grants Management Program Update. November 14, 2013

How Next Generation Trusted Identities Can Help Transform Your Business

Strategies for the Implementation of PIV I Secure Identity Credentials

AGENDA Regular Commission Meeting Port of Portland Headquarters 7200 N.E. Airport Way, 8 th Floor August 13, :30 a.m.

Critical Infrastructure Protection Version 5

To be covered: S&T Intro TTWG. Research/Pilots. Scope Goals Report

Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Draft Version 2.3E

Unclassified. Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities

CORE Voluntary Certification: Certification from the Testing Vendor s Perspective. February 18, :00 3:00pm ET

Using PIV Technology Outside the US Government

Biometric Enabling Capabilities Increment 1 (BEC Inc 1) Information Exchange. LTC Eric Pavlick PM, Biometric Enabling Capabilities

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Distributed Systems. Smart Cards, Biometrics, & CAPTCHA. Paul Krzyzanowski

AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS

FFIEC CONSUMER GUIDANCE

Physical Security Reliability Standard Implementation

INNOMETRIKS INC. Rhino Quick Start Guide

Ask OMAFRA Bees Portal User Guide

TWIC Operational Biometric Solution. Presented by Terry Wheeler

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Transcription:

TWIC Update to Sector Delaware Bay AMSC 8 June 2018

Agenda TWIC Program Metrics TWIC Next Generation (NexGen Physical Features) Credential Modes of Operation Canceled Card List Mobile App TWIC Assessments Open Discussion 2

TWIC Adjudication & Redress Metrics ~996K ENROLLMENTS ~53% Adjudicator Manual Review 2.6% PRELIMINARY DETERMINATION OF INELIGIBILITY 0.5% WAIVERS REVIEWED 0.6% APPEALS REVIEWED 0.3% 0.5% WAIVERS APPEALS APPROVED 0.16% 0.08% WAIVERS APPEALS DENIED Two-year Period January 2016 December 2017 Approximately 53% of TWIC enrollments are manually reviewed by adjudicators Small percentage (2.6%) of total TWIC applicants receive a PDI Only about 1% of total applicants subject to redress process Less than 0.25% of total applicants receive waiver from TSA 3

TWIC NexGen Physical Security Enhancements TSA plans to implement physical TWIC NexGen updates in fiscal year 2018. The NEXGEN effort is focused on enhanced card functionality, new physical security features, and changes to the Technology Infrastructure Modernization (TIM) system to realize a NexGen card. Where TWIC is used often as a flash pass physical updates to deter counterfeiting were a priority of TSA. UPDATED DESIGN Enhanced card substrates Covert, overt & forensic features Color-coded expiration field Optically variable devices ENHANCED LAMINATE Holographic images Switch effect designs Letter/shaped lenses Tactility (numeric and graphic) Source: TSA OIA/PMD, September 2017. 4

TWIC NexGen 5

TWIC NexGen 6

TWIC NexGen 7

TWIC NexGen Functionalities Current Functionality (2007-2017) Retrieval of Fingerprint Biometrics without PIN Submission TWIC NexGen Functionality (Planned) Secure Retrieval of Fingerprints/Facial Image without PIN Permits contactless use of TWIC for all biometric card objects. Eliminates need for PIN operations (optional use). Designed for PIV/PIV-I Compatibility and Functionality Credential Designed for Maritime Application and Use Effective but Aging Security Features and Substrates Independent TWIC and PIV Applications Enables continued direct mail issuance*, 5-year lifecycle. Permits contactless biometric user two factor authentication. Eliminates need for readers to access two (2) applications. Expanded PACS Support and Accessible Personal Information Optional support for local PACS data, i.e., E-Stickers Personal information available via 2D barcode/secure read May support use of certain information across industries Enhanced Card Platform: Features and Personalization Advanced overt, covert and forensic features. Updated production methods, formatted UUID and certificates. Incorporates Counterfeit Deterrence Best Practices Reader/Access Specifications based on Configuration of TWIC Card TWIC Card Backwards Compatibility Minimizes disruption of existing TWIC implementations. Provides flexibility to vendors on support of new features. Magnetic Stripe replaced/removed for security concerns. Note: TWIC NexGen remains in development; planned capabilities and functionality subject to change. PIV/PIV-I use of credential requires physical presence, biometric authentication and PIN selection/presentation to load/sign applications. Source: TSA OIA/PMD, September 2017.

TWIC Modes of Operation Authentication & Identification Based on the requirements of each facility/vessel and specific threat levels, TWIC is designed to be used in various Access Control Systems at different levels of security. STATIC 01/ IDENTIFICATION 02/ CRYTOGRAPHIC AUTHENTICATION Proximity Card Emulation Contact or Contactless Verify digital signature Identify card using unique identifier or CHUID* BIOMETRIC 03/ IDENTIFICATION 04/ COMBINED AUTHENTICATION 1 Factor: Something you ARE Biometric Authentication No card authentication Digital signature protects biometric templates 1 Factor: Something you HAVE Trusted issuance by TSA No biometric authentication Authentication certificate and private key 2 Factor: Something you ARE & HAVE Biometric Authentication Card Authentication FASC-N verified against CCL If you would like to discuss technology matters with the TSA TWIC program, please e-mail us at TWIC-TECHNOLOGY@TSA.DHS.GOV. *FASC-N may be checked against the TWIC Canceled Card List (CCL). Note: TWIC may have other modes of operation. This graphic details TSA s planned TWIC modes of operation. Source: TWIC Authentication and its Use in Access Control Systems, TSA OIA/PMD, February 2018. 9

TWIC CCL Mobile Application Physical Security Controls TSA planning to proceed with testing in Q3-FY 2018. Prototype is designed to illustrate a list verification and supplement visual inspection of the TWIC card. The application is being designed for Android and ios devices. Solution uses the Credential Identification Number (CIN) printed on the TWIC : CIN compared to one list Canceled CINs which may be hosted in UES website and downloaded regularly. Facility/vessel users will be required to inspect TWIC expiration date for validity (not included in canceled CIN list); behavioral prompt for facial inspection. Application and list are available to all stakeholders no restrictions and eliminates Registration Authority. Mobile Application Phases CIN Update Sample Workflow Updates in Seconds Prompt Visual Inspection Note: Application remains in development design, graphics and interface are subject to change. Source: TSA OIA/PMD, March 2018. 10

TWIC Assessments Evaluations of TWIC Controls, Fees & Maritime Use Three (3) assessments on the TWIC program s effectiveness at enhancing security and reducing security risks to facilities and vessels. In response to oversight recommendations and program requirements, DHS, TSA, and USCG are supporting the evaluation of the TWIC. These assessments include analyses on: Fee Structure & Cost(s) of Vetting Use of TWIC to address Security Risks Operational Impact(s) & Vetting Standards Assessing the Risk-Mitigation Value of TWIC at Maritime Facilities (Ongoing Early 2019) In response to P.L 114-278, DHS commissioned an independent assessment on TWIC focused on the security value of the program and credentialing process. Effective Internal Controls for TSA Security Threat Assessments (Completed December 2017) TSA commissioned an independent assessment of TWIC controls to verify that STA controls exist as well as whether TSA controls effectively mitigate TWIC security risks. Bi-annual Review of TWIC Fee (Ongoing Late 2018) Based on statutory requirements and Federal guidance, TSA is conducting its bi-annual review of the TWIC fees. Source: TSA OIA/PMD, March 2018. 11

Discussion Questions? 12

Contact Information Please do not hesitate to contact the TSA TWIC program with questions or for more information. Jeff Thorne TWIC Program Analyst 571.227.4732 jeff.thorne@tsa.dhs.gov Daniel Meredith TSCC Administrative Coordinator 571.227.2299 daniel.meredith@tsa.dhs.gov

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback