certification and accreditation of certification and
play

Certification and Accreditation of Certification and Accreditation - PowerPoint PPT Presentation

Jan 17, 2024 •6 likes •256 views

Certification and Accreditation of Certification and Accreditation of PIV Card Issuing Organizations PIV Card Issuing Organizations Joan Hash Manager, Computer Security Management & Assistance June 28, 2005 1 NIST Special Publication

  1. Certification and Accreditation of Certification and Accreditation of PIV Card Issuing Organizations PIV Card Issuing Organizations Joan Hash Manager, Computer Security Management & Assistance June 28, 2005 1

  2. NIST Special Publication 800- -79 79 NIST Special Publication 800 On June 17, 2005, NIST posted the Draft “Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations” on WWW.CSRC.NIST.GOV/PIV-Project for comment before July 10, 2005 2

  3. What is a PIV Card Issuer? • A Federal organization or contractor authorized to issue identity cards: - in accordance with the policy established in Homeland Security Presidential Directive 12 ; - using identity authentication and verification procedures that comply with the requirements of Federal Information Processing Standard 201; - utilizing technical specifications that conform with FIPS 201 and NIST Special Publications 800-73, 800-76, and 800-78. 3

  4. Why PIV Card Issuer Accreditation? • Homeland Security Presidential Directive 12 requires PIV Cards to be issued only by providers whose reliability has been accredited. • Accreditation will help to assure competence, confidence in, and equivalence of PIV Card Issuer • Accreditation will provide additional trust of one agency for the PIV Cards issued by other agencies 4

  5. What is PIV Issuer Accreditation? What is PIV Issuer Accreditation? PIV Issuer Accreditation is the official management decision of the Designated Accreditation Authority to authorize operation of a PIV Card Issuer after determining that the Issuer’s reliability has satisfactorily been established through appropriate assessment and certification processes. 5

  6. What is PIV Issuer Certification? What is PIV Issuer Certification? Certification of a PIV Issuer is a formal process of assessing the attributes (e.g. knowledge, capability, availability, personnel, equipment, finances, and adequately supported infrastructures) of a PIV Card Issuer using various methods of assessment (e.g., interviews, document reviews, laboratory test results, procedure evaluations, component validation reports) that support the assertion that the PIV Card issuing organization is reliable and capable of enrolling approved applicants and issuing secure PIV Cards in accordance with FIPS 201. 6

  7. When Should Accreditation be Done? - Accreditation is required before a PIV Card Issuer may issue operational PIV Cards. - Accreditation should be repeated within a time period established by the Designated Accreditation Authority of the agency using the services of a PIV Card Issuer. - Accreditation must be repeated when a major change is made to the PIV Card Issuer’s operations or major problems are identified. 7

  8. What is the PIV System? The PIV System may be viewed logically as a single, integrated, interoperable automated system with common objectives, policies, communication protocols, and application programs WITH independently managed computer systems containing independently manufactured components that will change as new technology becomes available and agencies desire additional services. 8

  9. A Logical View of the PIV System … Agency A Agency B Agency C Agency D Agency Z DAA’s … PCI-1 PCI-2 PCI-3 PCI-4 PCI-N … PSC-1 PSC-2 PSC-3 PSC-4 PSC-N Distributed PIV System Communication Network … ACS-1 ACS-2 ACS-3 ACS-4 ACS-N DAA: Designated Accred. Auth.; PCI: PIV Card Issuer; PSC: PCI Computer Support; ACS: Access Control Systems 9

  10. Sample PIV Card Issuing Organization and Roles Senior Agency Official Designated Accreditation Certification Agent Authority Agency Official for Privacy PCI Manager PAR PCO PIP FES CIM ACS PIV Communication Network PAR: PIV Applicant Registrar; PCO: PIV Card Operations; PIP: PIV Identity Proofing; FES: PIV Front End System; CIM: Card Issuance & Management; ACS: Access Control System 10

  11. 11

  12. Vocabulary • Assessment • determination of an organization’s capability, competence, reliability, compliance with standard procedures, and use of products conforming with specifications of a standard. • Validation • determination of a product’s or a service’s conformance to standards 12

  13. Vocabulary • Compliance • Status of an organization when it has implemented and is using a standard in a manner that satisfies its requirements. • Conformance • Status of a product or a service when it has been designed, implemented, and is being used in a manner that satisfies the specifications of a standard. 13

  14. Required/Desired Attributes of a PIV Issuer • Reliability of a PIV Issuer is exhibited by its being - Knowledgeable (R) - Capable (R) - Available (R) - Legal (R) - Compliant (R) - Adequately Supported (R) - Prepared/responsive/efficient (D) - Adaptable (D) - Cost Effective (D) 14

  15. Methods of Assessing Attributes • Review and Analysis • Interview • Demonstration/Direct Observation • Sampling/Statistics • Testing/Validation • Evaluation/Measurement • Compliance/Conformance with standards • Precedence/Accepted Practice • Experience 15

  16. Phases of Certification and Accreditation • Initiation Phase -Identify Resources (Create C & A Team) - Designated Accreditation Authority - Certification Agent - PIV Card Issuer Manager - PIV Card Applicants Representative - Collect Relevant Standards, Guidelines, etc. - Obtain PIV Card Issuer’s Operational Plan - Create Certification Plan 16

  17. Phases of Certification and Accreditation • Certification Phase - Select the Attributes of the PIV Issuer to be Assessed - Select the Assessment Methods to be Used - Apply selected assessment methods to: - PIV Card Issuer Personnel, Documentation, - Planned Services, Operational Plan - Prepare Assessment Reports - Provide to PIV Card Manager 17

  18. Phases of Certification and Accreditation • Accreditation Phase - Review the results of the certification phase - Review the residual risks expected after reducing discovered vulnerabilities - Review the accreditation documentation - Make an accreditation decision - Authorize to Operate if risks are acceptable - Interim Authorization to Operate if correctable - Deny Authorization to Operate if unacceptable 18

  19. Phases of Certification and Accreditation • Monitoring Phase - Perform PIV Card issuing services in compliance with FIPS 201 - Monitor security and operating procedures - Sample and evaluate PIV Card production - Report results to PIV Card Issuer Manager - PIV Card Issuer Manager should report significant problems to Designated Accreditation Authority 19

  20. Authorization to Operate Alternatives - The agency’s Designated Accreditation Authority issues to a PIV Card Issuer: - An Authorization to Operate if fully accredited after its reliability has been certified; - An Interim Authorization to Operate under specific terms and conditions (not accredited); - A Denial of Authorization to Operate if the assessments are unsatisfactory. 20

  21. Certification & Accreditation Tasks • Preparation • Resource Identification • PCI Operations Plan Review • PCI Attribute Assessment • Certification Documentation • Accreditation Decision • Accreditation Documentation • PCI C & A Management and Control • PCI Attribute Monitoring • Status Reporting 21

  22. Certification & Accreditation • Should be a part of normal organizational and computer system management. • Should be conducted as a normal part of organization assessment and evaluation. • Should be performed initially to verify that FIPS 201 is being implemented and used properly. • Should be performed periodically to verify that all PCI’s are complying with FIPS 201 equivalently. • Should help assure an agency that PIV Cards issued by other agencies may be Trusted. 22

  23. Summary of Certification & Accreditation - The Reliability of PIV Card Issuing Organizations must be accredited in accordance with NIST SP 800-79 before they can perform FIPS 201 Services. - The Security of the PIV Card Issuing Organization’s Computer Systems must be accredited consistent with NIST SP 800-37. 23

  24. Solicitation for Comments on SP 800-79 • NIST posted Special Publication 800-79 entitled “ Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations” on its Website www.csrc.nist.gov/PIV-Project for comment on June 17, 2005 • Comments are due in electronic form by July 10, 2005 24

  25. How to Submit Comments How to Submit Comments See: WWW.CSRC.NIST.GOV/PIV-Project Read: Questions and Answers on PCI C & A Read: Draft NIST SP 800-79 Load: Excel PIV Comment Form from Website Input: Name, Org., Comments etc. into Form Save: Save Completed Form on Computer Send: Comment Form in e-mail attachment to PIVaccreditation@Nist.Gov 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Accreditation, Certification and Training (ACT) Project Tyler Wightman, Director, Operations

Accreditation, Certification and Training (ACT) Project Tyler Wightman, Director, Operations

Accreditation, Certification and Training (ACT) Project Tyler Wightman, Director, Operations Presentation Objectives 1. Introduce the Accreditation, Certification and Training (ACT) Project 2. Seek your input ACT Project Scope

334 views • 17 slides
1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training Inspection/Audit Establish MoC Status of Operator/ Maintainer Manual, Function Identify CRB Record and Interfaces Result of Form Ground/

618 views • 24 slides
CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO APPLY TO WRITE Once you have logged into the Then under Certification The Certification committee Application Forms may be CAPLA website using

687 views • 37 slides
Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton

Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton

Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton must have data comparable to other similar national colleges to meet the requirements of Higher Learning Commission Open Pathways Accreditation.

385 views • 7 slides
1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA Certification is based on Dr. As Habits of Health Transformational System and is available to all Coaches who want to apply and reinforce their knowledge of

613 views • 19 slides
Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

ASHA Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the CFCC Presentation Overview What is Certification? CCC-A Certification Standards CCC-A Application Process FAQs Keep your

209 views • 19 slides
T HE V ALUE OF A CCREDITATION :C ONSIDERATIONS FOR DECIDING ON SERVICE PROVIDERS FOR CERTIFICATION

T HE V ALUE OF A CCREDITATION :C ONSIDERATIONS FOR DECIDING ON SERVICE PROVIDERS FOR CERTIFICATION

T HE V ALUE OF A CCREDITATION :C ONSIDERATIONS FOR DECIDING ON SERVICE PROVIDERS FOR CERTIFICATION / INSPECTION VANI BHAMBRI ARORA National Accreditation Board for Certification Bodies QUAL ALITY TY COUNC NCIL OF INDI DIA New Delhi

336 views • 32 slides
IBD and the history of organic certification in Brazil IBD Certificaes Ltda. started its

IBD and the history of organic certification in Brazil IBD Certificaes Ltda. started its

www.ibd.com.br IBD and the history of organic certification in Brazil IBD Certificaes Ltda. started its certification program in the early 1990s. In 1995 achieved its first International Accreditation, through former IFOAM, today

558 views • 36 slides
Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in all other positions (Descriptions in some of the following slides are as indicated in the rules, although it is not unusual for the referee to

378 views • 10 slides
AHRI-Certified HVACR Products: Helping You See Green Maryline Rassi Certification Engineer New

AHRI-Certified HVACR Products: Helping You See Green Maryline Rassi Certification Engineer New

AHRI-Certified HVACR Products: Helping You See Green Maryline Rassi Certification Engineer New Certification Mark All certification programs to use new mark by 2012 Phase-in dependent on SCC accreditation schedule 2 Globally

921 views • 23 slides
Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory

Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory

Wastewater Laboratory Certification Overview 1 What is laboratory certification? Laboratory certification is a process that provides formal recognition to the managerial and technical competence of a laboratory performing specific analyses

853 views • 50 slides
AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM

AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM

AEROREADY CERTIFICATION Components to AEROready TM Certification In order to award an AEROready TM certification, our consulting team analyses hundreds of site selection criteria with emphasis on the following 10 items Assessment of airport

1.08k views • 75 slides
IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA

IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA

IIBA Certification Overview 1 Topics A. Benefits of Attaining an IIBA Certification B. IIBA Certification Options C. Applying for Certification D. Exam Activities Register and Prepare E. Benefits of BABOK studying 2/13/2018, p. 1

127 views • 10 slides
SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us

SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us

SOUTH DAKOTA DEPARTMENT OF EDUCATION OFFICE OF EDUCATOR CERTIFICATION Certification@state.sd.us OUTCOME OF PRESENTATION Understand the importance of educator certification Ability to create a user id and apply for certification

698 views • 53 slides
Voluntary EU certification for Voluntary EU certification for non-residential buildings

Voluntary EU certification for Voluntary EU certification for non-residential buildings

Voluntary EU certification for Voluntary EU certification for non-residential buildings Definition of an Energy Performance Scale Jana Bendalov BUILDING TESTING AND RESEARCH INSTITUTE / Slovakia 09 January 2012 1 Context

609 views • 19 slides
ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your

ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your

ABIM Certification and Maintenance of Certification You You ACC ABIM ACC ABIM Your professional The Certifying Body society (also ABP, AOA) Help you as a Accountable to the member public Outline 1. Background & Environmental

1.38k views • 29 slides
Committee on Information Technology Regular Meeting March 21, 2019 1 Dr. Carlton B. Goodlett

Committee on Information Technology Regular Meeting March 21, 2019 1 Dr. Carlton B. Goodlett

Committee on Information Technology Regular Meeting March 21, 2019 1 Dr. Carlton B. Goodlett Place, City Hall, Room 305 San Francisco, CA 94102 1 Agenda Call to Order by Chair Roll Call Approval of Meeting Minutes from February

883 views • 71 slides
Changes to Delegated Authority with Real Estate Board of Trustees September 24, 2019 1

Changes to Delegated Authority with Real Estate Board of Trustees September 24, 2019 1

BAC-4.1 Changes to Delegated Authority with Real Estate Board of Trustees September 24, 2019 1 Timeline to Change December 2017: UNCG Board of Trustees authorized University to pursue delegated authority for leasing consistent with

169 views • 12 slides
Current Ethics Issues for Teachers: The Pi4alls of On-line

Current Ethics Issues for Teachers: The Pi4alls of On-line

Current Ethics Issues for Teachers: The Pi4alls of On-line Life Presented by: Nancy Fredman Krent January 19, 2012 Agenda

701 views • 38 slides
Regulatory and Policy Updates Therapeutic Products Directorate Health Canada Cindy Evans

Regulatory and Policy Updates Therapeutic Products Directorate Health Canada Cindy Evans

Regulatory and Policy Updates Therapeutic Products Directorate Health Canada Cindy Evans Interim Senior Executive Director, Therapeutics Product Directorate Re-Use of Single Use Devices In February 2015, Health Canada announced its

83 views • 5 slides
Charter Schools SUBCOMMITTEE MEETING MARCH 6, 2020 Agenda Teacher of the Year Recognition

Charter Schools SUBCOMMITTEE MEETING MARCH 6, 2020 Agenda Teacher of the Year Recognition

Charter Schools SUBCOMMITTEE MEETING MARCH 6, 2020 Agenda Teacher of the Year Recognition FY19 LEA Authorizer Fee Reporting Authorizer Evaluation Development Transition of Work to Tennessee Public Charter School Commission

576 views • 46 slides
FAA: Federal Aviation Administration Onboard Wheelchairs & Certification Process DOT

FAA: Federal Aviation Administration Onboard Wheelchairs & Certification Process DOT

FAA: Federal Aviation Administration Onboard Wheelchairs & Certification Process DOT ACCESS Committee Presented to: Catherine Burnett By: Flight Standards Service Date: July 11, 2016 Federal Aviation Administration Onboard

449 views • 10 slides
Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of Need Process and Related Hospital Issues Research Division Staff, September 14, 2011 What is a COPA? An agreement among two or more hospitals

201 views • 19 slides
Wastewater Treatment Facility State of the Art facility meets or exceeds Chesapeake Bay

Wastewater Treatment Facility State of the Art facility meets or exceeds Chesapeake Bay

Wastewater Treatment Facility State of the Art facility meets or exceeds Chesapeake Bay standards of treatment No discharge to surface water 100 % Land Application or reuse Groundwater recharge Agricultural uses State

476 views • 9 slides

More recommend