personal identity verification for federal employees and
play

Personal Identity Verification For Federal Employees and Contractors - PowerPoint PPT Presentation

Oct 21, 2022 •280 likes •649 views

Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory Computer Security Division 100 Bureau Drive Gaithersburg, MD 20899-8900 9/20/2004 10:53

  1. Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory Computer Security Division 100 Bureau Drive Gaithersburg, MD 20899-8900 9/20/2004 10:53

  2. Basis for Requirements HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors 2

  3. Personal Identity Verification Requirements HSPD-12: Policy for a Common Identification Standard Secure and reliable forms of personal identification: Based on sound criteria to verify an individual employee’s identity Is strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation Personal identity can be rapidly verified electronically Identity tokens issued only by providers whose reliability has been established by an official accreditation process 3

  4. Personal Identity Verification Requirements •Applicable to all government organizations and contractors •To be used to grant access to Federally-controlled facilities and logical access to Federally-controlled information systems •Graduated criteria from least secure to most secure to ensure flexibility in selecting the appropriate security level for each application •Not applicable to identification associated with national security systems •To be implemented in a manner that protects citizens’ privacy 4

  5. Federal Contractor/Employee Scope of PIV Subscribers ( I.e ., Card Holders) • All full-time and part-time Federal employees, both foreign and domestic, including members of the military • Domestic and foreign, full-time and part-time, employees of private organizations and State and local governments who are either under contract to, or have access agreements with, the Federal government and who require access to Federally controlled facilities and computer systems • Full-time and part-time employees of private institutions who require access to Federally controlled facilities and computer systems under the terms of a Federal grant • Federal guest workers, long term frequent visitors (e.g., press corps members), and employees of private institutions having agreements with the Federal government for their employees to work in Federal facilities • The PIV standard does not apply to identification associated with national security systems as defined by 44 U.S.C. 3542(b)(2).

  6. Personal Identity Verification Requirements HSPD: Policy for a Common Identification Standard •Departments and agencies shall have a program in place to ensure conformance within 4 months after issuance of FIPS •Departments and agencies to identify applications important to security that would benefit from conformance to the standard within 6 months after issuance •Compliance with the Standard is required in applicable Federal applications within 8 months following issuance 6

  7. Personal Identity Verification Threats General Threat: Unauthorized access to physical facilities or logical assets under the protection umbrella of the PIV System and in which a PIV card is employed in access control processes. • Improper issuance of valid card to malicious holder • Counterfeiting of cards - Intercept or probing to access stored information - Successful cryptanalytic attacks against stored protected information • Use of stolen or borrowed card to gain access - Intercept/technical surveillance to capture PIN(s) • Use of card issued for access to lower sensitivity/criticality assets to achieve access to more sensitive/critical assets 7

  8. Representative Countermeasures • No single mechanism adequate with respect to postulated threats • No completely foolproof answer • Can make improvements over current situation 8

  9. Some Representative Countermeasures Improper Issuance of Valid Card to Malicious Holder Use of source documents [Note: notoriously weak “proof” of ID] Application made only by accredited sponsor Formal review and approval of application Inclusion of source document copies with application Display of source documentation to issuer by “holder” at time of issuance 9

  10. Some Representative Countermeasures Counterfeiting Holographic organizational seal of issuer and/or other issuer ID hologram integrated into card ID or Serial number burned into chip Digital signature by issuer of all stored identifying information Encryption of stored identifying information Mechanism for checking holder ID and card ID or serial number with issuer records Integration of PIN (not recorded on card) with cryptographic authentication process 10

  11. Some Representative Countermeasures Use of Stolen (or Borrowed) Card to Gain Access Card accountability procedures (e.g., reporting/publication of lost card lists) Use of PIN(s) not recorded on card (e.g., in challenge/ response to counter use of lost cards) Use of biometric input from card holder and verification at time of access request Visual inspection of card holder image with image of person claiming to have been issued the PIV card. 11

  12. Some Representative Countermeasures Use of Card Issued for Access to Lower Sensitivity/Criticality Assets to Achieve Access to More Sensitive/Critical Assets Electronic credentials for each level authorized Color coding or pattern changes on physical card representing level(s) authorized Local access authorization procedures 12

  13. FIPS Development Process • Public Announcement on Intent/Scope – HSPD-12: Policy for Common Identification Standard for Federal Employees/Contractors – Federal Register Notice #1: Scope/Workshop • Draft Standard: Applicability, Foundation, Scope, Specifications, Implementations • Government and Public Comments Solicited – TIWG Review and Federal Register Notice #2 • Revision of Standard: From Comments • Publication/Promulgation of Standard – Federal Register Notice #3 announcing Standard 13

  14. Phase I Personal Identity Verification Standard for Federal Government Employees and Contractors • Promulgate Federal Information Processing Standard within 6 months • Establish requirements for: Identity Token (ID Card) Application by Person Identity Source Document Request by Organization Identity Registration and ID Card Issuance by Issuer Access Control (Determined by resource owner) Life Cycle Management 14

  15. Phase I (Continued) Strawman Design • Integrated circuit card-based identity token (i.e., ID Card). • Standard at framework level with minimum mandatory implementation for interoperability specified. • Basis for specification of issuer accreditation and host system validation requirements . • Basis for specification of ID card, data base infrastructure, protocols, and interfaces to card. • Card/token issuance based on request by sponsoring government organization, I-9 Identity Source Documents, and background checks appropriate to access level, and approval by authorized Federal official. • Biometric and cryptographic mechanisms. 15

  16. Phase I (Continued) Issue: Inclusion of Contactless Capability (ISO/IEC 14443) • Physical Access Control – Permits moving enough people “through the gate” in a unit of time • ICAO selected contactless technology for the next generation passport ICAO (for traveler authentication ) • State is using small numbers of contact cards for physical access • FICC workgroup on physical access has selected contactless technology 16

  17. Phase I (Continued) Issue: Inclusion of Biometric Data •Biometric mechanisms equivalent to a PIN from a security architecture point of view •User can't give away, lose, or forget his/her biometric •Whether these features significantly improve the security of a given system is open to debate •Some experts feel that a card + PIN provides the same assurance level as a card + biometric 17

  18. Phase I (Continued) Concept of Operations 6 2 4 I-9 I-9 5 3 ? 1 8 1 – Apply 5- Issue 2 – Request through channels 6 – Record 3 – Appear 7 - Attempt Access 9 4 – Process 8 – Verify 9 - Access 7 18

  19. Phase I (Continued) UNITED STATES GOVERNMENT DEPARTMENT OF COMMERCE Mandatory Card Characteristics Basic: BARKER WILLIAM ISO/IEC 7810 Physical Characteristics ISO/IEC 7816 Contact Chip Expires 12/04 ISO/IEC 14443 (Parts 1-4 Draft) Proximity Card CONTRACTOR ISO/IEC 24727 (Future) Interoperability Specification [NIST IR 6887] USANIST0101842 Issuer: USADOCNIST00001 Mandatory Features Specification*: https://security1.nist.gov Cryptographic Specification (2048 Bit RSA, This credential is the property of the 256 Bit AES, SHA 256) U.S. Department of Commerce. Counterfeiting, altering, or misusing violates Section 499, Title 18 of the U.S. Code Fingerprint Image Specification Drop in any post office box for return. Photographic Image Specification Return to: NIST 100 Bureau Drive Stop 3533 * Illustrative examples only Gaithersburg, MD 20899 Form 277 (Revised 2/2005) 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Information Security and Privacy Board Background and current status Use of Hashing Algorithms

Information Security and Privacy Board Background and current status Use of Hashing Algorithms

Information Security and Privacy Board Background and current status Use of Hashing Algorithms in the U.S. Federal Personal Identity Verification Program Biometrics Storage Format Selection for the U.S. Federal Personal Identity

258 views • 14 slides
Special Publication 800- -73: 73: Special Publication 800 Interfaces for Personal Identity

Special Publication 800- -73: 73: Special Publication 800 Interfaces for Personal Identity

Special Publication 800- -73: 73: Special Publication 800 Interfaces for Personal Identity Interfaces for Personal Identity Verification Verification Jim Dray PIV Implementers Workshop June 27, 2005 SP800- -73 Structure 73 Structure

541 views • 18 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Proctoring & Identity Verification CHARLES PERKINS & ANGE SULLIVAN Cheating Identity

Proctoring & Identity Verification CHARLES PERKINS & ANGE SULLIVAN Cheating Identity

Proctoring & Identity Verification CHARLES PERKINS & ANGE SULLIVAN Cheating Identity Proctoring Verification Pre-empts Monitors Students Intruders Academic Integrity I have cheated on an assignment, quiz or test. o

298 views • 9 slides
SaaS Platform Identity Verification True Professionals Organizations need to automate their

SaaS Platform Identity Verification True Professionals Organizations need to automate their

Identity Verification SaaS Platform Identity Verification True Professionals Organizations need to automate their onboarding processes making sure they know who is on the other side. Challenges Ideal Solution Expectations As the majority

454 views • 4 slides
What is Identity Theft? "Someone obtaining your personal identifying information without

What is Identity Theft? "Someone obtaining your personal identifying information without

Identity Fraud: Protecting Your Identity Between Work and Play Ryan Sothan, Outreach Coordinator Nebraska Department of Justice, Office of the Attorney General Consumer Protection and Anti-Trust Division What is Identity Theft?

314 views • 18 slides
Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online identity management (OIM) - Online personal/business branding also known as personal reputation management -The created presence of a person on the

471 views • 8 slides
Personal Brand How to set yourself apart, clarify your unique professional identity, and build a

Personal Brand How to set yourself apart, clarify your unique professional identity, and build a

Building Your Personal Brand How to set yourself apart, clarify your unique professional identity, and build a stellar reputation for yourself on purpose! Presented by Matt Youngquist President, Career Horizons What the heck is personal

453 views • 14 slides
Employees Have Diversified Retirement Pension, Social Security and Personal Savings Four state

Employees Have Diversified Retirement Pension, Social Security and Personal Savings Four state

Budget Presentation to the Senate Finance Committee for Fiscal Years 2020-2021 Porter Wilson, Executive Director Employees Retirement System of Texas January 23, 2019 Employees Have Diversified Retirement Pension, Social Security and Personal

462 views • 15 slides
Form I-9, Employment Eligibility Verification Facilitator: Nicole Zamary 474-2608

Form I-9, Employment Eligibility Verification Facilitator: Nicole Zamary 474-2608

Form I-9, Employment Eligibility Verification Facilitator: Nicole Zamary 474-2608 nzamary@uwf.edu What is an I-9? Form completed by the employee and employer which verifies the employees: Identity, and Eligibility to work

353 views • 21 slides
DHEC legal responsibilities currently touch on more than 360 State and Federal statutes and

DHEC legal responsibilities currently touch on more than 360 State and Federal statutes and

With locations in all 46 counties across the state, the DHEC team is currently over 3,300 employees strong . As of Oct. 22, this includes: 2,975 full- time employees (FTEs) 116 temporary grant employees 2 time limited employees

426 views • 13 slides
Forecast verification 4th VALUE Training School Jonas Bhend, Sven Kotlarski Forecast verification

Forecast verification 4th VALUE Training School Jonas Bhend, Sven Kotlarski Forecast verification

Federal Department of Home Affairs FDHA Federal Office of Meteorology and Climatology MeteoSwiss Forecast verification 4th VALUE Training School Jonas Bhend, Sven Kotlarski Forecast verification is the process of comparing forecasts with

379 views • 26 slides
INDEPENDENT VERIFICATION AND VALIDATION OBJECTIVES To Define Independent Verification &

INDEPENDENT VERIFICATION AND VALIDATION OBJECTIVES To Define Independent Verification &

INDEPENDENT VERIFICATION AND VALIDATION OBJECTIVES To Define Independent Verification & Validation (IV&V) and its Benefits To Understand the Federal Requirements for IV&V To Provide the Federal Perspective on IV&V

489 views • 38 slides
Basic Considerations Importance of maintaining personal identity Consideration for the

Basic Considerations Importance of maintaining personal identity Consideration for the

Basic Considerations Importance of maintaining personal identity Consideration for the concerns of family MASS FATALITIES members of the deceased Responding to the variety of religious concerns while dealing with the necessities

408 views • 6 slides
Personal Protective Equipment OSHA Office of Training and Education 1 Protecting Employees from

Personal Protective Equipment OSHA Office of Training and Education 1 Protecting Employees from

Personal Protective Equipment OSHA Office of Training and Education 1 Protecting Employees from Workplace Hazards Employers must protect employees from hazards such as falling objects, harmful substances, and noise exposures that can

615 views • 39 slides
M any employers continue to express other times, the employees federal and state concern

M any employers continue to express other times, the employees federal and state concern

G Employment Law Alert December 1998 Family Medical Leave Under Federal and New Jersey Law By: Martha L. Lester, Esq. and Julie Levinson Werner, Esq. M any employers continue to express other times, the employees federal and state concern

393 views • 4 slides
TEXAS DIVISION OF EMERGENCY MANAGEMENT TDEM Initiatives Implement 44 recommendations made in

TEXAS DIVISION OF EMERGENCY MANAGEMENT TDEM Initiatives Implement 44 recommendations made in

TEXAS DIVISION OF EMERGENCY MANAGEMENT TDEM Initiatives Implement 44 recommendations made in Eye of the Storm Report; Governors Commission to Rebuild Texas, released November 2018. TDEM Initiatives Texas Government Code Chapter 418

610 views • 38 slides
CHANGING THE STORY of Albuquerques Systems for People Experiencing Homelessness Over the

CHANGING THE STORY of Albuquerques Systems for People Experiencing Homelessness Over the

CHANGING THE STORY of Albuquerques Systems for People Experiencing Homelessness Over the course of 2018, approximately 5,615 THE SCALE households experienced homelessness in Albuquerque Coordinated Entry System Data CY2018, compiled by

780 views • 20 slides
Utilizing Volunteers in Emergency Response Addressing Liability and Managing the Risk in West

Utilizing Volunteers in Emergency Response Addressing Liability and Managing the Risk in West

Utilizing Volunteers in Emergency Response Addressing Liability and Managing the Risk in West Virginia June 2012 Claire Lee Reiss, J.D., ARM, CPCU National League of Cities Risk Information Sharing Consortium creiss@nlcmutual.com

903 views • 48 slides
Budget Committee Meeting July 23, 2019 Call to Order Budget Committee Facilitated by: Tom

Budget Committee Meeting July 23, 2019 Call to Order Budget Committee Facilitated by: Tom

Budget Committee Meeting July 23, 2019 Call to Order Budget Committee Facilitated by: Tom White Approval of the Agenda Budget Committee - Agenda Item #1 Facilitated by: Tom White Approval of the Agenda: 1. Approval of the Agenda

888 views • 68 slides
An Inside Look at Electric Reliability 2016 Electric Reliability Report Stockton, California

An Inside Look at Electric Reliability 2016 Electric Reliability Report Stockton, California

An Inside Look at Electric Reliability 2016 Electric Reliability Report Stockton, California Bakersfield, California November 6, 2017 November 3, 2016 2 Welcome David Meier Senior Manager, Stockton Division 3 Agenda Overview of our

469 views • 25 slides
School Preparedness Plan Updated March 2020 ELIZABETH P PUBLI BLIC S SCHO HOOLS LS Second

School Preparedness Plan Updated March 2020 ELIZABETH P PUBLI BLIC S SCHO HOOLS LS Second

School Preparedness Plan Updated March 2020 ELIZABETH P PUBLI BLIC S SCHO HOOLS LS Second largest district in New Jersey 29 Pre K 8 Schools: 2 Gifted and Talented Schools Other White 0.2% Black 7.8% 4 Magnet Schools

467 views • 46 slides
Community Emergency Response Team (CERT) Do the Greatest Good for the Greatest Amount of

Community Emergency Response Team (CERT) Do the Greatest Good for the Greatest Amount of

Gerrish Township Community Emergency Response Team (CERT) Do the Greatest Good for the Greatest Amount of People AGENDA BACKGROUND PERSONNEL PURPOSE/CHARTER EVENTS SUPPORTED ORGANIZATION REQUESTING SUPPORT

274 views • 23 slides
for an Emergency at MEMA Devens Eco-Efficiency Center EHS Roundtable Meeting October 13, 2017 1

for an Emergency at MEMA Devens Eco-Efficiency Center EHS Roundtable Meeting October 13, 2017 1

MASSACHUSETTS EMERGENCY MANAGEMENET AGENCY Life in the Fast Lane Preparing for an Emergency at MEMA Devens Eco-Efficiency Center EHS Roundtable Meeting October 13, 2017 1 AGENDA Overview of MEMA States Comprehensive Emergency

799 views • 42 slides

More recommend