Verifying the identity of individuals both within an organization and among different organizations has become critically important. Although the skill sets and technologies for logical and physical access remain specialized, requirements for uniform security policy enforcement and the adoption of new access control technologies are driving dramatic and necessary changes to integrate both functions and systems, according to recent white paper by the Smart Card Alliance, Princeton Junction, N.J.

A prime example is Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush in mid-2004. This policy aims to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy.

HSPD-12 also requires that the Federal credential (the Personal Identity Verification or PIV card) be secure and reliable and that:

• Is issued based on sound criteria for verifying an individual’s identity;
• Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
• Can be rapidly authenticated electronically; and
• Is issued only by providers whose reliability has been established by an official accreditation process

The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, early last year. The FIPS 201 PIV card is to be used for both physical and logical access control, and other applications as determined by the individual agencies.

FIPS 201 incorporates three technical publications that may change as the standard is implemented and used. Interfaces for Personal Identity Verification specify the interface and data elements of the PIV card; Biometric Data Specification for Personal Identity Verification specifies technical acquisition and formatting requirements for biometric data of the PIV system; and Cryptographic Algorithms and Key Sizes for Personal Identity Verification specify the acceptable cryptographic algorithms and key sizes for the PIV system.

In addition, a number of guidelines, reference implementations and conformance tests have been identified.

For FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005, or Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006, go to www.smartcardalliance.org. For information on how biometrics fits into FIPS 201, check the Biometrics Consortium at www.biometrics.org. NIST data on PIV is at www.csrc.nist.gov/piv-program. Or use the Security Magazine search engine LINX, powered by Google.

Alphabet Soup

HSPD-12 mandates the establishment of a standard for identification of Federal Government employees and contractors. It requires the use of a common identification credential for both logical and physical access to Federally-controlled facilities and information systems. FIPS 201 and the NIST special publications supporting FIPS 201 provide guidance for implementing the HSPD-12 requirements for a common Federal identification credential.

Links

• Visit: www.smartcardalliance.org
• Visit: www.smartcardalliance.org
• Visit: www.biometrics.org
• Visit: www.biometrics.org
• Visit: www.csrc.nist.gov/piv-program
• Visit: www.csrc.nist.gov/piv-program