Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Identity Management

FAQ: How to Ensure a Smarter PIV Program

By Mark Steffler
govt 1 feat
February 25, 2014

The common identification standard for all federal employees and contractors is the Personal Identity Verification (PIV) smart card, defined by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standard (FIPS) 201. Virtually every government employee and contractor requiring access for a period of six months or longer is required to obtain, carry and use a PIV card. After many years, nearly all qualified individuals have the card, however everyday use of this electronically verifiable card to obtain both logical and physical access to secured government assets remains a work in progress.  Recent GSA and OMB directives have created a host of new challenges for government agencies in accomplishing this vital mission. The good news for these government departments and agencies is that commercial off the shelf (COTS) software platforms and applications now exist that will help resolve these problems.

Below are answers to a few frequently asked questions about the PIV program and how technology is solving some of the complex issues related to managing identities and access privileges across agencies.

  • Rules & Regulations
  • How to Implement
  • How PIV Programs Work
  • PIAM Benefits

What Rules and Regulations Pertain to and/or Govern the Use of a PIV Card?

The Federal Chief Information Officers (CIO) Council established the Identity, Credential and Access Management Subcommittee in 2008 to guide departments in how to use the PIV Card for all access needs appropriate to their mission. This group published the Federal Identity Credential and Access Management (FICAM) Roadmap and Implementation Guidance document (FICAM Roadmap). OMB issued Memorandum M-11-11 in early 2011, with the memorandum stating that all federal agencies must align with the FICAM Roadmap. The GSA also maintains an Approved Products List (APL) of components that meet the FIPS 201 and elaborated FICAM requirements.

How is the Program Implemented?

While FICAM has provided a roadmap for government agencies to plan and execute identity, credential and access management programs that address common identity requirements, it by no means provides the concrete details of how the programming should be implemented. As a result, numerous concerns and issues have arisen in the issuance and utilization of PIV cards.

At the present time, many separate agencies of the federal government take individual responsibility to issue PIV cards to their own employees and contractors, while others choose to get PIV cards through the GSA’s USAccess Program. However, in order for the entire government to to align with FICAM, it is necessary for all physical access control systems (PACS) across all government agencies to achieve the target modernized state characterized by an enterprise connected architecture and be fully PIV-enabled. This means that a PIV card must be authenticated at the time of initial registration, be continuously verified against the certificate revocation lists (CRLs) and even be verified at time of use.

The various challenges presented by the need to comply with PIV standards and maintain the safest possible environment have delayed the full adoption of this protocol by many government agencies. However, there is technology in existence today that will solve these problems, sustain valid identities 24/7 and create an identity firewall around the organization.

How Does the Technology Solution Work?

As a FICAM solution, Physical Identity and Access Management (PIAM) software provides processes that integrate the intersection of digital identities, various credentials and physical identities into a comprehensive policy-based management approach. It streamlines and consolidates disparate systems into a single and centralized FICAM-aligned, integrated and auditable system. PIAM software provides a one-step, policy-based approach to manage and enroll PIV cardholders, together with biometric/biographic data captured from the PIV card, into various physical access control systems (PACS). Lifecycle management of the PIV card in PACS, including registration, status inquiry, lost/stolen cards, provisioning and revocation, expiration and so on, can all be managed centrally.

What Benefits Are Achieved with a PIAM solution?

Implementing this type of software solution will help government agencies preserve and leverage their existing investments in technology and data, reduce future costs and simplify many complex procedures. A robust and technologically advanced software solution to address the current challenges will provide a policy-based approach to managing and enrolling PIV cardholders into diverse PACS and constantly updating the associated authorization levels. This will enable the flexible enrollment, validation and processing of individuals gaining temporary or long-term access to a given facility, along with a policy-based approach to guard against fraud and foster real-time audit and compliance – without changing the user’s existing physical security infrastructure.

Additional benefits of PIAM software include automatic enrollment of any newly issued PIV credentials, including biometric/biographical data capture from the PIV card, in all of the diverse PACS across every government agency. The software will further enable interoperability between every PACS system and logical authoritative identity systems across all agencies, including LDAP/IdM/HR systems or other third-party PIV database applications. It will establish a single reference point of all cardholders, both PIV and non-PIV, across agencies and across diverse PACS and Logical Access Control Systems (LACS). There will be a single, centralized, rules-based process for access privilege provisioning and ongoing access management within and across agencies. The lifecycle of PIV cards including PIV card activation, status inquiry, lost or stolen cards, provisioning and revocation, card expiration policies and so on, will be managed in the physical access control system. Finally, the solution will encompass Web-based visitor enrollment and management for PIV and non-PIV cardholders.

KEYWORDS: ID badges NIST standards PIV card security compliance

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mark Steffler, Vice President, Federal Practice, Quantum Secure

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • police1-900px.jpg

    How to Build a Better Ballistics Analysis Strategy

    See More
  • networking-security-freepik

    How to build a better corporate social media policy

    See More
  • alone-enews

    How to Manage Lone Worker Safety in a Dynamic World

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing