On August 27, 2004, President Bush signed Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors. The goal was to create a highly secure, new standardized ID card that is recognized and trusted across the government. The purpose was to improve security, increase efficiency, discourage identity theft/fraud and to protect privacy.
Based upon this directive, the National Institute for Standards and Technology (NIST) developed standards which outline the minimum requirements for Federal personal identification verification (PIV) system. The new system is called the LincPass which provides tamper-proof identification cards that authenticate federal employees and contractors before allowing access to Federal facilities and information systems.
Incorporating stronger authentication technologies into Access Control Systems, such as PIV and PIV-I cards, is a critical aspect of mitigating the risk of physical security breaches. The standardization improves security by preventing fraudulent or expired credentials and also ensures the card holder is the actual individual whom it was issued.
If your organization is looking to implement a PIV system, critical security functions are broken down into:
Technical Controls
- Identification and Authentication
- Access Control
- Audit and Accountability
- System and Communications Protection
Operational Controls
- Configuration Management
- Contingency Planning
- Physical and Environmental Protection
- System and Information Integrity
- Awareness and Training
Management Controls
- Security Assessment and Authorization
- Planning
- Risk Assessment
Once the PIV compliant system is in place, the agency must also implement auditable policies and procedures for granting and disabling PIV cards.
By understanding the differences between legacy access control credentials and a PIV compliant system, your organization can make better decisions about security and compliance.
For more information contact a qualified HSPD-12 service provider or consult the IDManagement.gov Website of the US Government.