PIV%201 - PowerPoint PPT Presentation

About This Presentation
Title:

PIV%201

Description:

Credentials may be issued by authorized entity only to ... How will you mange the change program? How will you communicate changes to the organization? ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 10
Provided by: Dod90
Category:
Tags: piv | mange | minge

less

Transcript and Presenter's Notes

Title: PIV%201


1
PIV 1
  • Ketan Mehta
  • Ketan.mehta_at_nist.gov
  • May 5, 2005

2
PIV 1
  • What does it mean to agencies
  • Role-based vs System-based Models
  • Moving forward

3
What does PIV I mean to agencies?
PIV I requires
PIV I does not specify
  • Credentials may be issued by authorized entity
    only to individuals whose true identity has been
    verified
  • Only an individual with a background
    investigation on record may be issued a
    credential
  • Fraudulent identity source documents are not
    accepted as genuine and unaltered
  • A person suspected or known to the government as
    being a terrorist is not issued a credential
  • No substitution occurs in the identity proofing
    process 
  • No credential is issued unless requested by
    proper authority 
  • A credential remains serviceable only up to its
    expiration date
  • A single corrupt official in the process may not
    issue a credential with an incorrect identity or
    to a person not entitled to the credential
  • An issued credential is not modified, duplicated,
    or forged. Separation of roles
  • A particular card technology
  • Requirements for fingerprint biometrics
  • Composition of the Identity Credentials
  • Roles within an agency
  • Identity proofing process or implementation
    models
  • Integration of Physical and Logical access
    security

4
Role-based Model
ApplicantThe individual to whom a PIV credential
needs to be issued. PIV SponsorThe individual
who substantiates the need for a PIV credential
to be issued to the Applicant, and provides
sponsorship to the Applicant. The PIV Sponsor
requests the issuance of a PIV credential to the
Applicant. PIV RegistrarThe entity responsible
for identity proofing of the Applicant and
ensuring the successful completion of the
background checks. The PIV Registrar provides
the final approval for the issuance of a PIV
credential to the Applicant. PIV IssuerThe
entity that performs credential personalization
operations and issues the identity credential to
the Applicant after all identity proofing,
background checks, and related approvals have
been completed. The PIV Issuer is also
responsible for maintaining records and controls
for PIV credential stock to ensure that stock is
only used to issue valid credentials.
5
System-based Model
Approval Authority / Registrar
2
1
3
Employer/ Sponsorship / Sponsor
5
Employee Application
Employee Enrolls
6
7
4
8
Issuer -Card Activation / Issuer
Numbers Indicate Functional Areas of
Responsibility Green functions manageChain of
Trust for Identity Verification
6
Understand your current environment
Employees
Employees
Partners
Partners
Administrator
Customers
Customers
User information fragmented, duplicated and
obsolete Redundant processes Little to no
visibility or auditability
Administrator
Administrator
Administrator
Email
Timesheets
Engineering
HR
Expense
Customers
Applications and Data
Information
Systems Resources
7
Agencies should look to bring coherence to user
identities, roles, privileges, and policies
User Management Sets up and maintainsuser
accounts and privileges (Digital Identities)
Credentialing Assigns and manages attributes
used to validate a users identity (Credentials)
Storage Stores user credentials,privileges, and
other attributes
Authentication Validates identities basedon
their credentials (Who you are)
Authorization Grants user access to resources
based on a secondary set of attributes (What you
can access)
Users
Resources
8
Only 20 of the planning involves technology
9
Agencies that adopt a strategy based approach to
their PIV investments will achieve the best
return on their investment
Strategy Based Approach Produces Maximum ROI
Define The Need
Architect the Solution
Manage Construction
What is your current environment?
What form will your solution take?
How will you implement?
  • What is your current baseline?
  • Who are responsible for identity management in
    your agency?
  • What are the current processes?
  • What FIPS 201 objectives are not met in the
    current environment?
  • What are the gap areas?
  • What are your architecture choices?
  • Insource / Outsource
  • Federation vs. Not Fed
  • Trust Path
  • What is your migration strategy?
  • What stages will your implementation follow?
  • How will you leverage prototypes and pilots?

How will you manage?
  • How will you mange the change program?
  • How will you communicate changes to the
    organization?
  • How will you mitigate program risks?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "PIV%201" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!