Department%20of%20Veterans%20Affairs%20Personal%20Identity%20Verification%20(PIV)%20Program

1
Department of Veterans Affairs Personal Identity
Verification (PIV) Program

• Brian Epley, VA PIV Program Manager

August 14, 2007
2
Agenda

• History
• Authentication Authorization Infrastructure
  Program (AAIP)
• Required Changes
• Current State and Future Goals
• PIV 0.5
• PIV 1.0
• PIV 2.0
• PIV
• Architecture
• Achievements
• National Deployment Schedule
• Resources

3
VA PIV History

• Experience - Oct 2004, VA conducted a 10-month
  pilot that included
• Issued 1,100 cards prior to HSPD-12
• Provided logical and physical access
• Three digital certificates
• Used an application process similar to the PIV
  process
• Investment - VA procured a substantial amount of
  resources to support earlier smart card
  initiative
• 85,000 smart cards
• Front-end and Back-end components (servers,
  workstations, printers, etc.)
• Business Requirement - VAs unique operational
  mission requires a tailored solution
• Large affiliate population (80,000) requires
  OneVA (non-PIV) cards
• 24-hour turn around on issuance
• 24/7 Help desk support

4
VA PIV History (Continued)

• Increased Return on Investment
• VAs focus is to advance the use of identity and
  access management (IAM) across the Department
• Mapping of user privileges
• Provisioning and deprovisioning services
• Synchronization of data with authoritative
  sources
• Rights management with standardized Role Based
  Access Control (RBAC) models
• Management of entity profiles
• The IAM solution can be used to support
  management of veteran identities
• Establishing an enterprise IAM backbone within
  the VA will save millions of dollars

5
VA PIV Status

• The Department of Veteran Affairs successfully
  complied with HSPD 12
• Issued first card to PCI Manager October 20th
• Issued twelve credentials to Sponsor, Registrar
  and Issuers between October 20th and October 26th
• Issued three ID credentials to employees October
  27th
• Issued 1,400 credentials since October 27th
• VA legacy cards (ActivCard Applet v.2 on
  Cyberflex Access 64k v.1)
• Provide logical and physical access
• Have three digital certificates
• Comply with topographical requirements
• Key Differences
• Does not have fingerprints loaded on the card
• The card stock is non-compliant
• VA will begin PIV National Deployment September
  2007
• 24-month deployment to implement PIV Enrollment
  Operations Centers at approximately 225 field
  locations serving 1,200 facilities across CONUS

6
PIV Architecture - Version 0.5October 2006

• PIV 0.5 Objectives
• Interim FIPS-201 Compliance
• -Smart Cards -Authentication -Unique IDs
  -Digital Signature -Email encryption
• Disaster Recovery Capability

7
PIV Architecture - Version 2.0

• PIV 2.0 Objectives
• Full Compliance with FIPS 201
• -Smart Cards -Authentication -Unique IDs
  -Digital Signature -Email encryption
• Disaster Recovery Capability
• Help Desk
• Establish VA Interfaces
• Establish Federal Enterprise Interfaces

8
PIV Architecture Version 3.0Future Enterprise
Integration

• PIV 3.0 Objectives
• Integrate into VA Enterprise Architecture
• Establish SSO with additional enterprise
  applications
• Link authoritative data sources using IAM
  backbone
• Establish interoperability with other Shared
  Service Providers
• Add 3rd Data Center leg for load-balancing
  across CONUS
• Integrate VA PIV with GSA MSO and Federal peers

9
Achievements

• VA PIV is 1 of 4 Successful Federal HSPD-12
  programs
• PIV is currently in production at VACO
• Issued 1,400 credentials that support
• Smartcard authentication
• Unique IDs
• Digital signature
• E-mail encryption
• PIV participated in OED IAM Workshop to identify
  duplicative requirements and enterprise solutions
  to meet the needs of
• Active Directory
• VBA Loan Guarantee Program, VIP
• OSLE Security Investigations Center (SIC)
• Centralized and timely adjudication
• VHA VBA
• VHA EA IntegrationSSO

10
Enterprise Integration Achievements

• Sharing data sets based on correlated Unique
  Identifier (UID)
• Active Directory
• PAID
• Combined program requirements
• VBA
• Loan Guarantee Program
• OneVA VIP Portal
• EA OneVA Portal/SSO
• VHA
• Resource collaboration
• e-Authentication
• Soft Certificate initiative
• DoD/CAC

11
PIV National Deployment

• Site transformation from PIV-1 Process to
  incorporate use of PIV systems to achieve HSPD-12
  compliance and unified OneVA credentials
• 24-month deployment to implement PIV Enrollment
  Operations Centers at approximately 225 field
  locations serving 1,200 facilities across US
• Multi-Administration collaboration to determine
  VISN/Region geographic sequence
• Based on VISN/Region site readiness
• Involves comprehensive 120-day preparation

12
Deployment Schedule
13
(No Transcript)
14
VA PIV Resources

• VA PIV Intranet site
• vaww.va.gov/PIVproject
• VA PIV PMO e-mail address
• VAPIVPRO_at_va.gov
• VA PIV Team members
• PIV Executive Steering Committee
• Brian Epley, Program Manager
• Gloria A. Harris, Business Manager
• Leonard Kenon, Project Manager
• Maurice Claggett , Project Manager
• Multiple contract resources
• Multiple Working Groups