Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide - PowerPoint PPT Presentation

Loading...

PPT – Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide PowerPoint presentation | free to download - id: 6ae41f-YzIyM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide

Description:

Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Educause Conference 2007 – PowerPoint PPT presentation

Number of Views:1
Avg rating:3.0/5.0
Date added: 15 May 2019
Slides: 18
Provided by: LindaSam1
Learn more at: http://net.educause.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide


1
Federal Identity Management and Homeland
Security Presidential Directive 12 David
Temoshok Director, Identity Policy and
Management GSA Office of Governmentwide
Educause Conference 2007 October 24, 2007
2
Presidents Domestic Agenda
  • Presidents Management Agenda
  • Strategic Management of Human Capital
  • Competitive Sourcing
  • Improved Financial performance
  • Expanded Electronic Government
  • Budget and Performance Integration
  • E-Government Act of 2002
  • OMB Office of E-Government and Technology

3
Presidents E-Gov Agenda
Government to Citizen
Government to Business
Lead GSA Treasury DoED DOI Labor
Lead GSA EPA Treasury HHS SBA DOC
  • 1. Federal Asset Sales
  • 2. Online Rulemaking
  • Management
  • 3. Simplified and Unified
  • Tax and Wage Reporting
  • 4. Consolidated Health
  • Informatics
  • Business Gateway
  • Intl Trade Process Streamlining

1. USA Service 2. EZ Tax Filing
3. Online Access for Loans 4.
Recreation One Stop 5. Eligibility Assistance
Online
Cross-cutting Infrastructure E-Authentication GSA
Government to Govt.
Internal Effectiveness and Efficiency Lead
Lead SSA HHS FEMA DOI FEMA
OPM OPM OPM GSA OPM OPM GSA NARA
1. e-Training 2.
Recruitment One Stop 3. Enterprise HR
Integration 4. e-Travel 5. e-Clearance 6.
e-Payroll 7. Integrated Acquisition 8. e-Records
Management
1. e-Vital (business case) 2. Grants.gov 3.
Disaster Assistance and Crisis Response 4.
Geospatial Information One Stop 5.
Wireless Networks
4
E-Authentication Key Policy Points
  • For Government-wide deployment
  • No National ID
  • No National unique identifier
  • No central registry of personal information,
    attributes, or authorization privileges
  • Different authentication assurance levels are
    needed for different types of transactions
  • Authentication not authorization
  • For E-Authentication technical approach
  • No single proprietary solution
  • Deploy multiple COTS products users choice
  • Products must interoperate together
  • Controls must protect privacy of personal
    information

5
Four Authentication Assurance Levelsto meet
multiple risk levels M-04-04
HSPD-12 PIV Card
Increased Cost
Multi-Factor Token
PKI/ Digital Signature
Biometrics
Knowledge
-
Based
Very
Strong Password
High
High
-
PIN/User ID
Medium
Low
Employee
Applying
Obtaining
Access to
Screening
Govt.
for a Loan
Protected
for a High
Benefits
Online
Website
Risk Job
Increased Need for Identity Assurance

6
Central Issue with Federated Identity Who do
you Trust?
300 Million Americans Millions of
Businesses State/local/global Govts
Governments Federal States/Local International
Travel Industry Airlines Hotels Car
Rental Trusted Traveler Programs
Federal Identity Federation Trust
Higher Education Universities Higher
Education PKI Bridge
E-Commerce Industry ISPs Internet
Accounts Credit Bureaus eBay
Healthcare RHIOs IHE Healthcare providers
Financial Services Industry Home
Banking Credit/Debit Cards
Absent a National ID, the e-Authentication
initiative has used federated identity through
trusted credentials providers at determined
assurance levels.
7
Core Identity Federation Infrastructure
  • Trust
  • Establish common trust model
  • Interoperability
  • Determine intra-Federation protocol/communication
    standards and architecture
  • Administer common interface specifications, use
    cases, profiles
  • Test all products and interfaces for compliance
  • Manage Relationships
  • Establish and administer common business rules
  • Manage relations among relying parties and CSPs
  • Manage compliance/dispute resolution
  • Key Federal Identity Federations Core
    Infrastructure
  • HSPD-12
  • E-Authentication Initiative
  • Federal PKI and the Federal Bridge Certificate
    Authority

8
The HSPD-12 Mandate
Home Security Presidential Directive 12
(HSPD-12) Policy for a Common Identification
Standard for Federal Employees and
Contractors -- Signed by President August
27, 2004
  • HSPD-12 has Four Control Objectives
  • Issue Identification based on sound criteria to
    verify an individuals identity.
  • Strongly resistant to fraud, tampering,
    counterfeiting, and terrorist exploitation.
  • Personal Identity can be rapidly authenticated
    electronically.
  • Issued by providers whos reliability has been
    established by an official accreditation process.

9
Key Milestones
October 27, 2005
 
10
Government-wide Implementation Strategy
  • OMB provides policy and implementation guidance.
  • NIST provides HSPD-12 process and technical
    requirements (FIPS 201 and associated Special
    Publications).
  • GSA (OGP and FAS) provides government-wide
    implementation and acquisition assistance,
    coordinates agency implementation through the
    Federal Identity Credentialing Committee,
    develops and tests interface specifications for
    interoperability, and serves as Executive Agent
    for Acquisition for approval of products and
    services for the implementation of HSPD-12.
  • Interoperability of HSPD-12 systems across
    government is required. Agency implementation is
    controlled through Approved Product List,
    acquisition controls, and Standard Interface
    Specifications.
  • GSA is designated to provide shared services and
    infrastructure for government-wide implementation
    (MSO).
  • Extremely aggressive milestones are needed to
    maintain focus and momentum.

11
Multiple PIV Authentication Technologies
  • To provide multiple authentication assurance
    levels, FIPS 201 requires multiple authentication
    technologies
  • Authentication using PIV Visual Credentials
    Facial Image
  • Authentication using the Cardholder Unique
    Identifier (CHUID) contact or contact-less
  • Authentication using PIN
  • Authentication using Biometric (match on/off
    card) fingerprint template
  • Authentication using PIV asymmetric Cryptography
    (PKI) authentication digital certificate
  • Optional biometric(s) and cryptographic keys (3)

Something I have PIV Card, Keys Something I
know - PIN Something I am Biometric
12
Key Architecture Design Considerations
  • Architecture must support multiple authentication
    technologies PIN, biometric template, CHUID,
    authentication keys.
  • Architecture must support multiple protocols
    for credential validation and electronic
    authentication.
  • Federal Government will not mandate a single
    proprietary solution, therefore, Architecture
    must support multiple COTS products.
  • All architecture components must interoperate
    with ALL other components (see www.idmanagement.go
    v) requires product and systems testing.
  • Interface specifications are necessary for
    inter-system data exchange.
  • Controls must protect privacy of personal
    information.

13
Status of GSA FIPS 201 Evaluation Program
  • OGP administers the FIPS-201 Evaluation Program
    to determine conformance to FIPS-201 normative
    requirements.
  • Certified laboratories perform all FIPS 201
    compliance evaluations
  • OGP approves all evaluations and posts to
    Approved Product List
  • Approved Product List posted at
    http//fips201ep.cio.gov/
  • GSA/NIST identified 24 categories of
    products/services which must comply with specific
    normative requirements contained in FIPS 201
  • e.g., PIV smart cards, smart card readers,
    fingerprint scanners, fingerprint capture
    stations, facial image capture stations, card
    printing stations, etc.
  • Current product and services approvals
  • 300 products on FIPS 201 Approved Product List
  • Current certified labs
  • Atlan Laboratories, InfoGard Laboratories
  • Several more lab certifications in progress

14
Accessing the FIPS 201 Approved Products List
http//fips201ep.cio.gov
15
Where are we today?
  • 12 agencies committed to their own
    infrastructure
  • DHS, DoD, NASA, SSA, EPA, FTC, Dept. of State,
    VA, HHS, ED, DOL, NSF,
  • 100 Agencies want to share infrastructure
  • All small agencies
  • DOC, HUD, USDA, DOJ, DOI, GSA, DOE, DOT,
    Treasury, OPM, Federal Reserve, USPS, NARA, FCC
    committed
  • Shared Service Providers
  • DoD/DMDC for branches of military
  • Dept. of State -- 8 agencies serviced by State
    Dept.
  • GSA for government-wide services 70 agencies
  • GSA Roll-out
  • Shared Service pricing released 6/8/07 --
    49/seat for enrollment, 36/year for maintenance
  • GSA implemented enrollment station roll-out for
    national deployment starting in Washington DC in
    August 2007.
  • Goal is to deploy 225 shared enrollment stations
    nationwide and enroll all MSO customers (800,000
    ) by October 2008.

16
Conclusion
  • This is the THE START surface is only
    scratched
  • There is much work
  • Roll-out hundreds of enrollment stations
    nationwide
  • Issue to all users by October 2008
  • Test and Certify systems
  • Build common applications for access control and
    e-Government
  • Stabilize operations
  • Commitment to continue issuance
  • Protect and promote interoperability
  • Government procurement rules provide discipline
  • Extend to other communities Leverage
    infrastructure
  • First responders, Health Care, State and local
    governments.
  • Transportation workers (TWIC), trusted traveler
    programs

17
For More Information
  • Visit our Websites
  • http//www.idmanagement.gov
  • http//www.FedIDCard.gov
  • http//www.cio.gov/ficc
  • http//www.csrc.nist.gov/piv-project
  • Or contact
  • David Temoshok
  • Director, Identity Policy and Management
  • 202-208-7655
  • david.temoshok_at_gsa.gov
About PowerShow.com