Presentation on theme: "Department of Labor HSPD-12"— Presentation transcript:
1Department of Labor HSPD-12 A guide to what you can expect from the PIV-II processCreated: October 27th, 2006Last Updated: August 20, 2007Audio commentary included
2What does this guide cover? HSPD-12 Overview and Goals (3 minutes)Personal Identity Verification (PIV) I and II (3 minutes)PIV-II Badge Technology (3 minutes)What to Expect: Process Overview (3 minutes)The following topics will be covered in this computer based training:HSPD-12 Overview and GoalsPersonal Identity Verification (PIV) I and IIPIV-II badge TechnologyWhat to Expect: Process Overview
3What is HSPD-12?Homeland Security Presidential Directive 12 (HSPD-12) is a mandate for all federal agencies.Issued August 27th, 2004, First Phase took effect October 27th, 2005, Second Phase took effect October 27th, 2006Phase II began with new employees and contractors on 10/27/06 at Frances Perkins Building and Postal Square Building in Washington DC.By 10/27/08 Phase II will apply to all employees and contractors.President George W. Bush signed Homeland Security Presidential Directive 12 a “Policy for a Common Identification Standard for Federal Employees and Contractors” on August 27, HSPD-12 focuses on developing a Federal standard for secure and reliable forms of identification for all Federal Employees and Contractors requiring frequent access to facilities and IT systems.The National Institute of Standards and Technology, commonly referred to as NIST, developed that standard. NIST published the standard as Federal Information Processing Standards Publication 201, more commonly referred to as FIPS FIPS 201, entitled Personal Identity Verification of Federal Employees and Contractors, was released in April 2005.
4What are the goals of HSPD-12? Enhance securityReduce identity fraudProtect personal privacyProvide a secure and reliable form of identificationHSPD–12 has four mains goals; to enhance security using two factor authentication, Reduce identity fraud by ensuring at least two federal employees participate in providing a new badge, protect personal privacy by storing information in a secure database, and to provide secure and reliable forms of identification by providing biometric authentication and leveraging smart card technology.,
5Why was HSPD-12 Implemented? Each Federal department and agency has its own standards for ID badges, which vary in consistency and securityThere may be several badge variations within an agencySome of the various types of government ID badges are shown on this slide. As you can see they are all unique and there is little or no standardization between agencies. Standardizing these IDs will reduce the chance of creating a false ID and simplify the process for visiting multiple secure locations within any agency.
6Common ID Badge Benefits Key Benefits:Secure Identification - The ability to authenticate a person’s identity, before issuance of a badge, provides greater identity validationStandardization - Processes and technologies to determine identity and appropriate level of access will be standardized across the governmentThe key advantages to a common ID badge are Secure Identification and Standardization. The standardization benefits come from the same process used across the government; this provides an increased level of assurance that any individual who has a PIV badge, from any federal organization, has undergone the same secure process before receiving their badge.
7PIV II Badge Issuance Requirements A Sponsor is designated in order to validate that each employee or contractor requires a PIV-II badge.Rigorous identity validation is necessary to minimize identity fraud risk.Expanded background investigation is required; a minimum of a National Agency Check with Written Inquiries (NACI) and a Fingerprint Check.You are required to report theft or loss of your PIV-II badge immediately to your Sponsor.The following are the PIV-II badge Issuance requirements. Note that after your badge is issued you are required to report theft or loss of your PIV-II badge immediately to your Sponsor.
8PIV-II Badge Security Features How does your PIV-II badge work?Your PIV-II badge workslike your current DOLbadge, with these additional security features:Smart CardDigital CertificateSmart CardDigital CertificateBiometrics: Primary and Secondary Fingerprints are stored on the badgeYour PIV-II badge can be used in the same way ordinary DOL badges are used, but with additional features. The PIV-II badge is enhanced with smart card technology, has a digital certificate, and stores two fingerprint images. These security features allow the PIV-II badge to be used above and beyond the way ordinary DOL badges are used today.Biometrics
9PIV-II Badge Layout New DOL PIV-II Badges will include the following features:Specific tamper-resistant featuresStandards that will eventually allow badges to be used throughout multiple agencies and locations; (for example, a DOL employee can be validated at a DOL building, and be allowed access to facilities and networks)Uniform print layout and design so badges can be recognized and validated.Biometrics, including fingerprints, to allow two-factor authentication when neededStandard information printed on the badge (photograph, name, Agency, employee/contractor status, expiration date)Two electronic fingerprint capturesUnique badge identifier (a number specific to the actual badge)Personal Identification Number (PIN)-a number of your choosingDigital authentication certificateIn addition to the features you can see on the badge, the PIV-II badges also have several other notable features, including tamper-resistant design, interoperability, uniform print layout, biometrics, including fingerprints, a PIN, and a Digital Authentication certificate
10How will my information be utilized? DOL and other agencies will use the information on the PIV-II Badge and may use some of the stored information about you when you access federal facilities, computers, applications, or data to prove your identity and your right of access.After deactivation (upon separation) this information is kept for a length of time consistent with the applicable records schedule. After that time, if it is not needed for safety or security reasons, or to investigate improper behavior, it is destroyed.If you have additional questions contact your local Enrollment/Issuance center for a list of PIV-II frequently asked questions.One of the most frequently asked questions is “How will my information be utilized”DOL and other agencies will use the information on the PIV-II Badge and may use some of the stored information about you when you access federal facilities, computers, applications, or data to prove your identity and your right of access.After deactivation (upon separation) this information is kept for a length of time consistent with the applicable records schedule. After that time, if it is not needed for safety or security reasons, or to investigate improper behavior, it is destroyed.If you have additional questions contact your local Enrollment/Issuance center for a list of PIV-II frequently asked questions.
11Digital Certificate Characteristics Your nameA unique identification numberAn expiration date;A copy of the certificate holder’s public keyThe digital signature of the Certification AuthorityThe digital certificate has several key characteristics including your name, a unique identification number, an expiration date, a copy of the certificate holder’s public key, and the digital signature of the Certification Authority.
12Potential Digital Certificates Uses Authentication for physical or logical system accessencryptionDigital signatureIn the near future digital certificates have many other potential uses. The system may be able to authenticate a user’s identity based on the information contained in the digital certificate. Users will be able to send secure information such as passwords to other users with digital certificates. You can also use your PIV-II badge to digitally sign electronic versions of files, reducing paperwork.
13Personal Identification Number (PIN) Creation and use of PIN activates your PIV-II badgeThe PIN provides an additional method of authenticationThe PIN you generate will be stored on the smart card microchip as well as in the HSPD-12 systemWhen you are issued a PIV-II badge you will have to create a unique PIN number. The PIN number you create provides an additional method of authentication and will be stored on the smart card microchip as well as in the HSPD-12 system. This PIN may be used in the future to control your access to secure facilities and IT systems.
14Biometric Information Biometric information refers to measurable physical characteristics that can automatically be checked by a device or application.PIV-II standards require two fingerprint captures to be stored on the PIV-II badge.Fingerprints are the biometric data that will be collected for PIV-II badge verification purposes. Once collected they will be captured and stored on the PIV-II badge in the smartcard chip.Fingerprints ScannedTwo fingerprints capturedFingerprints stored on smartcard microchip
15How Your Fingerprints Could Be Used Your fingerprint images stored on the badge can be compared to a fingerprint image captured real-time. These fingerprint scanners can be attached to a door or to a computer to control accessIf the real-time image matches one of the fingerprint images stored on the badge, your identity is authenticated.Fingerprints stored on badgeFinger scanned via fingerprint scannerComputer matches fingerprints when accessing computers/buildingsOnce the fingerprints are stored on the badge, they can be compared to the fingerprints stored in the system. If the fingerprint images match the ones on your badge your identity is authenticated.Access granted if fingerprint matches
16New user process to get a PIV-II badge The following steps are necessary to complete the PIV-II processThe following steps are necessary to complete the PIV-II process. Each of these steps will be spelled out in detail over the next four slides.
17Step 1 – Sponsorship Complete OF-306 Complete Background Investigation documentsCollect PKI Certificate from SponsorPrior to your first day you will fill out paperwork regarding your employment with DOL. If you are a DOL employee this paperwork should arrive in the mail. If you are contractor you will received this paperwork from your full time employer. This paperwork may include background investigation forms, OF-306, Declaration for Federal Employment, and the Fair Credit Reporting Release.After you complete this paperwork the Sponsor will create your record in the PIV-II system. This portion of the process is known as Sponsorship.
18Step 2 – Enrollment Report to Enrollment Station for Identity Document VerificationFingerprintingPhotographingBring Employment identity documents to first day at DOLAfter you are Sponsored, you will be notified that you should report to the Enrollment Station. When you report, you will verify your identity documents, take your fingerprints, and get your picture taken.Remember to bring you employment identity documents to DOL the day you get Enrolled.
19Step 3 – Registration DOL sends fingerprints to OPM Background Investigation InitiatedDOL Receives FBI and Background Investigation results*Your fingerprints will be securely electronically sent to the FBI and the appropriate investigation will be initiated based on your job requirements.If your FBI and/or NACI results are favorable, DOL will approve your request for a PIV-II badge, and notify you to go to the Issuance station to receive a PIV-II badge.*PIV-II badge may be issued on the basis of FBI Fingerprint Check; the PIV-II badge may be revoked if further investigation makes you ineligible to receive a PIV-II badge.
20Step 4 – PIV-II Badge Issuance Visit Issuance StationVerify FingerprintsReceive new PIV-II badgeUpon notification of approval you will be asked to report to the Issuance Station. They will verify your fingerprints match and issue your new PIV-II Badge.
21PIV I PIV-II Timeline: HSPD-12 at DOL 8/04 10/05 10/06 4/07 8/04 10/05 10/06 4/07PIV IPIV-IIPIV I ProcessRelease 1October 27, 2005Frances Perkins Building& Postal Square BuildingOctober 27, 2006New Employees & ContractorsRelease 2DC Field OfficesHSPD-12 was Issued August 27th, The First Phase took effect October 27th, Release one took effect October 27th, 2006, at the Postal Square Building and Frances Perkins Building in Washington DC. Release two was completed by February 28th 2007, locations includes all DC field offices. Release three will reach nine DOL regional locations in the United States. Plans are currently in process for the national rollout, release four.April 1, 2007New Employees & ContractorsRelease 3Additional DOL SitesEnd of FY0765% Employees & Contractors
22Questions 1. HSPD-12 applies to? All Federal Employees and long-term contractorsAll Department of Labor EmployeesFederal ContractorsNone of the Above1. HSPD-12 applies to?A. All Federal Employees and long-term contractorsB. All Department of Labor EmployeesC. Federal ContractorsD. None of the AboveThe Correct Answer is A. All Federal Employees and long-term contractorsA. All Federal Employees and long-term contractors
23Questions 2. What is the first stage in the PIV-II process? Issuance RegistrationEnrollmentSponsorship22. What is the first stage in the PIV-II process?IssuanceRegistrationEnrollmentSponsorshipThe Correct Answer is D SponsorshipD. Sponsorship
24Questions 3. What is an advantage of implementing HSPD-12? Enhance securityReduce identity fraudProvide secure and reliable forms of identificationAll of the above3. What is an advantage of implementing HSPD-12A. Enhance securityB. Reduce identity fraudC. Provide secure and reliable forms of identificationD. All of the aboveThe Correct Answer is D. All of the AboveD. All of the Above
25Questions 4. What does HSPD-12 stand for? Highly Secretive Presence Detector 12High Speed Physical Disk 12Home Station Pass Document 12Homeland Security Presidential Directive 124. HSPD-12 stands for?A. Highly Secretive Presence detector 12B. High Speed Physical Disk 12C. Home Station Pass Document 12D. Homeland Security Presidential Directive 12The Correct Answer is D. Homeland Security Presidential Directive 12D. Homeland Security Presidential Directive 12
26More Information More information about HSPD-12 can be found here: Find more online:the help desk:Contact your Sponsor or Enrollment/Issuance Office