Presentation is loading. Please wait.

Presentation is loading. Please wait.

Homeland Security Presidential Directive-12 (HSPD-12)

Published byAmi Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "Homeland Security Presidential Directive-12 (HSPD-12)"— Presentation transcript:

1 Homeland Security Presidential Directive-12 (HSPD-12)
Previously Known As E-Authentication/Smart Card

2 Prior to HSPD 12 My Background- DOI Senior Consultant
BLM Lead Bureau – biz process reinvention DOD/DOI partnership (eg ; initial aggregate buy) Interagency Advisory Board ( IAB) GSC 2.1 (especially contactless chip)

3 HSPD-12 Policy Directs a Common Identification Standard* for Federal Employees and Contractors with Unescorted Access to Federal Facilities and Access to Networks and Systems *Referred to as the Personal Identity Verification (PIV) Card

4 HSPD-12 (Con’t.) One of the largest collaborative efforts in Government with leadership through the Interagency Advisory Board (IAB) National Institute for Standards and Technology (NIST) General Services Administration (GSA) Office of Management & Budget (OMB) Private Sector Partners Enabling a common Government Information Technology (IT) architecture The DOI team played a prominent role over the last 5 years

5 HSPD-12 Program Team Senior Executive Sponsor- Larry Parkinson
Program Manager- Bob Donelson Project Management- David Belchick Organizational Leads OLES- Glenn Smith OCIO- Hap Huynh HR- Beres Muschett PIV/E-process- Andrew Goldsmith Privacy- Marilyn Legnini Budget- Tricia Hall PAM- Willie Davis Records- Ed McCeney

6 Synergy to Success Intra-discipline Workgroups HR Executive Leadership
CFO PHYSICAL SECURITY LOGICAL SECURITY Inter-discipline Workgroups Legal / Privacy Advocate Program Managers Site Managers Procurement (Contracts) Inspector General

7 HSPD-12 Control Objectives
Secure and reliable forms of identification Issued based on sound criteria for verifying an individual employee's identity Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation Can be rapidly authenticated electronically Issued only by providers whose reliability has been established by an official accreditation process 2

8 FIPS 201 REQUIREMENTS: Phased-implementation In Two parts
HSPD-12 Policy FIPS 201 REQUIREMENTS: Phased-implementation In Two parts Part 1 – Common Identification and Security Requirements HSPD-12 control objectives Identity proofing, registration and issuance requirements (revised from November draft) Effective October 2005 Part 2 - Common Interoperability Requirements Detailed technical specifications Most elements (revised) of October preliminary draft No set deadline for implementation in PIV standard Migration Timeframe (i.e., Phase I to II) Agency implementation plans to OMB before July 2005 OMB to develop schedule

9 HSPD-12 Current Status OMB-300 and business case complete for E-Authentication/Smart Card Gap analysis underway to change to HSPD-12 OMB-300 for 2007 HSPD-12 plan due to OMB June 27 E-Authentication project plan is being revised for HSPD-12 to meet target due dates

10 Identity Verification
PIV Identity Verification and Issuance Approval Authority 1 2 3 1:n biometric search Confirm employment NACI or Equivalent ID Validation through standard government wide services Government DB’s Threat risk Identity Verification Employer/ Sponsorship 5 FPPS Employee Application Employee and Contractor Enrolls HR 6 HR 4 Enrollment 725 Physical Access Database OLES PIV/E-process/HR 7 Card Production & Personalization Black Arrows: Links exist today Orange Arrows: Links partially exist today Red Arrows: Links do not exist today Centralized SSP Cert Issuance OCIO Other DOI Organizations: Privacy, Records, Budget, PAM

11 HSPD-12 Technical Current Status
Have Web based E-process architecture in place for enrollment(#1-4) Provides secure, paperless in-processing of employees/contractors Plan to use FPPS as HR system of record for unique employee ID numbers (#5) Selected Enterprise Physical Access system (#7) AMAG 725, currently starting C&A process Public Key Infrastructure (PKI) Shared Service Provider (SSP) selected (#7) Central printing and card provisioning must be in place to be successful Policy Gaps are being identified and drafted OMB is asking either Shared Service Provisioning or acquisition by a SSP similar to the Payroll Model Current DOI roles mapped to new HSPD-12 roles by 1 August

12 HSPD-12 PIV Workflow

13 HSPD-12 Guidance Supporting Publications
SP – Interfaces for Personal Identity Verification (card interface commands and responses) SP – Biometric Data Specification for Personal Identity Verification SP – Recommendation for Cryptographic Algorithms and Key Sizes Future SP – Issuer Accreditation Guideline NIST PIV Website ( Draft Documents Frequently Asked Questions (FAQs) Comments Received in Original Format Forthcoming Planned Guidance OMB Guidance (Policy) { FICC Guidance (Implementation – Identity Management Handbook) { NIST Guidance on Certification and Accreditation

14 HSPD-12 Policies Existing OCIO Memo 2004-008
Freezes purchases on ID cards that do not conform to standard Requires all new PCs to include a smart card reader Recently Issued OLES Policies Released Policy Memo 1: Sets standard DOI Card Design based on FIPS 201 Policy Memo 2: Sets minimum threshold for physical access readers Readers will be situated along with security guards at all operational access points to National Critical Infrastructures and Security Level IV facilities. At the discretion of each Bureau, card readers may be located at other facilities or sections there of. C&A must be done on all physical access systems. Facilities that are not immediately moving to the FIPS 201 card can continue to use their current ID card system for access to a building. However, these can not be used for visual ID and cannot have anything printed on them. Full implementation to be completed by the end of fiscal year 08.

15 Joint Federal Committee Requirement
NCR “Incident Snapshot” Sep 11, 2001 Terrorist attack on Pentagon Anthrax crisis Sniper incident W. Wilson Bridge “rush-hour” attempted suicide Washington Monument “tractor man” 2005 Anthrax scare May 11, 2005 “no fly zone” violation ALL LACKED FEDERAL/STATE/LOCAL MULTI-JURISDICTIONAL “COMMON IDENTITY TRUST”

16 Emergency Management Community
Targeted Population Federal Community Fire and Rescue Community Transportation / HAZMAT Community Medical Community Emergency Management Community Infrastructure Community State Community Military / National Guard Local Community Retail Community Force Protection Community Volunteer Community Resident / Tribal / NGO Community

17 National Interoperability
Credential Issuers Privileged Lists Compressed, Signed Validation Lists Authorization Handhelds ID Cards *CRLs (produced and synchronized every 24 hours at minimum) Trusted:… Valid DoD CAC DoD / DHS / DOI Trusted:… Valid Other Federal/State/Local Trusted:… Valid Validation Authority NCR Governments Trusted:… Valid Other Issuer *CRLs – certificate revocation lists

18 Questions and Comments
Please Contact: Bob Donelson HSPD-12 Program Manager Phone:

19 Office of National Capital
Questions? Office of National Capital Region Coordination Craig A. Wilson Program Manager (office) (cell)

Download ppt "Homeland Security Presidential Directive-12 (HSPD-12)"

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
June 27, 2005 Preparing your Implementation Plan.

June 27, 2005 Preparing your Implementation Plan.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.

Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Brian Epley, VA PIV Program Manager

Brian Epley, VA PIV Program Manager
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.

1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Issuers.

U.S. Department of Agriculture HSPD 12 Program HSPD 12 Personal Identity Verification (PIV) I Core Training: Issuers.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12

Department of Labor HSPD-12
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
1/13/05NCASSR PNNL Visit1 Security Tools Area Overview, Credential Management Services, and the PKI Testbed Jim Basney Senior Research Scientist

1/13/05NCASSR PNNL Visit1 Security Tools Area Overview, Credential Management Services, and the PKI Testbed Jim Basney Senior Research Scientist
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Similar presentations

Ads by Google