Department of Labor HSPD-12 A guide to what you can expect from the PIV-II process Created: October 27th, 2006 Last Updated: August 20, 2007 Audio commentary included
What does this guide cover? HSPD-12 Overview and Goals (3 minutes) Personal Identity Verification (PIV) I and II (3 minutes) PIV-II Badge Technology (3 minutes) What to Expect: Process Overview (3 minutes) The following topics will be covered in this computer based training: HSPD-12 Overview and Goals Personal Identity Verification (PIV) I and II PIV-II badge Technology What to Expect: Process Overview
What is HSPD-12? Homeland Security Presidential Directive 12 (HSPD-12) is a mandate for all federal agencies. Issued August 27th, 2004, First Phase took effect October 27th, 2005, Second Phase took effect October 27th, 2006 Phase II began with new employees and contractors on 10/27/06 at Frances Perkins Building and Postal Square Building in Washington DC. By 10/27/08 Phase II will apply to all employees and contractors. President George W. Bush signed Homeland Security Presidential Directive 12 a “Policy for a Common Identification Standard for Federal Employees and Contractors” on August 27, 2004. HSPD-12 focuses on developing a Federal standard for secure and reliable forms of identification for all Federal Employees and Contractors requiring frequent access to facilities and IT systems. The National Institute of Standards and Technology, commonly referred to as NIST, developed that standard. NIST published the standard as Federal Information Processing Standards Publication 201, more commonly referred to as FIPS 201. FIPS 201, entitled Personal Identity Verification of Federal Employees and Contractors, was released in April 2005.
What are the goals of HSPD-12? Enhance security Reduce identity fraud Protect personal privacy Provide a secure and reliable form of identification HSPD–12 has four mains goals; to enhance security using two factor authentication, Reduce identity fraud by ensuring at least two federal employees participate in providing a new badge, protect personal privacy by storing information in a secure database, and to provide secure and reliable forms of identification by providing biometric authentication and leveraging smart card technology. ,
Why was HSPD-12 Implemented? Each Federal department and agency has its own standards for ID badges, which vary in consistency and security There may be several badge variations within an agency Some of the various types of government ID badges are shown on this slide. As you can see they are all unique and there is little or no standardization between agencies. Standardizing these IDs will reduce the chance of creating a false ID and simplify the process for visiting multiple secure locations within any agency.
Common ID Badge Benefits Key Benefits: Secure Identification - The ability to authenticate a person’s identity, before issuance of a badge, provides greater identity validation Standardization - Processes and technologies to determine identity and appropriate level of access will be standardized across the government The key advantages to a common ID badge are Secure Identification and Standardization. The standardization benefits come from the same process used across the government; this provides an increased level of assurance that any individual who has a PIV badge, from any federal organization, has undergone the same secure process before receiving their badge.
PIV II Badge Issuance Requirements A Sponsor is designated in order to validate that each employee or contractor requires a PIV-II badge. Rigorous identity validation is necessary to minimize identity fraud risk. Expanded background investigation is required; a minimum of a National Agency Check with Written Inquiries (NACI) and a Fingerprint Check. You are required to report theft or loss of your PIV-II badge immediately to your Sponsor. The following are the PIV-II badge Issuance requirements. Note that after your badge is issued you are required to report theft or loss of your PIV-II badge immediately to your Sponsor.
PIV-II Badge Security Features How does your PIV-II badge work? Your PIV-II badge works like your current DOL badge, with these additional security features: Smart Card Digital Certificate Smart Card Digital Certificate Biometrics: Primary and Secondary Fingerprints are stored on the badge Your PIV-II badge can be used in the same way ordinary DOL badges are used, but with additional features. The PIV-II badge is enhanced with smart card technology, has a digital certificate, and stores two fingerprint images. These security features allow the PIV-II badge to be used above and beyond the way ordinary DOL badges are used today. Biometrics
PIV-II Badge Layout New DOL PIV-II Badges will include the following features: Specific tamper-resistant features Standards that will eventually allow badges to be used throughout multiple agencies and locations; (for example, a DOL employee can be validated at a DOL building, and be allowed access to facilities and networks) Uniform print layout and design so badges can be recognized and validated. Biometrics, including fingerprints, to allow two-factor authentication when needed Standard information printed on the badge (photograph, name, Agency, employee/contractor status, expiration date) Two electronic fingerprint captures Unique badge identifier (a number specific to the actual badge) Personal Identification Number (PIN)-a number of your choosing Digital authentication certificate In addition to the features you can see on the badge, the PIV-II badges also have several other notable features, including tamper-resistant design, interoperability, uniform print layout, biometrics, including fingerprints, a PIN, and a Digital Authentication certificate
How will my information be utilized? DOL and other agencies will use the information on the PIV-II Badge and may use some of the stored information about you when you access federal facilities, computers, applications, or data to prove your identity and your right of access. After deactivation (upon separation) this information is kept for a length of time consistent with the applicable records schedule. After that time, if it is not needed for safety or security reasons, or to investigate improper behavior, it is destroyed. If you have additional questions contact your local Enrollment/Issuance center for a list of PIV-II frequently asked questions. One of the most frequently asked questions is “How will my information be utilized” DOL and other agencies will use the information on the PIV-II Badge and may use some of the stored information about you when you access federal facilities, computers, applications, or data to prove your identity and your right of access. After deactivation (upon separation) this information is kept for a length of time consistent with the applicable records schedule. After that time, if it is not needed for safety or security reasons, or to investigate improper behavior, it is destroyed. If you have additional questions contact your local Enrollment/Issuance center for a list of PIV-II frequently asked questions.
Digital Certificate Characteristics Your name A unique identification number An expiration date; A copy of the certificate holder’s public key The digital signature of the Certification Authority The digital certificate has several key characteristics including your name, a unique identification number, an expiration date, a copy of the certificate holder’s public key, and the digital signature of the Certification Authority.
Potential Digital Certificates Uses Authentication for physical or logical system access E-mail encryption Digital signature In the near future digital certificates have many other potential uses. The system may be able to authenticate a user’s identity based on the information contained in the digital certificate. Users will be able to send secure information such as passwords to other users with digital certificates. You can also use your PIV-II badge to digitally sign electronic versions of files, reducing paperwork.
Personal Identification Number (PIN) Creation and use of PIN activates your PIV-II badge The PIN provides an additional method of authentication The PIN you generate will be stored on the smart card microchip as well as in the HSPD-12 system When you are issued a PIV-II badge you will have to create a unique PIN number. The PIN number you create provides an additional method of authentication and will be stored on the smart card microchip as well as in the HSPD-12 system. This PIN may be used in the future to control your access to secure facilities and IT systems.
Biometric Information Biometric information refers to measurable physical characteristics that can automatically be checked by a device or application. PIV-II standards require two fingerprint captures to be stored on the PIV-II badge. Fingerprints are the biometric data that will be collected for PIV-II badge verification purposes. Once collected they will be captured and stored on the PIV-II badge in the smartcard chip. Fingerprints Scanned Two fingerprints captured Fingerprints stored on smartcard microchip
How Your Fingerprints Could Be Used Your fingerprint images stored on the badge can be compared to a fingerprint image captured real-time. These fingerprint scanners can be attached to a door or to a computer to control access If the real-time image matches one of the fingerprint images stored on the badge, your identity is authenticated. Fingerprints stored on badge Finger scanned via fingerprint scanner Computer matches fingerprints when accessing computers/buildings Once the fingerprints are stored on the badge, they can be compared to the fingerprints stored in the system. If the fingerprint images match the ones on your badge your identity is authenticated. Access granted if fingerprint matches
New user process to get a PIV-II badge The following steps are necessary to complete the PIV-II process The following steps are necessary to complete the PIV-II process. Each of these steps will be spelled out in detail over the next four slides.
Step 1 – Sponsorship Complete OF-306 Complete Background Investigation documents Collect PKI Certificate from Sponsor Prior to your first day you will fill out paperwork regarding your employment with DOL. If you are a DOL employee this paperwork should arrive in the mail. If you are contractor you will received this paperwork from your full time employer. This paperwork may include background investigation forms, OF-306, Declaration for Federal Employment, and the Fair Credit Reporting Release. After you complete this paperwork the Sponsor will create your record in the PIV-II system. This portion of the process is known as Sponsorship.
Step 2 – Enrollment Report to Enrollment Station for Identity Document Verification Fingerprinting Photographing Bring Employment identity documents to first day at DOL After you are Sponsored, you will be notified that you should report to the Enrollment Station. When you report, you will verify your identity documents, take your fingerprints, and get your picture taken. Remember to bring you employment identity documents to DOL the day you get Enrolled.
Step 3 – Registration DOL sends fingerprints to OPM Background Investigation Initiated DOL Receives FBI and Background Investigation results* Your fingerprints will be securely electronically sent to the FBI and the appropriate investigation will be initiated based on your job requirements. If your FBI and/or NACI results are favorable, DOL will approve your request for a PIV-II badge, and notify you to go to the Issuance station to receive a PIV-II badge. *PIV-II badge may be issued on the basis of FBI Fingerprint Check; the PIV-II badge may be revoked if further investigation makes you ineligible to receive a PIV-II badge.
Step 4 – PIV-II Badge Issuance Visit Issuance Station Verify Fingerprints Receive new PIV-II badge Upon notification of approval you will be asked to report to the Issuance Station. They will verify your fingerprints match and issue your new PIV-II Badge.
PIV I PIV-II Timeline: HSPD-12 at DOL 8/04 10/05 10/06 4/07 8/04 10/05 10/06 4/07 PIV I PIV-II PIV I Process Release 1 October 27, 2005 Frances Perkins Building & Postal Square Building October 27, 2006 New Employees & Contractors Release 2 DC Field Offices HSPD-12 was Issued August 27th, 2004. The First Phase took effect October 27th, 2005. Release one took effect October 27th, 2006, at the Postal Square Building and Frances Perkins Building in Washington DC. Release two was completed by February 28th 2007, locations includes all DC field offices. Release three will reach nine DOL regional locations in the United States. Plans are currently in process for the national rollout, release four. April 1, 2007 New Employees & Contractors Release 3 Additional DOL Sites End of FY07 65% Employees & Contractors
Questions 1. HSPD-12 applies to? All Federal Employees and long-term contractors All Department of Labor Employees Federal Contractors None of the Above 1. HSPD-12 applies to? A. All Federal Employees and long-term contractors B. All Department of Labor Employees C. Federal Contractors D. None of the Above The Correct Answer is A. All Federal Employees and long-term contractors A. All Federal Employees and long-term contractors
Questions 2. What is the first stage in the PIV-II process? Issuance Registration Enrollment Sponsorship 22. What is the first stage in the PIV-II process? Issuance Registration Enrollment Sponsorship The Correct Answer is D Sponsorship D. Sponsorship
Questions 3. What is an advantage of implementing HSPD-12? Enhance security Reduce identity fraud Provide secure and reliable forms of identification All of the above 3. What is an advantage of implementing HSPD-12 A. Enhance security B. Reduce identity fraud C. Provide secure and reliable forms of identification D. All of the above The Correct Answer is D. All of the Above D. All of the Above
Questions 4. What does HSPD-12 stand for? Highly Secretive Presence Detector 12 High Speed Physical Disk 12 Home Station Pass Document 12 Homeland Security Presidential Directive 12 4. HSPD-12 stands for? A. Highly Secretive Presence detector 12 B. High Speed Physical Disk 12 C. Home Station Pass Document 12 D. Homeland Security Presidential Directive 12 The Correct Answer is D. Homeland Security Presidential Directive 12 D. Homeland Security Presidential Directive 12
More Information More information about HSPD-12 can be found here: Find more online: www.labornet.dol.gov/html/DOL-Policy-for-PIV-Card-Issuance.htm Email the help desk: HSPD12info@dol.gov Contact your Sponsor or Enrollment/Issuance Office