News Manager Archive - Your Complete Source for GSA Approved Identity Products - FIPS201.com https://www.fips201.com/news-item/ Just another WordPress site Thu, 21 Jan 2016 14:20:23 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Slides from April 24 IAB meeting online now https://www.fips201.com/news-item/april-24-iab-slides/ Mon, 29 Apr 2013 11:58:00 +0000 http://104.131.58.181/news-item/april-24-iab-slides/ The April meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a […]

The post Slides from April 24 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
IAB AudioThe April meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).


Government Smart Card Interagency Advisory Board (IAB) Meeting

Audio was not available for this meeting

  • Opening Remarks
  • A Security Industry Association (SIA) Perspective on the Cost and Methods for Migrating PACS Systems to Use PIV and PKI as Relying PartiesSteve Van Till, SIAPDF: click here
  • Update on FIPS 201-2 and Associated PublicationsHildy Ferraiolo NISTPDF: click here
  • What the SCA is Doing to Increase Adoption of Strong Credentials – Government ID Training, PIV-I Implementation, and Interoperable CredentialsPanel Discussion of SCA membershipPDF: click here
  • Closing Remarks

The post Slides from April 24 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Audio from February 27 IAB meeting online now https://www.fips201.com/news-item/february-27-iab-audio/ Thu, 14 Mar 2013 09:35:00 +0000 http://104.131.58.181/news-item/february-27-iab-audio/ The February meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a […]

The post Audio from February 27 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
IAB AudioThe February meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).


Government Smart Card Interagency Advisory Board (IAB) Meeting

  • Opening Remarks

    MP3: click here

  • Discussion on Revisions Contained in Draft SP 800-63-2

    Bill Burr, NIST

    PDF: click here

    MP3: click here

  • The Objectives and Status of Modern Physical Access Working Group (MPAWG)

    Will Morrison and J’son Tyson, MPAWG Co-Chair

    PDF: click here

    MP3: click here

  • Overview of PACS Specification from the Security Industry Association (SIA) to Include All PIV Functionality

    Rob Zivney, Chair of the SIA PIV Working Group and Vice Chair of the Standards Committee

    PDF: click here

    MP3: click here

  • Closing Remarks

The post Audio from February 27 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Entrust receives FIPS 201, 140 certifications https://www.fips201.com/news-item/entrust-receives-fips-201-140-certifications/ Tue, 12 Feb 2013 13:15:00 +0000 http://104.131.58.181/news-item/entrust-receives-fips-201-140-certifications/ Entrust Inc. finalized a pair of government approvals with FIPS 201 and FIPS 140 certifications for the company’s PIV smart card credential technology, which was reviewed, tested and certified by the National Institute of Standards and Technology. These certifications demonstrate interoperability with established NIST standards. To ensure a seamless deployment, many organizations will only purchase […]

The post Entrust receives FIPS 201, 140 certifications appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Entrust Inc. finalized a pair of government approvals with FIPS 201 and FIPS 140 certifications for the company’s PIV smart card credential technology, which was reviewed, tested and certified by the National Institute of Standards and Technology.

These certifications demonstrate interoperability with established NIST standards. To ensure a seamless deployment, many organizations will only purchase solutions that carry certain certifications.

Based on standards set by the U.S. government, these certifications help ensure interoperability by vetting protocol conformance for smart cards – FIPS 201 – and testing cryptography strengths – FIPS 140. These approvals complement and support Entrust’s existing Common Criteria EAL 5 certification.

Reviewed by the NIST PIV Platform Validation Authority, FIPS 201 certification focuses on interoperability between the PIV application and other parts of the PIV solution, including physical access readers and logical access clients. The strict certification also verifies the smart card can withstand many years of rigorous wear and tear.

FIPS 140 certification ensures a solution meets or exceeds U.S. government security standards that specify requirements for cryptography modules and physical tamper-resistance. An example includes testing the elliptic curve cryptography implementation used within the solution.

The post Entrust receives FIPS 201, 140 certifications appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
PIV-enabling google apps https://www.fips201.com/news-item/piv-enabling-google-apps/ Mon, 28 Jan 2013 13:30:00 +0000 http://104.131.58.181/news-item/piv-enabling-google-apps/ NASA aims for the cloud Andrew Hudson, Contributing Editor, Avisian Publications NASA and Google are enabling government employees to access networks more conveniently and securely using their agency-issued Personal Identity Verification (PIV) cards. “NASA has been running a pilot with Google Apps for Government for more than a year,” says Tim Baldridge, former NASA ICAM […]

The post PIV-enabling google apps appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>

NASA aims for the cloud

Andrew Hudson, Contributing Editor, Avisian Publications

NASA and Google are enabling government employees to access networks more conveniently and securely using their agency-issued Personal Identity Verification (PIV) cards.

“NASA has been running a pilot with Google Apps for Government for more than a year,” says Tim Baldridge, former NASA ICAM Solutions Architect who presented the pilot at an Interagency Advisory Board meeting.

The pilot–open to 600 IT personnel at the agency–enables NASA users to connect to Google Apps for Government using their existing PIV smart card for access to networks and accounts.

Incorporating NASA’s user interface–NASA Access Launchpad–the initiative increases authentication security and convenience while taking advantage of the Federal ICAM architecture.

“The Launchpad is a customized front-end program that we’ve built around Oracle Open SSO,” explains Baldridge. “The user interface is based on the four mechanisms in place: Windows Desktop single sign on, username and password, RSA token and Level of Assurance 3/PIV.”

The pilot configuration is mindful of the stringent conformance demands that can sometimes befall verification initiatives. “Google Apps is a SAML 2.0 capable ‘software as a service’ offering,” says Baldridge. The Access Launchpad uses SAML 2.0 but, he notes, the version recently put into production supports OpenID as well.

OpenID is an interest for future consideration for NASA though not currently incorporated in the Google Apps pilot. Baldridge makes it clear that the pilot initiative is not a final product. “We do not put any sensitive data up on the pilot,” explains Baldridge. “The pilot hasn’t gone through all the FISMA conformance, so everybody knows to treat this as low assurance.”

What does Google offer?

The NASA pilot is using four components–documents, sites, groups and contacts–of the Google Apps offering, explains Baldridge. Google Apps also features email and calendar support though NASA has foregone these applications in favor of its own mail and calendar functions based on Microsoft Exchange.

The pilot enables verification on a number of levels. The Access Launchpad logon screen will accept username and password, smart card and RSA tokens as credentials, says Baldridge.

Access to the service is simple. The user goes to Google Apps, is given a redirect back to NASA’s Launchpad token service and based on the login, an assertion is generated, explains Baldridge. “The Launchpad also has an implementation that includes Windows desktop single sign on,” he adds.

The post PIV-enabling google apps appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
HID buys Codebench https://www.fips201.com/news-item/hid-buys-codebench/ Tue, 08 Jan 2013 13:28:00 +0000 http://104.131.58.181/news-item/hid-buys-codebench/ HID Global announced it acquired Codebench, a provider of physical security identity management focusing on the government sector. The acquisition brings together two offerings in validation software and solutions for government credentials and will enable HID Global to offer solutions that ease deployment for its federal agency and contractor customers. The Codebench offering joins HID […]

The post HID buys Codebench appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
HID Global announced it acquired Codebench, a provider of physical security identity management focusing on the government sector. The acquisition brings together two offerings in validation software and solutions for government credentials and will enable HID Global to offer solutions that ease deployment for its federal agency and contractor customers.

The Codebench offering joins HID Global’s federal identity portfolio and will enable the company to give customers a one-stop-shop to upgrade their physical access control system in accordance with FIPS-201 guidelines for PIV.

The addition of Codebench’s portfolio will also enhance HID Global’s capability to offer Transportation Worker Identification Card solutions as well as more complete PACS integration capabilities and to extend these capabilities into HID Global’s identity assurance Card Management System appliance.

The acquisition will also enable HID Global to serve the emerging market for commercial identity verification (CIV) using the same technologies as PIV for broader applications in health care, local and state government, first responder groups, and a broad range of other organizations. Additionally, the acquisition positions HID to move strong authentication beyond logical access control at the desktop.

Codebench remains located in Coconut Creek, Fla. and the company’s products, executives and staff become part of HID Global’s Identity Access Management (IAM) business.

The post HID buys Codebench appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Army Reserve upgrades physical access control https://www.fips201.com/news-item/army-reserve-upgrades-physical-access-control/ Mon, 07 Jan 2013 13:33:00 +0000 http://104.131.58.181/news-item/army-reserve-upgrades-physical-access-control/ Puts PIV to use with an eye toward standard’s revisions Jill Jaracz, Contributing Editor, Avisian Publications The mandate to achieve FIPS 201 compliance means that many government departments and agencies must upgrade their access control systems. In 2012, the U.S. Army Reserve Control (USARC) achieved their upgrade with the help of Monitor Dynamics’ FICAM Platform. […]

The post Army Reserve upgrades physical access control appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Puts PIV to use with an eye toward standard’s revisions

Jill Jaracz, Contributing Editor, Avisian Publications

The mandate to achieve FIPS 201 compliance means that many government departments and agencies must upgrade their access control systems. In 2012, the U.S. Army Reserve Control (USARC) achieved their upgrade with the help of Monitor Dynamics’ FICAM Platform.

Before the upgrade, the Army Reserve relied on proximity and magnetic stripe technologies. This is what most Department of Defense and civilian U.S. federal government agencies still use, says Mike Garcia, vice president of marketing and business development at Monitor Dynamics.

“HSPD-12 and FIPS 201 have been around for seven and five years respectively, and while we have a great number of the high assurance ‘keys’ deployed, we have not seen the same uptick in physical access systems or ‘locks.’ The Defense Department with its physical access control requirements and now the entire federal government with OMB M-11-11 has created a compliance mandate for high-assurance locks–or physical access control systems–and we are beginning to see a huge increase in demand for compliant locks,” says Garcia.

Finding FIPS 201 compliant systems is actually one of the challenges in complying with the mandate. The standard defines the credential and various component parts but it does not define the overall physical access control system.
To answer that question, the Army Reserve started with future proofing in mind, Garcia says. They sought FIPS 201-2 compliance considering potential modifications to the existing standard in their choice of access control systems. The Army Reserve opted for a system that could comply with government mandates requiring electronic validation of PIV credentials and also could meet future standards.

To that end, the Army Reserve chose Monitor Dynamics’ Trusted FICAM Platform.

“The command and control center software manages everything in the field globally,” says Garcia. “From the head-end of the physical access control system, which is usually located at the headquarters on the main server, you have administrator privileges and rights to control the rest of the field hardware, computers and other devices.”

The system enables the Army Reserve to use Defense Department-issued Common Access Cards for logical and physical access control in a unified system delivering PKI at the reader, says Garcia. The multi-factor authentication requirements of the system make it impossible for anyone other than the cardholder to gain access. This prevents security breaches due to lost, stolen, manipulated, invalid, copied and revoked cards or cards that have no trusted path, says Garcia.

The Army Reserve can provision PIV and PIV-I cards from other issuers into their physical access control system, says Garcia. “One of the biggest problems in physical access control system is visitor management. The ability to understand that an individual is who they claim to be and they are still employed is a quantum leap in security over current conditions,” says Garcia. “The access privileges to the building are still granted and managed locally, but it is with a higher assurance.”

The Army Reserve granted contracts on a facility-by-facility basis. During the past two years, Monitor Dynamics has been installing systems in locations across the nation. To date, the Trusted FICAM Platform has been implemented in more than 40 locations.

Upon implementation, the Army Reserve then works with CertiPath to perform a site certification based on CertiPath’s checklist and testing methodology. CertiPath conducts the system level testing on the Trusted FICAM Platform by taking the PIV/PIV-I capable components and testing them as a complete system against FICAM controls encompassing both security and usability. CertiPath tests the head end server, validation client, secure controller, physical access control panels and card readers at the door using both external cards and CertiPath’s proprietary threat-specific cards.

To use the system, a person presents a Common Access Card, PIV or PIV-I- smart card to a two-factor or three-factor FIPS 201 approved reader at the door. The user then inputs a PIN and/or scans an index finger.

The system checks the various factors against the credential and the information on the card’s chip. If one factor doesn’t match, the person is denied entry at the door. If the factors do match, the system verifies the person against the revocation list.

If the Certificate Authority deems the digital certification the card to be invalid, be it expired, lost, stolen or fake, it’s denied. If it’s a valid match, the Certificate Authority sends it on to the physical access control systems head-end to make the entry and exit decision at the door.

The entire authentication and validation process takes 2.5 to 3 seconds on the FICAM system, including the time needed to enter a PIN, says Garcia.

Getting users used to the new system was a bit of a challenge for some. Army Reserve personnel also had to get used to employing two and three factors for authentication. Having to learn this new process and remember a PIN proved to be a complicated adjustment for some who had been using the prior system for many years, says Garcia.

System administrators also had to get used to a new enrollment system with FICAM. The learning curve can cause a bottleneck in the short term but becomes easier over time, says Garcia. Likewise, a more complicated badge means a more involved badging system. In the old system, administrators could take a picture, issue a badge and hand it to the person.

FIPS 201 has more security requirements that administrators must abide by when issuing badges, says Garcia. “These challenges can all be addressed with training and repetition,” says Garcia. “And when compared to prior systems that run two wires to a reader and enroll a proximity card, the benefits and security are much greater.”

The post Army Reserve upgrades physical access control appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Audio from December 5 IAB meeting online now https://www.fips201.com/news-item/december-5-iab-audio/ Mon, 10 Dec 2012 10:46:00 +0000 http://104.131.58.181/news-item/december-5-iab-audio/ The December meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a […]

The post Audio from December 5 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
IAB AudioThe December meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).


Government Smart Card Interagency Advisory Board (IAB) Meeting

  • Opening Remarks

    MP3: click here

  • The State Identity Credential and Access Management Guidance and Roadmap (SICAM)

    Chad Grant, NASCIO

    PDF: click here

    MP3: click here

  • PIV and PIV-I Use in Health IT Relying Party Systems

    Mike Magrath, Gemalto

    PDF: click here

    MP3: click here

  • Briefing on Draft NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices

    Andy Regenscheid, NIST

    PDF: click here

    MP3: click here

  • Cloud-Sourcing Public Key Enablement

    Jeff Nigriny, Certipath

    PDF: click here

    MP3: click here

  • Closing Remarks

The post Audio from December 5 IAB meeting online now appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Belkin smart card reader FIPS 201 certified https://www.fips201.com/news-item/belkin-smart-card-reader-fips-201-certified/ Fri, 16 Nov 2012 10:41:00 +0000 http://104.131.58.181/news-item/belkin-smart-card-reader-fips-201-certified/ Belkin Enterprise announced that its USB Smart Card and Common Access Card Reader is FIPS 201 compliant and listed on the GSA FIPS 201 Products List. Belkin’s USB Smart Card and CAC Reader is designed for government applications. Offering a range of smart card compatibility, including Class A, B, C, the Belkin Smart Card Reader […]

The post Belkin smart card reader FIPS 201 certified appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Belkin Enterprise announced that its USB Smart Card and Common Access Card Reader is FIPS 201 compliant and listed on the GSA FIPS 201 Products List. Belkin’s USB Smart Card and CAC Reader is designed for government applications.

Offering a range of smart card compatibility, including Class A, B, C, the Belkin Smart Card Reader features a compact, tamper-resistant design for one-handed card insertion.

Designed to support smart cards meeting ISO 7816 standards, which include the Common Access Card and PIV, the Belkin Smart Card Reader has been built to assure high security for government applications. Its unibody enclosure works to eliminate entry points and prevent physical electronic tampering. All firmware is in ROM (read only memory) to assure no risk of alteration.

The post Belkin smart card reader FIPS 201 certified appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Suprema fingerprint live scanners receive FIPS 201 certification https://www.fips201.com/news-item/suprema-fingerprint-live-scanners-receive-fips-201-certification/ Mon, 05 Nov 2012 12:39:00 +0000 http://104.131.58.181/news-item/suprema-fingerprint-live-scanners-receive-fips-201-certification/ Biometric and identification specialists Suprema have announced that their latest fingerprint live scanner has been fully tested and has attained certification from the Federal Bureau of Investigation (FBI) for meeting FIPS 201 standards. FIPS 201 certification imposes thorough requirements on the image quality of fingerprint capturing devices for authentication of government employees and contractors. Three […]

The post Suprema fingerprint live scanners receive FIPS 201 certification appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>

Biometric and identification specialists Suprema have announced that their latest fingerprint live scanner has been fully tested and has attained certification from the Federal Bureau of Investigation (FBI) for meeting FIPS 201 standards.

FIPS 201 certification imposes thorough requirements on the image quality of fingerprint capturing devices for authentication of government employees and contractors.

Three Suprema printer models have attained FIPS 201 certification— the RealScan-G10, RealScan-D and RealScan-G1.

The RealScan-G10 is a ten-print live scanner that captures slaps, two thumbs and single flat/rolled fingerprint images. The RealScan-G10 also has FBI IQS Appendix F certification and features an IP54-rated durable structure.

The RealScan-D is also an FBI IQS Appendix F certified device, but is a portable live scanner, which captures dual fingerprint, single flat and rolled fingerprint images.

Rounding out the FIPS 201 certified devices if the RealScan-G1— the latest addition to the company’s line of fingerprint live scanners. The RealScan-G1 features a high-precision, durable optical structure, captures 500dpi images, is IP54-rated and features a dust and waterproof structure.

The post Suprema fingerprint live scanners receive FIPS 201 certification appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>
Magicard’s Prima 4 certified by FIPS 201 https://www.fips201.com/news-item/magicards-prima-4-certified-by-fips-201/ Wed, 24 Oct 2012 10:25:00 +0000 http://104.131.58.181/news-item/magicards-prima-4-certified-by-fips-201/ Ultra Electronics Card Systems— creator of the Magicard series of ID card printers— has announced that its Prima 4 reverse transfer printer has completed the U.S. General Services Administration (GSA) Evaluation for card printers. Completion of the GSA evaluation means that the Prima 4 card printer will be added to the GSA Approved Product List […]

The post Magicard’s Prima 4 certified by FIPS 201 appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>

Ultra Electronics Card Systems— creator of the Magicard series of ID card printers— has announced that its Prima 4 reverse transfer printer has completed the U.S. General Services Administration (GSA) Evaluation for card printers.

Completion of the GSA evaluation means that the Prima 4 card printer will be added to the GSA Approved Product List (APL) for the FIPS 201 Specification. Magnetic stripe as well as a range of smart card encoding options are supported on the printer, producing both standard and customized holographic print options.

Reinforcing secure card issuance with a combination of inline and post-printing options, the Prima 4 uses ultra-violet images or text and can be outfitted with over-laminates for added durability and security. FIPS 201 compliance means that the printer solution can be used or secure issuance in any number of Federal, state or local agencies.

Published in the wake of the Homeland Security Presidential Directive 12 (HSPD-12) – which mandated a common ID credential for physical and logical access to Federal facilities and information systems— FIPS 201 outlines the identity testing, enrollment and issuance requirements for a common identity credential.

Ultra Electronics Card Systems has been producing its Magicard line of card printers for more than 18 years. The company offers solutions that are trusted and employed by hundreds of governmental agencies and private sector firms alike.

The post Magicard’s Prima 4 certified by FIPS 201 appeared first on Your Complete Source for GSA Approved Identity Products - FIPS201.com.

]]>