Your Complete Source for GSA Approved Identity Products: Category News

Identity Stronghold featured in 'The Day The Earth Stood Still'

FIPS 201 Administrator — Mon, 05 Jan 2009 10:08:00 -0500

Identity Stronghold had several shots of its security products featured in the movie, “The Day The Earth Stood Still,” produced by 20th Century Fox.

The RFID blocking badge holders used in the movie are used by several United States government agencies to protect data held on contactless smart cards from unauthorized access.

Identity Stronghold product shielding characteristics have been tested and approved for government use by the National Institute of Standards and Technology and they are listed on the GSA Approved Product List for FIPS 201.

Lockheed taps Intercede for credential management

FIPS 201 Administrator — Tue, 16 Dec 2008 09:06:00 -0500

Intercede, the producer of credential management systems, announced that Intercede’s MyID system has been selected by Lockheed Martin to power the Lockheed Martin Assured Identity Program. Under this program, 140,000 smart card identity badges will be issued to Lockheed Martin employees. The credentials will be FIPS 201 compliant.

The initial orders under this contract will make a material contribution to Intercede’s sales revenue during the current financial year and further orders are anticipated in future periods. These orders are additional to that announced by Intercede earlier this year.

Audio from December 2 IAB meeting online now

FIPS 201 Administrator — Thu, 11 Dec 2008 11:17:00 -0500

The December meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).

Opening Remarks
Tim Baldridge, NASA

MP3: click here
HSPD-12 Insights: Past, Present, and Future
Carol Bales, OMB

PDF: click here

MP3: click here
Leveraging HSPD-12 to Meet E-authentication Policy
Chris Louden

PDF: click here

MP3: click here
HSPD-12 Convergence with HR 1
Chris Geldart, FEMA

PDF: click here

MP3: click here
ANSI Identity Management Standards Panel (IDSP) Identity Verification Project
Tom Lockwood DHS (intro), Graham Whitehead, and Bill McCabe

PDF: click here

MP3: click here
Applications Using PIV: Process for the use of PIV for full disk encryption on laptops and two-factor authentication for desktops
Owen Unangst, USDA

PDF: click here

MP3: click here
PAIIWG Update & Closing Remakrs
Tim Baldridge, NASA

PDF: click here

MP3: click here

Securing cyberspace should be priority for Obama

FIPS 201 Administrator — Tue, 09 Dec 2008 10:54:00 -0500

Identity management and smart cards play a role protecting the Web.

The Center for Strategic and International Studies’ Technology and Public Policy Program released a report with recommendations of what President-Elect Barack Obama should do to secure cyberspace. Identity management and the use of smart cards make up a section of recommendations from the commission.

“Nearly every day our nation is discovering new threats and attacks against our country’s networks,” the report states. “Inadequate cybersecurity and loss of information has inflicted unacceptable damage to U.S. national and economic security. The president of United States must know what these threats are and how to respond to them.”

The commission started its work in August 2007 to review existing plans and figure out what a new administration should do and issued three major findings:

Cybersecurity is now a major national security problem for the United States.
Decisions and actions must respect privacy and civil liberties.
Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.

The commission released a list of 25 recommendations, including creating a National Office for Cyberspace, and another four of which deal with identity management. The report says:

The United States should make strong authentication of identity, based on robust in-person proofing and thorough verification of devices, a mandatory requirement for critical cyber infrastructures (energy, finance, government services). The president should direct the National Office for Cyberspace and appropriate agencies, using the federated regulatory model and consulting with industry and the privacy and civil liberties community, to implement critical infrastructure authentication. The president should receive a report on progress within six months.
The United States should enable consumers to use strong government-issued credentials, or commercially issued credentials based on them, for online activities, consistent with protecting privacy and civil liberties.
In a related initiative, the Federal Trade Commission (under its authority under Section 5 of the FTC Act or the Graham-Leach-Bliley Act) should implement regulations that protect consumers by preventing businesses and other services from requiring strong government-issued or commercially issued credentials for all online activities by requiring businesses to adopt a risk-based approach to credentialing.
The president should, by the end of the first year of the presidential term, require every agency to report on how many of their employees, contractors, and grantees are using credentials that comply with HSPD-12 and restrict bonuses or awards at agencies that have not fully complied.

Sagem Morpho demos biometric reader offerings for TWIC and PIV

FIPS 201 Administrator — Tue, 02 Dec 2008 14:39:00 -0500

Identity Stronghold protects contactless cards and passports with RF shielding sleeves

FIPS 201 Administrator — Mon, 01 Dec 2008 15:02:00 -0500

DOD requests information on physical access control for CAC

FIPS 201 Administrator — Tue, 25 Nov 2008 14:31:00 -0500

The U.S. Department of Defense has issued a request for information asking for industry comments on using the Common Access Card for physical access control.

Defense Department officials use the CAC for access to computer networks and as a flash badge, but not for physical access control. The agency will be replacing its current credentials with new ones that meet the FIPS 201 standard and contain a contactless interface for physical access control.

DOD also wants to issue an “alternative smart card” for personnel not eligible to receive a CAC that would contain much of the same information and be used for physical and logical access.

The request for information asks a wide range of questions from proposals for developing and integrating an alternative card to be issued for physical access control systems for providing some or all of the chip-based authentication options as the PIV compliant CAC to asking for capabilities for authenticating credentials.

The request was released on Nov. 20 and vendor responses are due by Dec. 20.

BridgePoint's systems FIPS 201 approved

FIPS 201 Administrator — Tue, 25 Nov 2008 08:58:00 -0500

BridgePoint Systems has announced that four of its physical access control readers have received approval from the General Services Administration for inclusion on the FIPS 201 Approved Products List.

The readers provide a range of capabilities across card types. The readers include contact, contactless and dual interface readers in a variety of mounting styles. The readers are compatible with a range of industry physical access control systems as well as with the BridgePoint’s Trust at the Threshold PKI PACS.

The BridgePoint TrustPoint readers have been deployed in numerous locations in support of physical access control that want to make use of the Common Access Card and other FIPS 201 credentials. The TrustPoint readers work with legacy CAC, Next Generation CAC and End Point CAC credentials.

ACS smart card reader receives FIPS 201 certification

FIPS 201 Administrator — Mon, 24 Nov 2008 10:15:00 -0500

ACS has announced that the ACR38 smart card reader has obtained FIPS 201 certification.

The approval of the reader enables the ACR38 to be used by federal agencies in their smart card applications such as physical access, network access and other authentication solutions. The FIPS 201 certification is a requirement of GSA for devices used in a smart card solution to ensure government-wide interoperability.

ACS also has unveiled the ACR38K Smart Keyboard. The ACR38K Smart Keyboard combines the smart card reader to a keyboard which enables convenience to implement smart-card-based systems or applications in the PC environment.

The keyboard has a ACR38 smart card reader module embedded and supports a variety of smart cards including ISO-7816 Class A, B and C cards as well as most of the common memory cards.

GSA accredits Atsec

FIPS 201 Administrator — Thu, 20 Nov 2008 14:24:00 -0500

Atsec information security has achieved General Services Administration FIPS 201 Evaluation Program Lab accreditation enabling the company to perform testing to determine conformance of products and services to FIPS 201 requirements on behalf of GSA.

This service is aimed at customers that want to sell their respective FIPS 201 compliant IT products and services to federal agencies.

Atsec is already an accredited laboratory under the National Voluntary Laboratory Accreditation Program for cryptographic module testing, and is accredited to conduct conformance testing of SCAP and Personal Identity Verification smart card applications and middleware under the National Institute of Standards and Technology Personal Identity Verification Program.

Atsec also operates fully accredited laboratories for Common Criteria testing under the U.S., German and Swedish national schemes.