Your Complete Source for GSA Approved Identity Products

ActivIdentity unveils PIV-I program

FIPS 201 Administrator — Wed, 10 Mar 2010 09:11:00 -0500

ActivIdentity Corp., a provider of in strong authentication and credential management, announced that it has launched a PIV-Interoperable initiative to enable non-federal organizations to issue employee identity cards that are technically interoperable with U.S. government PIV systems, and issued in a manner that allows government and relying parties to trust the cards.

To address the newly defined PIV-I card standards, ActivIdentity has modified its ActivID Card Management System that is being used in conjunction with its ActivClient security software. Customers looking to deploy the ActivIdentity PIV-I credential management solution can also leverage the ActivIdentity PIV+ applet that enables PKI-based access control as well as one-time-password-based authentication on a single PIV-interoperable identity card. The ActivIdentity PIV+ applet together with the ActivID Card Management System and ActivClient are part of the government-approved product list.

As the PIV initiative progresses, PIV-I has become a requirement for commercial enterprises that interact with government agencies on a daily basis. Non-federal issuers of credentials need to produce employee IDs that can technically interoperate with government PIV systems and can be trusted by relying parties via cross-certification. However, the PIV card standard is limited in scope to the federal government and has several requirements that can be addressed only by that community.

In response to these interoperability requirements, the Federal CIO Council defined the standards for PIV-I cards for non-federal issuers. Several federally sponsored PIV-I programs already exist, including the First Responder Authentication Credential (FRAC), the Transportation Worker Identity Credential (TWIC), and the Airport Credential Interoperability Solution (ACIS). Many other programs are in development with the same desired goal of technical interoperability and trustworthiness in the Federal government PIV environment.

Audio from February 24 IAB meeting online now

FIPS 201 Administrator — Tue, 02 Mar 2010 09:40:00 -0500

The February meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).

Opening Remarks
Tim Baldridge, NASA

MP3: click here
The Threat in the Digitally Interconnected World
Brian Tillett, Symantec

PDF: click here

MP3: click here
USDA Applications Using Digital Signatures
Mary Heard, USDA

PDF: click here

MP3: click here
Digital Signatures: A Legal Perspective of State and Federal Law
Tom Smedinghoff

PDF: click here

Referenced Article (PDF): Legal Challenges of Implementing Electronic Transacations: click here

MP3: click here
The Need for Device Authentication and Verification & Closing Remarks
Tim Baldridge, NASA

PDF: click here

MP3: click here

CoreStreet finalist for Info Security award

FIPS 201 Administrator — Tue, 23 Feb 2010 08:31:00 -0500

FIPS-201 F5 Solution, a CoreStreet Ltd. security system, has been announced as a finalist in the running for the 2010 Global Product Excellence award.

The award honors the product that shows excellence in the access solution category. CoreStreet, an ActivIdentity subsidiary, will be one of the primary industry players attending the Awards Event to take place on March 18.

The award looks for products that set the bar for other developments in security technologies. They recognize the CoreStreet FIPS-201 F5 Suite of products for advancing existing physical access control systems and making them functional.

Other features of the solution include credential compatibility for Personal Identity Verification cards, Common Access Cards, First Responder Authentication Credential cards and Transportation Worker Identification Credential cards.

Winners will be awarded at the Palace Hotel in San Francisco on March 18.

Homeland Security behind on PIV issuance

FIPS 201 Administrator — Thu, 18 Feb 2010 09:33:00 -0500

The U.S. Department of Homeland Security is behind on PIV issuance, according to an inspector general’s report. Only 7% of Homeland Security employees have been issued the credentials, 15,567 out of 250,000.

The deadline for PIV issuance was October 2008, but agencies throughout government are behind, but the inspector general’s report takes Homeland Security to task for falling behind. The vast majority of credentials have been issued to employees at Homeland Security’s headquarters, with 11,875. But Customs and Border Protection, the Transportation Security Administration and Immigration and Customs Enforcement have issued 22 credentials between the three agencies.

“Due to weak program management, including insufficient funding and resources, and a change in its implementation strategy, the department is well behind the deadline for fully implementing an effective HSPD-12 program,” the report states. “In addition, the department faces significant challenges in meeting HSPD-12 directive requirements for logical access to its information systems. Furthermore, system security and account management controls are not effective in protecting personally identifiable information collected and stored from unauthorized access. Existing security issues must be addressed to allow for the deployment of a robust, efficient, and secure interoperable identity card and issuance system department-wide.

The report makes 15 recommendations for the agency to make in order to get credential issuance on track. Following are some of those recommendations:

Ensure that the program management office has the staffing and funding necessary to effectively coordinate and oversee the department-wide implementation of HSPD-12.
Develop a regional implementation plan that includes detailed information about how the program management office will centrally manage the department-wide deployment of its HSPD-12 program. The plan should identify milestone dates and define program measures to track HSPD-12 implementation progress.
Discuss and coordinate with OMB on the department’s updated milestones and implementation of HSPD-12 requirements.
Estimate the department-wide cost to comply with HSPD-12 and FIPS 201-1 requirements and prioritize the department’s costs to ensure that physical and logical access interoperability requirements will be met. The estimate should cover the funding and other resources necessary to support HSPD-12 over a period of no less than five years.
Identify the facility access points and information systems that will require the use of PIV cards.

The full report can be downloaded here.

charismathics receives FIPS 201 approval

FIPS 201 Administrator — Tue, 16 Feb 2010 16:10:00 -0500

atsec information security is proud to announce the successful evaluation of charismathics’ Smart Security Interface PIV middleware. The evaluation followed the GSA FIPS 201 Evaluation Program - PIV Middleware Approval Procedure.

PIV middleware provides the interface between an agency’s logical access implementation and the PIV card. With the charismathics Smart Security Interface PIV agencies can use the PIV card to log on to the PC as well as a variety of applications and systems to meet the FIPS 201 directives relating to logical access.

charismathics’ Smart Security Interface PIV middleware was tested through the NIST PIV Program, and evaluated for approval by the GSA FIPS 201 Evaluation Program. With the successful evaluation, it is now listed on the GSA FIPS 201 approved Products List and can be purchased by all federal agencies.

atsec certifies Codebench for FIPS 201 certification

FIPS 201 Administrator — Mon, 08 Feb 2010 12:55:00 -0500

atsec information security, a laboratory for the GSA FIPS 201 Evaluation Program which runs a product approval program for PIV-related products, has announced the successful GSA FIPS 201 evaluation of four Codebench products. Codebench is the first company with solutions evaluated for GSA product categories Caching Status Proxy, PIV Authentication System, and CHUID Authentication System.

Codebench’s PIVCheck Plus Desktop Edition with PIVCheck Certificate Manager, PIVCheck Plus Mobile Edition with PIVCheck Certificate Manager and PIVCheck Desktop Edition (both the SCVP Client and PIV Authentication System) were tested and evaluated in atsec’s Austin, Texas lab.

As a result of its evaluation, atsec has determined that Codebench’s products meet FIPS 201 requirements on behalf of GSA, who ultimately grants the approval.

These products are now listed on the FIPS 201 Evaluation program Approved Product List, which only lists those products and services that are in compliance with the current version of the standard and its supporting NIST Special Publication 800-116, which provides recommendations for the Use of PIV credentials in physical access control systems.

House passes cybersecurity bill

FIPS 201 Administrator — Mon, 08 Feb 2010 08:12:00 -0500

The U.S. House of Representatives passed the “Cybersecurity Enhancement Act of 2010” aimed at improving cybersecurity research, development and technical standards.

The proposed law would create an office for a national coordinator for the networking and information technology research and development program. The law would also establish a program to develop and support identity management efforts.

The bill states that a program should be set up that would support the development of standards around identity management, with a particular focus on health care.

The new director would have to:

Improve interoperability among identity management technologies;
Strengthen authentication methods of identity management systems;
Improve privacy protection in identity management systems, including health information technology systems, through authentication and security protocols; and
Improve the usability of identity management systems.

The house passed the bill 422-5 and it’s not going to the U.S. Senate.

SCM's small, portable smart card reader GSA approved

FIPS 201 Administrator — Tue, 02 Feb 2010 13:29:00 -0500

SCM Microsystems Inc., a provider of solutions for secure access, identity and exchange, announced that its thumb-sized SCR3500 SmartFold Personal Identity Verification/Common Access Card smart card reader has been approved by the General Service Administration for use by U.S. government agencies and employees.

The SCR3500 SmartFold is ideal for mobile government employees that have notebooks without integrated card readers. It is small–only 48 x 20 x 12 millimeters when folded–portable contact smart card reader that will fit on an employees’ key rings and in their pockets.

The reader is simply unfolded and inserted into a free USB port of a notebook. Then employees can insert their PIV/CAC card into the reader to enable secure access to government systems and data.

The SCR3500 SmartFold is now on the GSA Approved Products List which means the reader is compliant with all FIPS 201 and PIV/CAC card requirements, and is ready for purchase by government agencies and/or their purchasing agents.

Audio from January 27 IAB meeting online now

FIPS 201 Administrator — Mon, 01 Feb 2010 09:42:00 -0500

The January meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).

Opening Remarks
Tony Cieri

MP3: click here
Global Threat Intelligence
Phyllis Schneck, McAfee
Digital Signature Lessons Learned
John Landwehr, Adobe

PDF: click here

MP3: click here
Challenges of Identity Management for the Virtual Lifetime Electronic Record (VLER)
Doug Felton, DoD/VA Integrated Program Office
The Value of PKI
Judy Spencer, GSA

PDF: click here

MP3: click here
New Initiative- Joint IAB/SCA meeting
Randy Vanderhoof, Smart Card Alliance

PDF: click here

MP3: click here
Closing Remarks
Tony Cieri

MP3: click here

idOnDemand releases Software as a Service PIV smart card

FIPS 201 Administrator — Wed, 20 Jan 2010 07:59:00 -0500

idOnDemand introduces the a new PIV full lifecycle employee smart card using the Software as a Service approach. With an idOnDemand SmartID, customers can compile visual, physical and logical authentication into a secure digital identification card into a pay-as-you go model without the complex infrastructure.

The software consolidates credentials that are traditionally separate like building access cards, VPN tokens, usernames and passwords onto a single card that can be used to protect corporate information, wherever that information may reside.

The card features a secure SAS-70 global identity environment utilizing a hardware-based PKI infrastructure which enables global businesses to manage their employee smart cards from any authorized location.

idOnDemand has office locations in the United States, Australia and the United Kingdom.