Federally interoperable credentialing in Illinois
08 September, 2009
category:
Technology as a cultural lever
By Dennis L. Gavin MBA, PMP
CGN and Associates
Illinois is unique among states because it has deployed an enterprise-level PKI that is cross-certified with the Federal Bridge. While this is a major accomplishment, it is only one component in the state’s quest to develop a federally interoperable credential. Technology is a lever and a force multiplier in any process, but must take a subordinate position to process and policy. Prior to the existence of the PIV Interoperable standard or FIPS 201, Illinois had a coordinated and engaged emergency response community that recognized the critical importance of interdisciplinary and cross-jurisdictional cooperation. Interoperable technology thus found a welcome home in the Land of Lincoln.
Empowering the emergency response community
Beginning with its pilot rollout in September of 2008, Illinois has more than 1,200 emergency responders in various stages of the credentialing process. These responders are drawn from a highly diverse cross-section of disciplines–from Emergency Management and Counterterrorism Professionals to HAZMAT and Technical Rescue Teams. This initial population of candidates represents not only members of state agencies, but also the strong tradition of not-for-profit associations formed for the purpose of cross-jurisdictional mutual aid within the state.
The core process vision of the credentialing program is one of decentralized authority. Rather than centralize the process at a specific agency or location, the credentialing system delegates the authority and responsibility for candidate selection, validation and activation down to constituent organizations and teams. This is accomplished using a Web-based portal where credentialing candidates and their supervisors create and validate responder profiles.
Highlights of the credentialing process
The background check
Users enter the credentialing system through a fingerprint-based background check. The candidate reports to a site capable of collecting both fingerprints and a digital photo, which passes through a criminal background process before transmission to the Web-based credentialing portal. In addition to the obvious benefit of screening the criminal background of credentialing applicants, this process provides a crucial validation point. Submission of fingerprints in this manner provides reasonable assurance that the individual presented as an emergency responder is the individual whom he or she purports to be–a crucial factor in an identity validation application.
The team concept
The backbone of the Illinois Credentialing Process lies with the team. The team serves as the “administrative home” of the credential profile and may or may not correspond to the team or organizational affiliation of the individual. The team, which may be as large or small as needed, consists of individuals with a common emergency response affiliation. When a candidate joins a team, the Team Leader is responsible for review of the profile and affirmation of the candidate’s skills and abilities as enumerated. When the Team Lead digitally signs the profile, he/she is giving credence to the qualifications and identity of the applicant. This has three advantages.
- A Team Leader accepting an applicant into his/her team provides administrative control over the profile.
- By requiring a Team Lead to digitally sign an applicant’s profile certifying the validity of the information, there is a strong incentive for Team Leaders to ensure that the applicant’s data is accurate.
- A Team Leader validating the candidate’s qualifications with a digital signature provides a much more cost-effective and streamlined method of validating qualifications than building interfaces to external qualifications databases, assuming that such a database exists for a given qualification.
A responder may, of course, belong to more than one team. For example, an individual may be a member of a local fire department, while also serving on a HAZMAT response team and an Urban Search and Rescue team. In these cases, the candidate would enter the system under his primary team. The other two Team Leaders would then add the credentialed individual to their teams once the primary Team Leader approved the profile.
Designated card distributors
After a card has been approved for production and created, the finished product will be sent to a Designated Card Distributor for final delivery to the recipient. This individual, who is selected by the Team Leader, will arrange to meet the credentialing candidate to activate the card, write the certificates to the chip, and implant both the PIN and biometric signature. This separation of duties provides an additional auditing step. No single person has authority from beginning to end over the process, requiring a second individual to verify the identity of the user.
In conclusion
Illinois has achieved federal interoperability through diligent and focused efforts and effective program design. Many states are looking at the Illinois model with an eye toward achieving interoperability for their own state.
Mr. Glavin is a senior project manager with CGN and Associates and served as project lead for the Illinois First Responder Credentialing initiative.