Click here to join
our email and news letter list.
Gave It All On
9-11-2001
Current
Threat Level
National Incident Management System (NIMS) Updates
The contents of this
website should be considered working documents and are subject to
change.
Important
web sites and links below click here
ID Card Process
Daily “routine use”
identity card becomes
First Responder “crisis” identity card
providing the relying party with machine-read information
todetermine access privileges for granting access
into, out of, and within the Incident Area in a trusted and reliable manner.
First Responder “crisis” identity card
providing the relying party with machine-read information
todetermine access privileges for granting access
into, out of, and within the Incident Area in a trusted and reliable manner.
Federal:
- HSPD 12 signed 27 Aug 04
- Implemented NLT 27 October 2005
- Must identify First Responder community (COOP/COG/ESF)
State and Local:
- NIST FIPS PUB 201 released 25 Feb 2005
- H.R. 418: The Real ID Act of 2005 became law 11 May 2005
- Leveraged for NCR common identity trust model
- Own, control, and manage affiliated identities and attributes
Smart “identification” card:
- Identity authenticated through a common architecture
- attribute validated through a common process
Deliberate and urgent identity verification:
- Daily “routine use” identity card becomes “crisis” identity card
- No requirement to issue another identification card
Policy Drivers
Federal Information Processing Standard (FIPS)
201:
Personal Identity Verification (PIV) of Federal employees and
contractors (http://csrc.nist.gov/publications/fips/fips201/FIPS-201-022505.pdf)
Errata for FIPS 201
Executive Order 13356: Strengthening the Sharing of Terrorism Information to Protect America (August 27,2004) (http://www.fas.org/irp/offdocs/eo/eo-13356.htm)
Executive Order 13356: Strengthening the Sharing of Terrorism Information to Protect America (August 27,2004) (http://www.fas.org/irp/offdocs/eo/eo-13356.htm)
OMB M-04-04: E-Authentication Guidance for Federal Agencies(http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf)
OMB M-05-05: Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services (http://www.whitehouse.gov/omb/memoranda/fy2005/m05-05.pdf)
OMB M-03-22: OMB Guidance for Implementing the Privacy Provisions the E-Government Act of 2002 (http://www.whitehouse.gov/omb/memoranda/m03-22.html)
HSPD-5 Management of Domestic Incidents: Establishes a single, comprehensive national incident management system (February 28, 2003) (http://www.whitehouse.gov/news/releases/2003/02/20030228-9.html)
HSPD-6 Integration and Use of Screening Information: Consolidates the Government's approach to terrorism screening and information collection and usage in screening processes. (September 16, 2003) (http://www.whitehouse.gov/news/releases/2003/09/20030916-5.html)
HSPD-7 Critical Infrastructure Protection: Federal departments and agencies are to identify, prioritize, and protect United States critical infrastructure and key resources (December 17, 2003) (http://www.whitehouse.gov/news/releases/2003/12/20031217-5.html)
HSPD-8 National Preparedness: Defines "first responder“ as those who are responsible for the protection and preservation of life, property, evidence, and the environment (December 17, 2003)(http://www.whitehouse.gov/news/releases/2003/12/20031217-6.html)
HSPD-11 Comprehensive Terrorist-Related Screening Procedures: Research and development on technologies, including biometric identifier (also Exec Order 13356)(http://www.whitehouse.gov/news/releases/2004/08/20040827-7.html)
HSPD-12 Policy for a Common Identification Standard for Federal Employees and Contractors: Sets a standard for secure and reliable forms of identification (http://www.whitehouse.gov/news/releases/2004/08/20040827
Fundamental Implications
- Enables new levels of trust necessary for collaboration in a distributed environment
- Integration of capabilities of Public Service providers
- Facilitates data sharing, access permissions, & controls
- Supports innovative products & services
- Enhances operations to enhance value
- Enabler for private sector commercial offerings
Benefits / Outcome
- Machine-read vs. discretionary identity management
- Multi-jurisdictional conformance (Federal, State, Local, Tribal, NGO, other)
- Scalable for use in other regions & cost effective implementation
- Provides for standards-based technology migration opportunities
- Enables trust and cooperation among neighboring jurisdictions
- Supports mutual aide human resources asset management
- Supports National Incident Management System (NIMS) integration
Click PKI slide for larger version
Posted November 3, 2005:
Designation of new NIST Personal Identity Verification Program (NPIVP) Test Facilities - The National Institute of Standards and Technology (NIST) has designated Atlan Laboratories, atsec information security corporation, ICSA Labs, a division of Cybertrust, Inc, and LogicaCMG FIPS Laboratory as interim NIST Personal Identity Verification Program (NPIVP) test facilities.
As such, these laboratories may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements.
Additional information regarding the laboratories is available at http://csrc.nist.gov/cryptval/ . These new laboratories join COACT Inc. CAFE Laboratory, InfoGard Laboratories, Inc., DOMUS IT Security Laboratory, BKP Security Labs, BT Cryptographic Module Testing Laboratory, CEAL: a CygnaCom Solutions Laboratory, and the EWA - Canada IT Security Evaluation & Test Facility as designated interim NVPIP test facilities. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed.
Testing under the NPIVP has been authorized with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.
Important Web Sites and Information
- NIST - PIV Standard and Supporting Documents
- Federal Identity Credentialing Committee
- Smart Card Standards and Interoperability
- Smart Card Inter-Agency Advisory Board
- National Fire Service Responder Credentialing System Concept and Recommendations Revised Final Draft October 7, 2005 Password Required - click here to send me an email request.
- Old draft of the
proposed credentialing
process. Password Required - click
here to send me an email request.
Click here to join our email and news letter list.
wrjorgenGWDT