PIV Business Requirements
General Plan:Hildegard FerraioloPIV Standard Program LeadComputer Security Division
Overview LogisticsThe AgendaPriority Change RequestsThe FIPS Process and BRMContext in-scope/out-of-scopePIV Team and Steering ComitteeRevision Principles and Lessons LearnedPIV Business Requirements Meeting2
Logistics – The Business RequirementsMeeting (BRM) Presentations followed by discussions, Q&A We have a large remotely attending audience:– Please use the microphone to comment and/orask questions– Remote Attendees use piv comments@nist.gov tocomment and/or ask questions We cannot cover all –– Opportunity to comment after the meeting(deadline 3/31/19) – government onlyPIV Business Requirements Meeting3
The Agenda Today8:30-8:50Welcome Remarks – Donna Dodson (NIST)8:50-9:30Digital Identity Policy - Jordan Burris (OMB)9:30-10:10General Plans - Hildegard Ferraiolo (NIST)10:10-10:30Break10:30-11:30Identity Proofing – Jim Fenton (Altmode Networks) and David Temoshok (NIST)11:30-12:30Authenticators & Derived Credentials – Andy Regenscheid (NIST)12:30 - 1:30Lunch1:30 - 2:30Federation for Logical Access – Justin Richer (Bespoke) and David Temoshok (NIST)2:30-3:10PACS - Hildegard Ferraiolo (NIST) and Andy Regenscheid (NIST)3:10-3:30Break3:40-4:10Other Topics - Hildegard Ferraiolo (NIST)4:10-4:30Wrap upPIV Business Requirements Meeting4
Background - FIPS 201 Revision 2 Addition of Derived PIV Credentials – as an optional authenticator forplatforms that do not support smartcards (currently restricted in SP 800157 to mobile devices) Virtual Contact Interface – secure communication for wirelessauthentication Chain of Trust – enables binding and reconnection to enrollment record.Its XML schema in SP 800-156 enables inter-agency data exchange ofenrollment record – avoids re-enrollment Biometrics:– addition of iris as an option for enrollment/binding to enrollmentrecord– Made facial image template mandatory as an on-card biometric –can be used at enrollment/re-issuance– Option for match on card fingerprint authentication Green text indicate that the R2 revision items play a role in R3
continuedBackground - FIPS 201 Revision 2 Deprecated the CHUID authentication mechanism andindicated its removal from a future FIPS Made PKI-CAK cryptographic key mandatory for PIV Cards,intended use for 1 factor wireless authentication and asone of the replacement of the CHUID authenticationmechanic On-card NACI indicator remains a requirement. Majorpurpose of Revision 1 was to include the indicator. Signature and encryption Key became mandatory Green items indicate that the R2 revision item plays a rolein R3.
Priority Change Requests for R3 Addition of other Form Factors not justsmartcards because – Some platforms do not support smartcards Additional non-PKI PIV Credentials because – We use alternatives, especially where smartcards arenot supported Federation– shifting interagency interoperability requirement ofHSPD-12 to Federation
(continued)Priority Change Requests for R3 Identity Proofing in General– The FIPS 201/SP 800-63 alignment– Remote supervised identity proofing– Remote AAL-3 authenticator derivation PIV and PACS– Removal of the CHUID authentication mechanism– Alternatives for CHUID authentication mechanism– Addition of Mobile Device (maybe others) for PACS
Looking Ahead No major re-write of FIPS expected. Focus should be inamending/adding high level context/requirements inthe major topic area (change requests) Major effort should concentrate on technical updates toNIST Special Publications for the major topic areas, whileshepherding FIPS 201 through the revision fairly quickly.– SP development/edits will follow FIPS development
The Federal Information ProcessingStandard (FIPS) ProcessA pre-established, formal ublications Shares many similarity with regulatory rule making process Business Requirements meeting FRN to announce intention to develop/revise a FIPS and that startscommenting period and announces workshop/next steps Incorporate additional feedback solicited by additional FRNs FRN announcing revised draft (if needed), contains resolution of allcomments of first draft, starts comment period and announcesworkshop Department of Commerce Secretary approval and FRN announcingfinal FIPS and also documents all comments/resolutions Maintaining traceability to business requirementsPIV Business Requirements Meeting10
Collaborators/Contributors:Part of HSPD-12 Steering Committee: OMB – policy guidanceDHS – HSPD-12 implementation / PACS ISCGSA – FPKI, APL, GSA MSOOPM – Suitability, Vetting, Identity SourceDocuments of I-9 DoD, DoJPIV Business Requirements Meeting11
FIPS 201 Overall Process Top Down Approach– HSPD-12 - FIPS 201 - SPs FIPS specifies high level processes andrequirements to satisfy HSPD-12– Supporting Special Publications (SP) detail thetechnical ‘how-to’PIV Business Requirements Meeting12
FIPS 201 R2PIV CardSpecificationSP 800-73-4CryptographicPIV CardInterface/Functional TestRequirementsSP 800-85A-4SpecificationSP 800-78-4HSPD 12BiometricSpecificationSP 800-76-2Issuer AccreditationSP 800-79-2FIPS 201(Secretary of Commerce)Facility AccessSP 800-116PIV Reader SpecsSP 800-96StandardsTestGuidelinesChain of TrustSP 800-156PIV Digital SignatureKey PIN policyNISTIR 7863PIV Business Requirements MeetingPIV Card Data Model TestRequirementsSP 800-85B-2Mobile Device:Derived PIVCredentialsSP 800-15713Mobile Device: PIVCredentials TestRequirementsSP 800-166NISTValidationProgram
Tentative Timeline/MilestonesProject MilestoneGovernment-only Business RequirementsMeetingApproval for revision packageDraft updates to FIPS 201 materialsWorkshop2nd Draft package (if needed)2nd Draft Workshop (if needed )Final PackageAssociated Special Publication update/createcompleteDateMarch 2019August 2019October 2019November 2019April 2020May 2020August 2020May 2021
In Comparison to Actual timeline for R2Project MilestoneGovernment-only Business RequirementsMeetingDraft PublishedWorkshop2nd Draft Published (if needed)2nd Draft Workshop (if needed )Final PublishedAssociated Special Publication update/createcompleteDate2010March 2011April 2011July 2012August 2012Sep 2013Ongoing fromSeptember 2013 2015
Revision Principles and LessonsLearnedFIPS 201 suited for high level requirements– Special Publications (SPs) for the detailsFive year review cycle of FIPS 201– 7-8 years for the entire process – FIPS revision, SPupdate/creation– Only well established/mature standards references andcontent in the FIPS (e.g, id proofing, PIV card lifecyle andits authentication mechanism)– Add newer/emerging standards/concepts via SP whileaiming for high level functional descriptors in the FIPS(e.g., new PIV authenticator, federation etc) Current text in FIPS 201 on Derived PIV Credential should alreadycover new authenticator.PIV Business Requirements Meeting16
Team NIST Topic LeadsTopicLeadPIV Card (visual card topography,electronic components):Ketan Mehta (ketan.Mehta@nist.gov)Identity ProofingDavid Temoshok, Jim Fenton(ctr)Generalized DerivationHildegard FerraioloAuthenticator ProfilesAndrew RegenscheidFederation ProfileDavid Temoshok, Justin Richer (ctr)Facility Access with PIV card andalternatives PIV authenticatorsHildegard Ferraiolo, Andrew RegenscheidBiometric CapabilitiesGregory FiumaraIssuer Accreditation:Ramaswamy ChandramouliJonathan GlosterProject Support/PMPIV Business Requirements Meeting17
In/Out of ScopeNIST’s HSPD-12 responsibility:“established the requirements for a common identificationstandard for identity credentials issued by Federaldepartments and agencies to Federal employees andcontractors (including contractor employees) for gainingphysical access to Federally controlled facilities and logicalaccess to Federally controlled information systems.” HSPD-12 Out of scope (No Authority to):– Everything else (E.g., authorization, access control policies,other types of non-PIV authenticators (PIV-I, CIV), temporarycards)PIV Business Requirements Meeting18
HSPD-12 Steering Committee OMB: Jordan Burris, Carol Bales,Robert Hankinson, Marie LaSalle GSA: Jim Sheire, LaChelle LeVan OPM: Lisa Loss, Colleen Crowley DoD: Col. Clancy, Tim Baldridge DHS: Tom McCarty, Gregory Steven,William Windsor, Mark Vita, DaryleHernandez DoJ: Nicole Arbuckle Participants by invitation depending onthe topic of discussionPIV Business Requirements Meeting19Committee:: Consists of representatives fromfederal department/agencies witha role specified in HSPD-12. Gives high level directions/goalson the revision within the scopeof HSPD-12. on-going meeting as needed asdirection adjust based onbusiness requirement meeting /comments received. Review/Agree on Draft and Finalsto be published
To provide comment: How: piv comments@nist.gov with subject line “FIPS201 BR comments” By when: 3/31/2019 What:– Comments from government-only stakeholders– High-level business requirements commentsComment on:– FIPS 201-2– Priority Change Requests– Questions contained in today’s slidesPIV Business Requirements Meeting20
PIV Card Interface/Functional Test Requirements SP 800-85A-4 PIV Card Data Model Test Requirements SP 800-85B-2 Test Guidelines Standards PIV Reader Specs SP 800-96 Facility Access SP 800-116 Chain of Trust SP 800-156 Mobile Device: PIV Credentials Test Requirements SP 800-166 PIV Digital Signature Key PIN po
Jul 06, 2012 · Maturity Level 1—Ad hoc PIV verification. Maturity Level 2—Systematic PIV verification to Controlled areas. PIV Cards and 214 currently deployed non-PIV PACS cards are accepted for access to the Controlled 215 areas at this level. Maturity Level 3—Access to Exclusion
1. NPIVP (NIST Personal Identity Verification Program), aka "PIV Government", is the COTS configuration for US Government Federal Employees and Contractors and targets PIV and PIV -I cards.
Version 1.2 Step 12 – Select ‘Smartcard’ from the list. Step 13 – From the Smart Card Window below select ‘Prefer GSC-IS over PIV EndPoint’ and change the value to no. Click ‘Apply’ and then ‘OK’. Step 14 – Reboot the computer. The computer should then begin to recognize the PIV Certificate. If you are an end user and you are still experiencing problems you will need to .
PKI-enabled IT resources use the PIV Auth certificate for authentication. While new CACs issued since February 2018 have the PIV Auth certificate activated, older CACs might not have that PIV Auth certificate activated. The RAPIDS self-service portal (RSS) provides for this capability. ID Card Office Online (IDCO) is also an acronym for
s i t u a c i o n e s de l a vi c t di a n a /d olvwd gh mxhjrv hv piv judqgh txh od gh orv oleurv srutxh hq ho frohjlr vh qhfhvlwdq piv mxjxhwhv txh oleurv % do qlxr oh slglhurq phqrv oleurv txh mxjxhwhv & sdud ho sdsi vrq piv lpsruwdqwhv orv wh[wrv txh orv mxhjrv ' s
You should get an email that looks like the one above after you create your account. If you have any problems creating your account, please contact your ADPAC or the Personal Identity Verification (PIV) Office at x6022. Step 2 - Making appointments The VA PIV Scheduling Tool allows you to make your own appointments, remember
the looped fire line to provide for isolation of the fire line. 5. fire sprinkler lines shall have a riser control piv for each individual riser. the piv's shall be located as close to the riser as practical. the riser control piv's may be eliminated when fd105 is used. fire sprinkler (fs) system riser (fd105) shall be shown on 6.
Anatomi tulang pada tangan, terdiri atas tulang lengan atas (humerus), pergelangan tangan (carpal), telapak tangan (metacarpal), dan jari-jari. Setiap lengan melekat pada tulang belikat (scapula), yaitu tulang segitiga besar di sudut tulang bagian atas setiap sisi tulang rusuk. Kerangka tubuh terdiri atas berbagai jenis tulang yang memiliki fungsi dan bentuk yang berbeda untuk menjalankan .
