1 / 21

The PIV Credential: Expanding Its Value

The PIV Credential: Expanding Its Value. Stephen Duncan GSA HSPD-12 MSO June 21-24, 2010 2010 Network Services Conference Power in Partnerships. Agenda. Challenges USAccess Program Agency Successes PIV Interoperable. The Cost of Identity Theft in the US.

sorcutt
Download Presentation

The PIV Credential: Expanding Its Value

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The PIV Credential:Expanding Its Value Stephen DuncanGSAHSPD-12 MSOJune 21-24, 20102010 Network Services ConferencePower in Partnerships

  2. Agenda • Challenges • USAccess Program • Agency Successes • PIV Interoperable

  3. The Cost of Identity Theft in the US • In 2009 ID fraud cost around $54B up from $48B in 2008 • In 2009 the average data breach cost the affected business $6.75M, up from $6.65M in 2008 Source: Forbes.com, 02/10/10

  4. Protecting Data in Cyberspace Causes of data breaches on government computer systems in past 10 years. Source: Washington Post Capital Business & Open Source Foundation, 05 /1010

  5. Where do we go? The Federal government… • following the guidance of Homeland Security Presidential Directive 12 (HSPD-12), is seeking to leverage the federal interoperable identity credentialing mechanism across the federal enterprise. • should ensure resources are available for full federal implementation of HSPD-12. • should consider extending the availability of federal identity management systems to operators of critical infrastructure and to private-sector emergency response and repair service providers for use during national emergencies. May 2009

  6. FICAM Goals • Comply with Federal Laws, Regulations, Standards and Governance relevant to ICAM • Facilitate e-Government by streamlining access to services • Improve security posture across the Federal enterprise • Enable trust and interoperability • Reduce costs and increase efficiency associated with ICAM

  7. USAccess Program – Achieving the Objectives • Allows agencies to share a common identity and PIV credential management infrastructure • Provides FIPS 201 compliant Federal credentials through uniform issuance processes and enrollment services • Leverages a central infrastructure for enrollment and activation, PKI and credential personalization • Built on a robust and secure standards-based architecture with high availability and disaster recovery capabilities

  8. Over 80 customer agencies representing 490,000+ enrollments Over 340 Enrollment stations deployed with another 10+ scheduled Cooperative customer mobile station deployment covering over 350 remote locations, reaching over 50,000 people 110 classes held with over 850 trained registrars Progress & Major Accomplishments Data as of 5/10/10

  9. Managed Services Office Vision • PIV Credential is the only credential federal employees and contractors use to access federal facilities, information systems, and networks • PIV Credential Issuance and Lifecycle Management is and shall remain the core service offered by the MSO • MSO will explore peripheral service offerings with the goals of adding “value” to the credential • Expand the total customer base to maximize economies of scale

  10. Continue to enable trust and interoperability • Expand Credential Issuance and Management services to state, local, tribal, and commercial businesses by leveraging ACES precedent • Enable MSO to provide usage (PACS/LACS/Apps) services to customer base – particularly small agencies

  11. Getting there

  12. Near term - Light Enrollment • From an enrollment station, allows direct connectivity to the USAccess central infrastructure via a public internet connection • Reduces or eliminates: • Physical space • Set up costs • # of peripherals • Dedicated hardware and VPN • Station certification

  13. Station 1 GSA Shared Service Components Station 2 • Card Management • ID Management systems Add. NeedsStations Extending the Business Model Enrollment Broker Station 3 Station 4 Station 5 Station 6 Other HSPD-12 Centralized Solutions Station “n” The Enrollment Broker feeds data from hundreds of enrollment stations into multiple identity management systems.

  14. Agency Successes • Password Resets and Management • PKI Realized Value • Help Desk Efficiencies • Single Sign-on benefits • Workflow and Digital Signature • Physical and Logical Security • Agency specific ROI studies • (DOE, DoS, and DoD)

  15. Information on security benefits from use of CACs and PKI to access DoD IT assets: • Successful intrusions have declined 46% because of the requirement that all DOD personnel log on to unclassified networks using Common Access Cards (CAC). • It is essential to use CACs, which electronically verify a user’s identity, to access unclassified DOD networks because 75% of that traffic moves across the public Internet. • Use of CACs and PKI tokens eliminates the need to use passwords... the major problem in protecting DOD networks. Passwords can be harvested automatically by keyloggers or from notes people stick on their computers. • The number of successful socially engineered e-mail attacks against DOD users has declined 30% due to increased security awareness training. Source: FCW article from 1/25/2007

  16. DOE reduced/eliminated token usage • ~120,000 employees/contractors • Widespread use of two factor authentication tokens to provide remote access to systems identified as moderate or high risk • Average annual cost per user is $110, which includes the cost of a 4-year license for token at $40 • Separate infrastructures for 2-factor authentication for a 10,000 user base is $1.1M • Agency had numerous implementations presenting interoperability challenges across the enterprise. • Solution: Implementation of PIV Credential to eliminate costs and minimized the number of credentials for requiring lifecycle management

  17. Eliminating manual password management payoff • State Department experienced a 50% reduction in help desk tickets with PKI implementation • Estimated savings in Year 1 was ~$10.3M

  18. Beyond the enterprise - other PIV cards • PIV Interoperable Card(PIV-i) – an identity card that meets the PIV technical specification to with PIV infrastructure elements and is issued in a manner that allows Federal government online services to trust the card • Users: state & local government, first responders and federal contractors

  19. What’s different with PIV-i • Identity Proofing • Identity Proofing requirement only (not suitability) • Based on SP 800-63 Assurance Level 4 • Unique Identifier • FASC-N is problematic for non-Federal entities • Use of UUID in lieu of FASC-N (See 800-73-3) • Digital Credentials • PIV cards require Federal PKI Common Policy compliance • PIV-I requires trust relationship via Federal Bridge

  20. Expanding PIV Value • Shared services model: • Delivers trust, efficiency and effectiveness • Increases protection of PII by consolidating and securing identity data • Improves interoperability between agencies and their business partners • Robust identity and access management are fundamental to secure information sharing and collaboration across government • Increased security correlates to a reduction in identity theft, data breaches and trust violations The Federal government’s identity management strategy relies heavily on successful implementation of PIV Credentials

  21. Further Information Steve Duncan Program Manager HSPD-12 MSO Stephen.Duncan@gsa.gov P: 703-306-6096 C: 703-350-6840 www.fedidcard.gov

More Related