DHS seeks smarter smart cards

Shutterstock image (by NREY): digital fingerprint identification.

WHAT: A Department of Homeland Security request for information about personal identity verification card technology and integration

WHY: The RFI follows a summer of cybersecurity concerns and PIV testing across the federal government.

In the wake of massive data thefts at the Office of Personnel Management, a "cyber sprint" ordered by U.S. CIO Tony Scott had agencies redoubling efforts to implement two-factor authentication for users of federal networks. Scott drove home the importance of that approach in a July 31 blog post.

"One of the most significant steps any organization can take to reduce the risk of adversaries penetrating networks and systems is requiring the use of a hardware-based personal identity verification (PIV) card or an alternative form of strong authentication," Scott wrote. "Over the course of the sprint, agencies made significant progress in this area."

Homeland Security Presidential Directive 12, issued in 2004, directed all agencies to develop and use a standard ID for federal employees and contractors to gain access to federal facilities and information systems. The identity badges used for physical access vary widely, which made cross-agency use problematic.

HSPD-12 sought to improve interoperability by requiring agencies to adopt stronger security standards and procedures for access control and use a consistent method for issuing identity badges. The National Institute of Standards and Technology later established a consistent process that all agencies can use to verify personnel and issue a badge that can be recognized and electronically processed within and between federal agencies.

On Sept. 28, DHS posted an RFI seeking for proposals from potential vendors for a workable architecture for PIV cards that would give Customs and Border Protection and DHS a way to speed authentication and verification of accredited PIV cards issued by all federal agencies and recognized commercial entities for nongovernmental personnel.

"The solution should provide minimal modifications to the current information technology operating environment and provide a highly available process supporting the CBP and DHS missions," the RFI states. "It also must have sufficient resources to eliminate any impact to current computer logon and authentication times."

Responses to the RFI should contain detailed architecture and integration points with existing CBP and DHS elements and any modifications necessary to established processes.

Click here to read the RFI.

Posted by Mark Rockwell on Oct 01, 2015 at 10:40 AM


Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.