Deciphering the alphabet soup of the federal government market has never been easy, but today’s federal security vernacular includes a whole host of new terms that are now the very definition of access control in the government sector. These acronyms — FIPS-201, FICAM, HSPD-12 — are now government wide directives that mandate a federal standard for secure and reliable forms of identifications and details how they are installed in federal facilities and related civilian facilities.
Driven by federal identity and credentialing standards, which aim to integrate both physical and network access on the Personal Identity Verification credential, these initiatives are seeking to bring parity and standardization to the security systems of government facilities as well as higher degrees of security to federal installations of all sizes and functions.
To those not involved in the government sector, these standards may seem of little importance, with few implications for the bread and butter of today’s security industry. But if you drill down a little deeper into the origins and logistics of the PIV project, you might find more relevance than you think.
At its heart, the PIV credential and the larger, overall FIPS-201 initiative – the acronym for the Federal Information Processing Standard — is one big convergence project, albeit one of the most ambitious to date. The main goal is to ensure the automatic verification and validation of the cardholder’s identity to protect an enterprise’s physical and informational assets.
Like most high-tech technology, the PIV initiative has begun in the government sector, although not in the traditional sense. Unlike the Star Trek-type, DARPA funded technology, tested in the battlefield and then dumbed down and commercialized for a rollout to the private sector, in this instance, the government has served more like the world’s largest consumer, including in this mandate nearly 6 million federal employees in various stages of receiving their PIV card. As such, products and services already exist that satisfy these requirements.
Just a year ago, government IT officials issued a call to action for PIV, mandating that agencies must provide an implementation plan – and then actually follow through on that plan. This affected civilian firms that act as federal contractors as well.
These firms, large and small, are well on their way to compliance with PIV and are mandated to have physical access control systems that are capable of verifying and authenticating a cardholder’s identity and access rights. The only difference between these contractors and similar firms is who their customer is – government entities vs. private sector companies.
If you are an integrator, systems designer or security director of private sector firm, are you keeping an ear out for the latest on PIV? Listen as I give an overview of US Government security initiatives/mandates and explain possible opportunities and solutions for these initiatives during a recent webinar.
What road blocks have you encountered during PIV compliance? Leave us a comment.