What FIPS Means for the Security Industry

A look at the far-reaching impact of the new federal personal identification verification project

As all of the technology pieces fall into place, the PIV project will positively impact government integrators in the identification industry. A lot of new and replacement business will arise from this project over the next two years. Federal agencies will need software integration, readers and printers, secure materials like smart cards and security overlaminates, and the service and support that goes with them. Not all locations implementing PIV are large government facilities. Many are smaller satellite offices supporting larger government agencies, which leaves plenty of room for small and large integrators.

End Users

The recipients of the PIV cards are in a good position to realize the added security and efficiency that the presidential directive mandates. The previously inconsistent and potentially insecure forms of identification that have been used to access federal buildings and information systems will be eliminated as the PIV project is implemented. One of the large security gaps that the PIV program bridges is credential interoperability between agencies. This is a significant step forward in leveraging the right technology at the right time.

Industry groups like the Smart Card Alliance, the Open Security Exchange (OSE) and the Security Industry Association are now examining how PIV can be leveraged in private industry. The lack of standardized smart card implementations has stalled the growth of combined credentials for physical and IT security. PIV paves the way for off-the-shelf solutions that close security gaps between physical and IT security. At the heart of it all is a smart card combined credential. With combined credentials as the basis for enterprise security, employee provisioning and systems integration can be developed for interoperable systems that securely share data and can verify credentials. At a recent meeting of the OSE Convergence Council, enterprise security officers indicated that one of their highest priorities was to have simplified identification credentials for combined physical and IT security. With emerging regulations like Sarbanes-Oxley and Gramm-Leach-Bliley regulating accountability in the enterprise, the ability to know not only who has access to computers, but also who has access to property and facilities is becoming paramount. The foundation that the federal government has laid will enable safer and more accountable work environments. Once combined credentialing is ubiquitous across the enterprise, business rules that define intelligent security become possible because of the interoperability between physical and IT systems based on smart credentials.

About the author: Gary Klinefelter is the chief technology officer (CTO) for Eden Prairie, Minn.-based Fargo Electronics, a provider of ID/access control card printing solutions, and chairperson of the OSE (Open Security Exchange), an industry organization working to create convergence and interoperability for physical and logical access control.