PRINCETON JUNCTION, NJ -- Homeland Security Presidential Directive 12 (HSPD-12) is driving a momentous change in how the U.S. federal government manages physical access control and information security. The new Smart Card Alliance white paper, FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems, provides a roadmap to the key specifications that federal agencies need to consider in implementing FIPS 201 compliant physical access control systems (PACS). The paper also provides an overview of essential but unresolved questions, for which standards definition and implementation guidance are still being developed.
In both government and enterprises today, the convergence of logical and physical access control systems is recognized as necessary to provide improved security and uniform security policy enforcement. For the U.S. federal government, HSPD-12 made this convergence mandatory. It requires a common identification credential for all federal government employees and contractors that will be used for both physical access to federally controlled facilities and logical access to information systems.
To meet this requirement, the National Institute of Standards and Technology (NIST) published a standard for secure and reliable forms of identification -- FIPS 201 -- in February 2005. The FIPS 201 Personal Identity Verification (PIV) card standard requires contact and contactless smart card technologies and biometrics and provides specific standards for the issuance and use of the PIV card.
While FIPS 201 and its associated special publications define many aspects for an interoperable federal identity card, the standard also provides a variety of options for implementation and permits individual agencies to define their own approaches to meeting agency-specific access requirements. The new Smart Card Alliance white paper provides guidance to agencies on how the new PIV card should be used in physical and logical security, how the standards compare to previous specifications, and what aspects of the specifications are still open that might affect an agency's implementation.
"FIPS 201 is driving a paradigm shift for government-issued ID badges that will impact the private sector as well," said Randy Vanderhoof, executive director of the Alliance. "A detailed roadmap has been defined that addresses policy and technology in a comprehensive set of standards. The end result is a secure, trusted credential that addresses physical and logical security as a system. To achieve this result, it is critically important for industry and customers to work together to develop and implement the standards-based solutions that will facilitate the transition."
This white paper was developed by the Smart Card Alliance Physical Access Council. Individuals from 36 organizations in this Alliance Council were involved in the development of this white paper. Lead contributors included representatives from: AMAG Technology, Anteon, Booz Allen Hamilton, Competech Smart Card Solutions, CoreStreet, EDS, Fargo Electronics, GTSI Corp., HID Corporation, HIRSCH Electronics Corporation, IBM, Identification Technology Partners, Inc. (IDTP), InfoGard Laboratories, Integrated Engineering, International Biometric Industry Association (IBIA), LEGIC Identsystems, Lenel Systems International, Inc., Lockheed Martin, MAXIMUS, MDI Federal Systems Division, Northrop Grumman Corporation, Precise Biometrics, SAFLINK Corporation, SAIC, SCM Microsystems, Shane-Gelling Company, Tyco Fire & Security, U.S. Department of Homeland Security, XTec, Inc.
The Physical Access Council focuses on activities that are important to the physical access industry and that address key issues that organizations have in deploying new physical access system technology. Physical Access Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.
The white paper, written for executives and managers, is available at no charge from the Smart Card Alliance web site at www.smartcardalliance.org.