HID Global and Tyco Security Products have joined forces to deliver a line of fully FICAM-compliant solutions for end-to-end physical access control systems (PACS). The complete offering comprises each company’s federal identity solutions, providing added value through increased security, cost efficiency and interoperability.
The U.S. General Services Administration (GSA) introduced the new FICAM testing requirements earlier this year as part of a realignment of its Approved Products List (APL) with the FICAM roadmap for standardization and a consistent approach to deploying and managing appropriate identity assurance, credentialing and access control services.
Read more about FICAM in an article from the September issue of Security Dealer & Integrator (SD&I) magazine, at www.securityinfowatch.com/10986700.
The GSA test program included subjecting the system components to dozens of attacks to ensure that the system is not prone denial of service, credential spoofing, or other types of unauthorized access. The FICAM testing program ensures that products conform with existing APL approval procedures, and integrate other vendors' products to create a complete end-to-end high assurance solution that government agencies can procure. End-to-end systems are tested both as individual components as well as holistically to ensure that agencies meet all of the requirements in FIPS 201 and SP 800-116.
“FICAM testing is by far the most comprehensive testing that we have seen,” said Bob Fontana, vice president of engineering, Federal Identity Solutions with HID Global, in a statement. “HID Global is excited to be part of the first FICAM-compliant system approved by the GSA and available to the U.S. Government. The government has raised the bar in standardization and HID Global has met this challenge, offering federal agencies improved security solutions.”
According to a press release, the HID Global and Tyco Security Products PACS solution includes: HID's pivCLASS Registration Engine, pivCLASS Certificate Manager, pivCLASS Reader Services, pivCLASS Authentication Module (PAM), pivCLASS IDPublisher and pivCLASS RK40/RKCL40 readers; as well as Tyco's Software House C•CURE 9000 security and event management system.
The pivCLASS Registration Engine seamlessly integrates with Tyco’s Software House C•CURE 9000 for PIV and PIV-I card validation, provisioning, and de-provisioning when a certificate is no longer valid. Credentials presented at the door are cryptographically challenged by the pivCLASS PAM. If the card is authentic and valid, the card identifier is passed to the Software House iSTAR controller, which performs the authorization check before admitting the cardholder. A special messaging interface ensures that all invalid transactions are captured and forwarded to the C•CURE 9000 PACS event monitor.
“The successful testing of Software House’s C•CURE 9000 for FICAM end-to-end compliance, together with HID Global’s pivCLASS Government Solutions portfolio, assures U.S. Federal agencies that they are procuring FICAM solutions that will meet all of the FIPS 201processing standards,” said Stafford Mahfouz, Manager of Government programs for Software House, Tyco Security Products, in the release.
The companies’ solutions on are the GSA Approved Product Listing. For a list of FICAM-approved products, visit idmanagement.gov.