Executive Director’s Letter

Dear members and friends of the Alliance,

My fervent wish to all for 2009 is that our business leaders and government policy makers tap into the energy surrounding our 44th President of the United States, with the strength and determination exuded by the phrase so often mentioned by Barack Obama - “Yes we can, yes we can.” The security industry has already witnessed how a presidential directive (HSPD-12 in 2004) can transform a market from one with competing technologies, divergent directions on PKI and biometrics standards, and conflicting priorities for securing people and data into the present market that is rich with standards-based products and services, aligned identity trust policies and issuance procedures, and cost-effective, scalable security solutions that will improve efficiency, strengthen security, and protect privacy. Two recent postings I found may indicate the direction that security will head as a result of the next administration.

Member Profile: Northrop Grumman – Interview with Iana Bohmer

This month, Smart Card Talk spoke with Iana Bohmer from Northrop Grumman. Iana has over 25 years business management and consulting experience in identity management and card and credential-based systems. She has been with Northrop Grumman since 2003 where she has served as the Director of Identity Management for its commercial business line and has been responsible for business planning and execution strategy for several identity management practices within the company.

Prior to joining Northrop Grumman, Iana held senior management positions with Cap Gemini, Identix, Bank of America, and Maximus. Ms. Bohmer holds an MBA from George Washington University and a BS in International Economics from Georgetown University’s School of Foreign Service.

Feature of the Month

Use Cases for FIPS 201-Based Emergency Response Official Credentials

A significant advantage of a FIPS 201-based emergency response official (ERO) credential is its ability to support both emergency and incident use cases and everyday use for other applications. At a high level, all applications fall into the category of access control. Access control applications answer two questions: “who are you?” and “what are you allowed to do?” The FIPS 201-based ERO credential provides a basis for answering the first question at a very high level of assurance. The ability to answer the second question depends on whether the associated infrastructure is federal, state, local, or enterprise.

This month’s article reviews a variety of daily use cases for a FIPS 201-based ERO credential.