Government Identity/Credentialing Resources

Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush on August 27, 2004, mandated the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 requires the use of a common identification credential for both logical and physical access to Federally controlled facilities and information systems.

The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, issued on February 25, 2005, and a number of special publications that provide more detail on the implementation of the standard.

Both Federal agencies and enterprises are now implementing FIPS 201-compliant ID programs.

In September 2008, the Federal CIO Council established the Information Security & Identity Management Committee. The ISIMC, as it is commonly called, was charged with overseeing the government-wide activities related to Cybersecurity and Identity Management. In turn, the ISIMC established four subcommittees. The Identity, Credential and Access Management Subcommittee, often referred to as ICAM is co-chaired by GSA and DoD and is tasked with aligning the Identity Management activities of government, while the remaining three deal with the cybersecurity taskings.

The resources below were compiled by the Smart Card Alliance to assist organizations with their implementation of government identity/credentialing initiatives.

Smart Card Alliance Publications

• Authentication Mechanisms for Physical Access Control Systems, October 2009
• Recommendation on the Credential Numbering Scheme for the FIPS 201 PIV Card Global Unique Identifier, March 2009
• Interoperable Identity Credentials for the Air Transport Industry, Physical Access Council and Identity Council white paper, October 2008
• Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery, Identity Council and Physical Access Council white paper, October 2008
• Using FIPS 201 and the PIV Card for the Corporate Enterprise, Identity Council and Physical Access Council white paper, October 2008
• Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials, Smart Card Alliance Physical Access Council white paper developed in collaboration with the Open Security Exchange, Security Industry Association and International Biometric Industry Association, September 2007
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007
• Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility, Smart Card Alliance Physical Access Council white paper, September 2006
• FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007
• Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006

Federal CIO Council / Identity, Credential and Access Management (ICAM) Subcommittee

• IDManagement.gov, federal web site with information for citizens, businesses, and government entities interested in identity management activities, including topics related to Homeland Security Presidential Directive 12, Public Key Infrastructure, and E-Authentication
• Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, November 10, 2009. This document provides Federal agencies with architecture and implementation guidance that addresses existing ICAM concerns and issues.
• Identity, Credential, and Access Management (ICAM) Roadmap Snapshot. This document provides a snapshot that describes the core components of ICAM, provides a description of the Roadmap, lists five strategic goals and their related objectives, as well as the value proposition of the ICAM segment architecture
• PIV Interoperability for Non-Federal Issuers, May 2009. This document advocates a set of minimum requirements for non-federally issued identity cards that can be trusted by the Federal government.

NIST Publications and Programs

• Federal Information Processing Standard Publication 201-1 (FIPS 201-1), Personal Identity Verification (PIV) of Federal Employees and Contractors, NIST, March 2006
• NIST PIV web site
• NIST Personal Identity Verification Program (NPIVP) web site
• NIST Special Publication 800-63 (SP 800-63), April 2006: Electronic Authentication Guideline
• NIST DRAFT Special Publication 800-63 Rev. 1 (SP 800-63), December 12, 2008: DRAFT Electronic Authentication Guideline
• NIST DRAFT Special Publication 800-73-3 (SP 800-73-3), August 13, 2009: DRAFT Interfaces for Personal Identity Verification (4 Parts)
  • Part 1 - End Point PIV Card Application Namespace, Data Model and Representation
  • Part 2 - PIV Card Application Interface
  • Part 3 - PIV Client Application Programming Interface
  • Part 4 - The PIV Transitional Data Model and Interfaces
• NIST Special Publication 800-73-2 (SP 800-73-2), September 2008: Interfaces for Personal Identity Verification (4 parts)
  • Part 1 - End-Point PIV Card Application Namespace, Data Model and Representation
  • Part 2 - End-Point PIV Card Application Interface
  • Part 3 - End-Point PIV Client Application Programming Interface
  • Part 4 - The PIV Transitional Data Model and Interfaces
• NIST Special Publication 800-76-1 (SP 800-76-1), January 2007: Biometric Data Specification for Personal Identity Verification
• NIST Special Publication 800-78-1 (SP 800-78-1), August 2007: Cryptographic Algorithms and Key Sizes for Personal Identity Verification
• NIST DRAFT Special Publication 800-78-2 (SP 800-78-2), October 6, 2009: DRAFT Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
• NIST Special Publication 800-79-1 (SP 800-79-1), June 2008: Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI’s)
• NIST Special Publication 800-85 A-1(SP 800-85A-1), March 2009: PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance)
• NIST Special Publication 800-85 B (SP 800-85B), July 2006: PIV Data Model Test Guidelines
• NIST DRAFT Special Publication 800-85 B-1 (SP 800-85B-1), September 11, 2009: DRAFT PIV Data Model Conformance Test Guidelines
• NIST Special Publication 800-87 Rev 1 (SP 800-87), April 2008: Codes for the Identification of Federal and Federally-Assisted Organizations
• NIST Special Publication 800-96 (SP 800-96), September 2006: PIV Card to Reader Interoperability Guidelines
• NIST Special Publication 800-116 (SP 800-116), November 2008: A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

Office of Management and Budget (OMB) Guidance

• OMB Federal Identity Credentialing Committee web site, http://www.cio.gov/ficc/
• “Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors,” Office of Management and Budget Memorandum M-05-24, August 5, 2005
• “E-Authentication Guidance to Federal Agencies,” OMB Memorandum M-04-04, December 16, 2003

General Services Administration (GSA) Guidance on Implementation and Acquisition

• GSA smart card web site, http://www.smart.gov/whats_new.cfm
• “Acquisitions of Products and Services for Implementation of HSPD-12,” General Services Administration (GSA) memorandum, August 10, 2005
• Federal Identity Management Handbook (Draft), GSA publication, July 2005. This document provides specific implementation direction on course of action, schedule requirements, acquisition planning, migration planning, lessons learned, and case studies.

Federal Identity Credentialing Interagency Advisory Board (IAB) Publications

• IAB web site, http://www.smart.gov/IAB/
• Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems, Version 2.2, July 30, 2004 (PACS 2.2)

Presidential Directives

• Homeland Security Presidential Directive/HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004
• Homeland Security Presidential Directive/HSPD-11: Comprehensive Terrorist-Related Screening Procedures, August 27, 2004

Industry Associations

• International Biometric Industry Association (IBIA), http://www.ibia.org
• Open Security Exchange, http://www.opensecurityexchange.org
• Security Industry Association (SIA), http://www.siaonline.org
• Smart Card Alliance, http://www.smartcardalliance.org

Other Resources

• FIPS201.com, a complete source for FIPS 201 and GSA Approved Identity and Credentialing Products from Avisian Publications