DHS seeks smarter smart cards
An RFI for personal identity verification card technology and integration follows a summer of cybersecurity concerns and PIV testing across the federal government.
WHAT: A Department of Homeland Security request for information about personal identity verification card technology and integration
WHY: The RFI follows a summer of cybersecurity concerns and PIV testing across the federal government.
In the wake of massive data thefts at the Office of Personnel Management, a "cyber sprint" ordered by U.S. CIO Tony Scott had agencies redoubling efforts to implement two-factor authentication for users of federal networks. Scott drove home the importance of that approach in a July 31 blog post.
"One of the most significant steps any organization can take to reduce the risk of adversaries penetrating networks and systems is requiring the use of a hardware-based personal identity verification (PIV) card or an alternative form of strong authentication," Scott wrote. "Over the course of the sprint, agencies made significant progress in this area."
Homeland Security Presidential Directive 12, issued in 2004, directed all agencies to develop and use a standard ID for federal employees and contractors to gain access to federal facilities and information systems. The identity badges used for physical access vary widely, which made cross-agency use problematic.
HSPD-12 sought to improve interoperability by requiring agencies to adopt stronger security standards and procedures for access control and use a consistent method for issuing identity badges. The National Institute of Standards and Technology later established a consistent process that all agencies can use to verify personnel and issue a badge that can be recognized and electronically processed within and between federal agencies.
On Sept. 28, DHS posted an RFI seeking for proposals from potential vendors for a workable architecture for PIV cards that would give Customs and Border Protection and DHS a way to speed authentication and verification of accredited PIV cards issued by all federal agencies and recognized commercial entities for nongovernmental personnel.
"The solution should provide minimal modifications to the current information technology operating environment and provide a highly available process supporting the CBP and DHS missions," the RFI states. "It also must have sufficient resources to eliminate any impact to current computer logon and authentication times."
Responses to the RFI should contain detailed architecture and integration points with existing CBP and DHS elements and any modifications necessary to established processes.
Click here to read the RFI.