At a Glance

Home > Software Engineering > Complying with HSPD-12 A Proven Approach from QSSI

Complying with HSPD-12 A Proven Approach from QSSI

The Homeland Security Presidential Directive 12 (HSPD-12) issued by the White House on August 27th, 2004, calls upon Federal agencies to create a standard form of identification that unites physical access and information access, creating a more comprehensive government-wide identity management system. To assist agencies to meet these goals, the U. S. Department of Commerce published guidelines on what standards and methods should be used to reach compliance. FIPS 201 – the Federal Information Processing Standards Publication 201 (FIPS 201); Personal Identity Verification (PIV) of Federal Employees and Contractors divides the compliance process into two parts:

• Policy goals (PIV1), which were to be in place by October 27th, 2005; and
• Technical goals (PIV2), which must be met by October 2006.

Enhancing Identity Management Systems already in place to conform to PIV requirements is a challenge for many Federal agencies. It requires expertise in several disciplines including legacy government credentialing systems, integration with network and perimeter security systems, smart card and biometric standards, identity proofing processes, and more. Most Federal agencies have diverse physical and information security infrastructures in place. Some agencies have first generation smart cards. Given this diversity there will be different migration paths to FIPS 201 compliance. Your current investments must be leveraged in the development of your HSPD-12 solution.

QSSI, with in-depth expertise in Identity Management solutions, has developed a comprehensive standards based approach that ensures full compliance with HSPD-12. Our solution leverages open standards to integrate with a wide variety of biometric and smart card credentialing systems. It also enables physical and logical access convergence while simplifying the user experience. The end result is a more robust enterprise system that improves the security posture of your organization without sacrificing usability. As a “technology agnostic” solution provider, we leverage our vast experience in the identity management marketplace to determine what solution would make the best use of your existing technology. Our objectivity ensures our customers receive the best possible, fully-compliant PIV solutions.

The QSSI Approach for HSPD-12 Compliance

The QSSI Approach consists of the following steps:

• Assessment – the first step is to take an inventory of what you have. QSSI will conduct a complete assessment of the existing identity management system, data stores, credentialing process flows, privacy concerns and risk factors. Our proven assessment methodology breaks requirements into logical groups and identifies integration points with other systems or processes. It also serves as the foundation for gap analysis.
• Gap Analysis – QSSI conducts a complete gap analysis to identify areas that need enhancement/improvement as well as a cost/benefit analysis of alternatives. As part of this analysis, we will ensure cross-agency coordination, leverage existing efforts and agency-wide standards to complete the analysis phase.
• Solution Development – At this stage QSSI will work with you to identify the options available, perform a cost-benefits analysis of each alternative, and lay out a plan for what you will need. From a technology standpoint, we will suggest which architecture and cost model will work best. QSSI has extensive experience with COTS and GOTS products and their integration with third party identity systems, data stores, live scan systems for fingerprint processing, fingerprint identification systems as well as smart card and PKI management systems. By leveraging standards and best practices we will create the bestvalue PIV solution that fully complies with FIPS 201 requirements. A typical QSSI led PIV solution architecture is shown below.
  
• Migration Plan – A natural byproduct of the Solution phase is the migration plan. QSSI has extensive past performance in migrating systems for Government customers. Using a well documented plan and following a logical, phased approach QSSI will execute the system migration without impacting the organization and its users
• Implementation – QSSI resources are highly skilled in all aspects of identity management including biometric data processing (finger, facial, iris etc.), cryptography, EA, full lifecycle development, directories, relational databases, NIST standards for PIV, FIPS standards for PIV, Special Publications for PIV (SP 800-73, 800-76, 800-78 etc.) QSSI will work closely with your Agency to provide the resources necessary to affect the required changes, and ensure a fully compliant system.

The QSSI Approach addresses all FIPS 201 requirements:

• Identity Proofing and Registration
• Issuance and Maintenance
• Interoperability
• Card life Cycle Management
• Card Reader Specifications
• Card Authentication
• Logical Access Control
• Physical Access Control
• Biometric Standards
• Certification & Accreditation
• Privacy
• Compliance
• Acquisition Planning
• Migration Planning

Home | Practice Areas | Clients | Contract Vehicles | Corporate | Careers | News | Contact Us | Employees Only