Security conference kicks off with FISMA focus
- By William Jackson
- Feb 15, 2005
SAN FRANCISCO'The RSA Security Conference gets underway today with the National Institute of Standards and Technology presenting a full schedule of sessions on meeting security and identity management requirements.
"One of the strengths of this year's government track is a strong involvement by NIST," said Shannon Kellogg, director of government and industry relations for RSA Security Inc. of Bedford, Mass. "NIST owns the first day."
The Federal Information Security Management Act is the backbone of government IT regulation, making agencies answerable to Congress and the Office of Management and Budget for their IT management and security practices. NIST will discuss agency trends in FISMA compliance, along with strategic developments in enforcement.
NIST officials also are expected to outline the contents of the new Federal Information Processing Standard for personal identity verification. The standard, FIPS-201, is scheduled to be released Feb. 28 in response to a Homeland Security Presidential Directive issued last year. It will contain a host of guidelines, recommendations and technical specifications for authenticating and managing the identity of federal workers and contractors. FIPS-201 will be the foundation for a PIV card and infrastructure that would be used to regulate logical and physical access to federal facilities and resources.
There also will be sessions on creating an interoperable federated ID management program. Federated identity management is a decentralized system relying on trusted partners for authenticating digital credentials. A federated system relieves agencies of the burden of issuing and managing their own credentials for online activities by enabling them to authenticate and accept credentials issued by other partners.
Another area of interest is the Defense Department's adoption of radio frequency ID technology, a technology that has raised concerns about privacy.
"Privacy is making a strong comeback at the conference this year," Kellogg said. "It has been elevated as an issue as part of the RFID debate."
DOD's use of RFID in its supply chain is spurring the adoption of the technology in the private sector. As the technology is used on individual products at the retail level, some privacy advocates are concerned that it will allow monitoring and identification of individuals. A panel at the conference will discuss privacy and security challenges in implementing these systems.
A separate panel will address privacy issues in the IT planning and development process. As more personal data is being stored on and used by IT systems, a privacy lifecycle approach will be required for these systems.
William Jackson is a Maryland-based freelance writer.