Building the PIV team

HSPD-12 touches more than just IT

By October, agencies are supposed to begin issuing Personal Identity Verification smart ID cards. Adoption of an interoperable ID across government under Homeland Security Presidential Directive 12 should help strengthen authentication for physical and logical access to federal facilities and resources.

But authentication is only one part of the broader, more complex goal of access control.

'Any strong authentication measure we can put in place is one piece of the puzzle,' said Deepak Kanwar, director of product management for SafeNet Inc. of Belcamp, Md., which helps enterprises manage digital identities.

Other pieces of the puzzle include identity and account management, access policy and enforcement, and legal, regulatory and audit requirements.

'This is whole lifecycle management,' Kanwar said. 'Unless you have a process in place, you're not going to have security.'

Because of the need to integrate authentication technologies with policies, access-control projects often come with a high cost and high level of complexity.
Stakeholders in the project, in addition to the IT and network security offices, can include:
  • Human resources, which usually is the owner of the data upon which the system depends. Timely, accurate and reliable HR feeds are necessary to provision and deactivate accounts.

  • The help desk, which must field calls when a user forgets a password, loses a token or does not get the expected access.

  • Physical security. Traditionally, there has been little interaction between the guys with the badges and guns and the guys in IT. But with a single card to manage both, they become pieces in the same puzzle.

  • The legal department, which will want to pass judgment on access policies.

  • Auditors, both internal and external, who will pass judgment on execution of those policies.

  • The owners of the applications, who usually decide who gets access.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected