Building the PIV team

HSPD-12 touches more than just IT

By October, agencies are supposed to begin issuing Personal Identity Verification smart ID cards. Adoption of an interoperable ID across government under Homeland Security Presidential Directive 12 should help strengthen authentication for physical and logical access to federal facilities and resources.

But authentication is only one part of the broader, more complex goal of access control.

'Any strong authentication measure we can put in place is one piece of the puzzle,' said Deepak Kanwar, director of product management for SafeNet Inc. of Belcamp, Md., which helps enterprises manage digital identities.

Other pieces of the puzzle include identity and account management, access policy and enforcement, and legal, regulatory and audit requirements.

'This is whole lifecycle management,' Kanwar said. 'Unless you have a process in place, you're not going to have security.'

Because of the need to integrate authentication technologies with policies, access-control projects often come with a high cost and high level of complexity.
Stakeholders in the project, in addition to the IT and network security offices, can include:
  • Human resources, which usually is the owner of the data upon which the system depends. Timely, accurate and reliable HR feeds are necessary to provision and deactivate accounts.

  • The help desk, which must field calls when a user forgets a password, loses a token or does not get the expected access.

  • Physical security. Traditionally, there has been little interaction between the guys with the badges and guns and the guys in IT. But with a single card to manage both, they become pieces in the same puzzle.

  • The legal department, which will want to pass judgment on access policies.

  • Auditors, both internal and external, who will pass judgment on execution of those policies.

  • The owners of the applications, who usually decide who gets access.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.