Federal IT Summit
Carol Bales
Senior Policy Analyst
Office of Management and Budget
2
HSPD-12 Directive
HSPD-12 Objective: Improve the security of our federal facilities and information systems by
implementing common processes for identity proofing and ensuring interoperability through
use of standardized credentials for physical and logical access.
USPTO
Verizon
Business Federal ACES
Bridge CA
Entrust
SAFE
Treasury
Verisign
CERTIPATH
ORC GPO
5
DEA-CSOS Wells Fargo
Facilitating E-Government through IdAM
E-authentication Guidance Establishes Multiple Levels of Identity Assurance to support transactions for
Government-to-Citizen, Government-to-Business, Government-to-Government, and Internal Effectiveness
and Efficiency. Federal PKI and HSPD-12 provide for assurance of identity up to Level 4.
OMB E-Authentication Guidance establishes
Four Assurance Levels for
Consistent Application of E-Authentication How do we credential users?
Across Government Level 1 & 2 E-authentication credential
service providers: USDA, OPM, DOD,
Treasury, GSA (covers citizens,
Level 1 Level 2 Level 3 Level 4 business partners, federal employees
and contractors)
Little or no Some High confidence Very high
confidence in confidence in in asserted confidence in Trust relationships with external entities
asserted asserted identity the asserted for Levels 1 & 2 (e.g. Fidelity, Wells
identity Fargo, IdenTrust, InCommon)
identity identity –
– – Digital –
Federal PKI provides up to Level 4
Self identified Userid/ Certificate/PIN Smart Card/PIN assurance and is a key enabler of trust
user with Password (multi-factor) (multi-factor)
in HSPD-12 credentials.
password (Single factor)
(e.g. first responder (e.g. officer
(e.g. citizen Other internal agency capabilities.
(e.g. citizen accesses disaster accesses law
accesses website
changes address reporting website to enforcement
using self-
of record through share operational database with
registered
SSA website) information) criminal records)
userid/password)
GSA is currently restructuring its identity and access management services and capabilities to
provide a more unified approach for identity and access management services and governance. 6
HSPD-12 Implementation Status
* Above listed data is based on incomplete agency reports. Until all agencies are reporting and providing
complete data, the percentages could change significantly.
* “Total Number of Employees Requiring PIV credentials” includes US military personnel.
* Numbers are approximate.
7
Benefits of HSPD-12 Credentials
8
What’s Next?
9
http://www.whitehouse.gov/omb
http://www.idmanagement.gov
http://csrc.nist.gov/piv-project
http://www.fedidcard.gov/
10