Serving Commissaries, Exchanges, & Morale, Welfare, and Recreation
Presented at the:
American Logistics Association
National Convention
Presented By:
Daniel E. Turissini
CEO, Operational Research Consultants
October 20, 2008
IDENTITY SUPERIORITY
What is FiXs? Federation for Identity & Cross-Credentialing Systems
• 501(c)6 not-for-profit trade association – Founded in 2004 in collaboration with the Department of Defense
– Collaborated with General Services Administration HSPD-12 effort
– Provides inter-operable use of identity credentials among governments & industry partners
• A coalition of diverse companies/ organizations creating inter-operable identity cross-credentialing standards & systems
– Government contractors, technology companies, & financial firms
– Not-for-profit & non-profit organizations
– DoD, GSA, & State governments
• Trusted authority of standards, operating guidelines, & oversight of secure identity authentication network
FiXs Members/Advisors 2008
Commercial Entities • AFCEA • American Logistics Association • American Systems • Booz-Allen Hamilton • ChoicePoint Government Services • Covisint • DSA, Inc. • Daon • EDS • Eid Passport, Inc. • Imadgen LLC • Little River Management Group, LLC • Lockheed Martin Corporation • Mobilisa • Northrop Grumman
Government Advisors • Defense Manpower Data Center, DoD • Office of Government-wide Policy, GSA • CIO Office, State of Colorado
• SAIC • Secure Data Corporation • SRA International, Inc • SRP Consulting Group, LLC • Telos Identity Management Solutions • Unlimited New Dimensions, LLC • Vuance, Inc. • Wave Systems Corp. • WidePoint Corporation • 3Factor LLC
And a growing number of subscribing members!
FiXs User Benefits & Responsibilities
• Benefits – Federated Solution – Trusted authentication at FiXs recognized locations
& systems – Syndicated Investment – Syndicated Risk – Branded Transaction – Certified & Accredited Products/ Services
• Responsibilities – Warrant Trustworthiness of Employees – Comply with Operating Rules
The Foundation
• January 2006 - Memorandum of Understanding (MOU) with DoD that established terms & conditions under which FiXs & DoD will use their respective systems as part of an identity suite of systems: – Operational framework for inter-operability between
DoD & FiXs – Specific operational responsibilities – Governance structure
• Interim Authority To Operate (IATO) Granted by DMDC in July 2007
A Common Access Infrastructure
Currently over 7 million people have CAC-compliant credentials As this number grows - opportunities for efficiencies skyrocket
Federal Government Trading Partners & Allies First Responders
Governance Structure
• Defined Trust Model • Operating Rules • Security Guidelines • Policy Standards, including Privacy Act
compliance • Technical Architecture Specifications &
Standards • Implementation Guidelines
The Basic Principles
Personally identifiable information (PII) Capture of biometric, SSN, & other unique information Write once/ access many times = ID authentication & reduced sign-on
Structured to emulate the ATM model
PII maintained in a federated manner No single targeted database of personal information Distributed under the authority & control of the sponsoring organization Queries of this information can be “logged” to support privacy
Meeting DoD Objectives
• Credentials can be trusted with confidence – “… fully operational for worldwide use in support of identity authentication purposes
& applications” -- DMDC ltr, 16JUL07 – “establish & maintain the ECA program … to support the issuance of DoD-approved
certificates to industry partners & other external entities & organizations.” -- DoDI 8520
• Short term return on investment (ROI) – Existing highly available architectures for identity deployment & revocation
information accessibility – Most efficient ingress & egress to government facilities & systems
• Fulfills need for personal security in a high-tech world – “… intended for all applications operating in environments appropriate for medium
assurance but which require a higher degree of assurance & technical non-repudiation.” -- DoD CP
– Addresses “… the need for non-DoD entities & personnel to interoperate with DoD applications for the purpose of conducting business electronically with the DoD.” -- DoD/ ECA MOA
Consistent with DoD Investments
• Assurance of interoperability & convergence – DoD PKI Medium Hardware Assurance (CAC) – ECA Medium Hardware Assurance – Defense Cross Credentialing Identification System
(DCCIS) – FiXs Initial Operating Capability (IOC)
• Distributed trust model DoD-wide – DoD PKI/ ECA Root distribution – Global Directory System (GDS)/ Credential Validation – FiXs Operating Rules - HSPD-12 compliant – Defense National Visitor Center (DNVC) System – Defense Biometric Identification System (DBIDS)
Supports a safe, secure shopping environment overseas and stateside
4.1301 Contract clause. The contracting officer shall insert the clause at 52.204-9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have physical access to a federally controlled facility or access to a Federal information system.
52.204-9 Personal Identity Verification of Contractor Personnel.
(a) The Contractor shall comply with agency personnel identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201.
(b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have physical access to a federally-controlled facility or access to a Federal information system.
FiXs Provides ALA Members
• A seat at the table – Interface with DoD & GSA for identity assurance matters – Governance Structure between member organizations – Certification Standards for creating identity credentials
consistent with Federal regulations • A shared trusted network – Secure network switch – Standard interface with DoD & FiXs members – Access to certified providers, sponsors, &credential
holders • Clearinghouse for objective
consideration of technologies, business processes, rules & requirements
FiXs - Certified Credentials
“The Medium Hardware Assurance tokens and associated certificates issued by the ECA Providers have the same assurance level as the certificates on a Common Access Card (CAC).” -- EPMA
CAC FiXs
2D barcode, 1D barcode & mag-stripe
on back
2 RFID antenna
Clear Contractor Markings
Value Proposition & ROI
Easy business decision for CFO & CIO
Enterprise-wide capability & best practices
Security & Privacy of staff, systems, & facilities
Method for data security in compliance with latest identity authentication processes
Complies with FAR contract requirements
HSPD – 12 and DoD PIP compliant
Leadership in a large &developing market on an matter that is of major national importance
ALA - FiXs Credential Use Case Assessment
• People • Process • Tools • Priorities
• Current State • Goals • Requirements • Future State
• Company Profile • Use Case Interest • IT Infrastructure • Key Organizations
Value-added Services to ALA Membership
• Web-based Diagnostic for Identity Assurance – Available to each ALA member organization – Provided by FiXs member – AMERICAN SYSTEMS
• Confidential On-site Workshop – Focused current/ desired future state requirements
gathering gap analysis – Lead by Senior Identity Assurance Consultants
• Roadmap – Focused snapshot of current and future state – Gap analysis, Quick Wins and increased ROI identified – Identify increased ROI opportunities, priorities & Quick
Wins
• Non-intrusive & targeted towards a use case
Web-based Diagnostic
Identity Assurance Survey: – Web-based survey – Can be shared intra-organizationally for
business requirements gathering, prioritization & pain identification
– Detailed report summarizing initial findings – Can be fine-tuned for future phase use
On-site Workshop
Half-day workshop: – Lead by Senior Identity Assurance
consultant – Detailed requirements gathering, issue
identification, and future state discussion – Initial requirements, achievable quick wins
and ROI assessed – Preliminary Roadmap presented to clearly
identify realistic next steps
How does ALA take advantage of this?
• Facility access • Credit • Employee ID Medical information • Passport • ID card •
Purchasing authority • Rewards • Insurance • Debit •
Marketing • Age verification Memberships
Clearance Medical &
drug benefits School ID
Account access
Computer security
As we continue to deploy common, strong personal digital identities, levels of permission can be granted to any online application with a high degree of confidence.
This opens up endless possibilities for ALA to add value for their membership.
Digital signature
Data encryption
Summary
• Single card for access bases & Facilities
• No long lines/ reduced waiting times
• Physical & logical privileges
Questions?
We greatly appreciate your time & consideration, thank you.
Contact Information
Dan Turissini - President, ORC/ FiXs Board Member [email protected] 703 246 8550
Robert Martin, American Systems/ FiXs Corp Secretary [email protected] 703 321 6951
Dr. Michael Mestrovich, President, FiXs [email protected] 703 928 3157