Department of Veterans Affairs Personal Identity Verification

(PIV) Program

Brian Epley, VA PIV Program Manager

August 14, 2007

2

Agenda

• History• Authentication Authorization Infrastructure Program (AAIP)• Required Changes

• Current State and Future Goals• PIV 0.5• PIV 1.0• PIV 2.0• PIV +

• Architecture• Achievements• National Deployment Schedule • Resources

3

VA PIV History

• Experience - Oct 2004, VA conducted a 10-month pilot that included:

• Issued 1,100 cards prior to HSPD-12• Provided logical and physical access• Three digital certificates• Used an application process similar to the PIV process

• Investment - VA procured a substantial amount of resources to support earlier smart card initiative

• 85,000 smart cards• Front-end and Back-end components (servers, workstations, printers, etc.)

• Business Requirement - VA’s unique operational mission requires a tailored solution

• Large affiliate population (80,000+) requires “OneVA” (non-PIV) cards• 24-hour turn around on issuance • 24/7 Help desk support

4

VA PIV History (Continued)

• Increased Return on Investment• VA’s focus is to advance the use of identity and access management

(IAM) across the Department• Mapping of user privileges• Provisioning and deprovisioning services • Synchronization of data with authoritative sources• Rights management with standardized Role Based Access Control

(RBAC) models• Management of entity profiles

• The IAM solution can be used to support management of veteran identities

• Establishing an enterprise IAM backbone within the VA will save millions of dollars

5

The Department of Veteran Affairs successfully complied with HSPD 12 • Issued first card to PCI Manager October 20th

• Issued twelve credentials to Sponsor, Registrar and Issuers between October 20th and October 26th

• Issued three ID credentials to employees October 27th

• Issued 1,400+ credentials since October 27th

VA legacy cards (ActivCard Applet v.2 on Cyberflex Access 64k v.1)• Provide logical and physical access• Have three digital certificates• Comply with topographical requirements

Key Differences• Does not have fingerprints loaded on the card• The card stock is non-compliant

VA will begin PIV National Deployment September 2007• 24-month deployment to implement PIV Enrollment Operations Centers at

approximately 225 field locations serving 1,200+ facilities across CONUS

VA PIV Status

6

PIV 0.5 Objectives

• Interim FIPS-201 Compliance

-Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption

• Disaster Recovery Capability

PIV Architecture - Version 0.5October 2006

7

PIV Architecture - Version 2.0

PIV 2.0 Objectives

• Full Compliance with FIPS 201

-Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption

• Disaster Recovery Capability

• Help Desk

• Establish VA Interfaces

• Establish Federal Enterprise Interfaces

8

PIV Architecture – Version 3.0Future Enterprise Integration

PIV 3.0 Objectives

• Integrate into VA Enterprise Architecture

• Establish SSO with additional enterprise applications

• Link authoritative data sources using IAM backbone

• Establish interoperability with other Shared Service Providers

• Add 3rd Data Center leg for load-balancing across CONUS

• Integrate VA PIV with GSA MSO and Federal peers

9

• VA PIV is 1 of 4 Successful Federal HSPD-12 programs• PIV is currently in production at VACO

• Issued 1,400+ credentials that support:• Smartcard authentication• Unique IDs• Digital signature• E-mail encryption

• PIV participated in OED IAM Workshop to identify duplicative requirements and enterprise solutions to meet the needs of:

• Active Directory• VBA – Loan Guarantee Program, VIP• OS&LE – Security Investigations Center (SIC)

• Centralized and timely adjudication• VHA & VBA

• VHA EA Integration—SSO

Achievements

10

• Sharing data sets based on correlated Unique Identifier (UID)

• Active Directory• PAID

• Combined program requirements• VBA

• Loan Guarantee Program• OneVA VIP Portal

• EA OneVA Portal/SSO• VHA

• Resource collaboration• e-Authentication• Soft Certificate initiative• DoD/CAC

Enterprise Integration Achievements

11

• Site transformation from PIV-1 “Process” to incorporate use of PIV systems to achieve HSPD-12 compliance and unified “OneVA” credentials

• 24-month deployment to implement PIV Enrollment Operations Centers at approximately 225 field locations serving 1,200+ facilities across US

• Multi-Administration collaboration to determine VISN/Region geographic sequence

• Based on VISN/Region site readiness

• Involves comprehensive 120-day preparation

PIV National Deployment

12

Deployment Schedule

13

14

• VA PIV Intranet site:• vaww.va.gov/PIVproject

• VA PIV PMO e-mail address:• VAPIVPRO@va.gov

• VA PIV Team members:• PIV Executive Steering Committee• Brian Epley, Program Manager• Gloria A. Harris, Business Manager• Leonard Kenon, Project Manager• Maurice Claggett , Project Manager• Multiple contract resources• Multiple Working Groups

VA PIV Resources