Embed Size (px)
Citation preview
Presented to:
By:
Date:
Federal AviationAdministration
Issuance and use of PIV at FAA
Government Smart Card
Interagency Advisory Board
Ed Ebright, Division Manager, ID Media Division
May 2011
Federal AviationAdministration
2
Agenda• What we use• PIV Card Status• FAA HSPD-12 Systems
– PIV Card Health Check– Visitor System– Contactless Reader
• PIV Authoritative Database• Forgotten PIV Cards• Issues• FAA PACS• FAA LACS
Federal AviationAdministration
3
What we use
• PKI – Verisign/Symantec. • CMS - Intercede• IDMS – Investigations Tracking System (ITS). FAA
developed web based system. In production since 1995.
• Precise Biometrics 250 and 200.• AWARE Facial Recognition. Customized for the FAA.
Federal AviationAdministration
4
PIV Card Status
• As of May 1st the FAA has issued 68,000 PIV Cards. Total Population 73,000.
• 98% of Federal Employees have their PIV Card.• 99% of all Federal and Contractor employees have
applied for the PIV Card.• 170 Permanent sites issuing PIV Cards.
(Accommodates approximately 85% of workforce.• Remaining 15% complete while at permanent site and
using Mobile Lite concept. (PIV in a Box).
Federal AviationAdministration
5
FAA HSPD-12 Systems
• PIV Card Health Check– The purpose of the PIV Card Health Check is to
conduct and share an integrity check on individual PIV Cards.
– Cardholders can access a website and use a friendly GUI to view the health of their PIV Card.
– Cardholders may also submit a report to the PIV Helpdesk.
Federal AviationAdministration
6
PIV Card Health Check
• Helpdesk personnel have real time access to review the same report as the card holder.
• The system will help in troubleshooting problems such as expired certificates, corrupted cards, and non-card issues such as malfunctioning card reader or login configuration problems.
• This system is available to other agencies to host and usage.
Federal AviationAdministration
7
PIV Card Health Check
Federal AviationAdministration
8
FAA HSPD-12 Systems
• Visitor System– Web based system which allows FAA employees to
sponsor visitors from other agencies.– Visitor is notified through email and the system
automatically walks them through registering their smart card. (PIV and CAC)
– Data is automatically transferred to the FAA Secure PAD.
– Facility Manager assigns access to visitor.
Federal AviationAdministration
9
Visitor Administrator Console
Federal AviationAdministration
10
FAA HSPD-12 Systems
• Contactless Reader– Contactless Reader. Windows based system which
verifies the contactless has not been broken and provides information read from the contactless portion of PIV Card.
– Used by all 170 sites.– Valuable tool used everyday at every site.– To download go to:
– http://members.cox.net/pivprogram
Federal AviationAdministration
11
Contactless Reader (Screenshot)
Federal AviationAdministration
12
Additional Systems
• PIV Authoritative Database (PAD)– The PAD is the official FAA repository of all PIV Cards
issued.– The data from the system is shared with both Physical
and Logical Access.– When an FAA PIV Card is cancelled or suspended
access to FAA Physical and Logical systems is automatically revoked within 15 minutes.
Federal AviationAdministration
13
Additional Systems
• PIV Authoritative Database (PAD)– When other agency PIV Cards are cancelled or
suspended access to FAA Physical and Logical system is automatically revoked within 8 hours. This timeframe is configurable.
Federal AviationAdministration
14
Federal AviationAdministration
15
Forgotten PIV Cards
• Employees will be issued a Temporary PIV Card. When issued, their existing PIV Card will automatically be suspended.
• Temporary PIV Card can immediately be used for Physical Access and any usage of the PIV Authoritative Certificate.
• Signing and Encryption certificate are not available on the Temporary PIV Card.
• Once Temporary PIV Card is returned the employees PIV Card is reinstated.
Federal AviationAdministration
16
Forgotten PIV Cards
• Temporary PIV Cards are re-usable.
Federal AviationAdministration
17
Issues
• Readers/Cards• Some PIV Cards will work in one reader but not
another.• They always work in the SmartTerminal ST-1044 by
Cherry.• Electromagnetically Opaque Sleeve.
• Cost of the holder and the issues it causes for employees using the PIV Cards.
Federal AviationAdministration
18
Issues
• Long Names• Should be resolved in FIPS 201-2.
• Fingerprint Capturing• Should be resolved in FIPS 201-2 with IRIS scanning
included.
Federal AviationAdministration
19
FAA PACS
• The FAA has 1100 facilities.• The FAA has 100 sites PIV Compliant.• Planning has already begun to PIV enable an additional
500 sites.• The remaining 500 sites are under consideration in
making PIV Compliant.• Average 3-5 employees per site.• May not be cost effective• These sites are Security Level 1 Facilities.
Federal AviationAdministration
20
FAA PACS
• We use Pegasus P2000.• FAA HQs will begin using PIV Cards in early June.
Turnstiles are installed and going through final testing.• Handheld devices will be used for entry to garage.
MicorFlex CE32408. Codebench software configured with the P2000.
Federal AviationAdministration
21
FAA LACS
• Domain Controller Certificates issued from PKI.• Network Logon has been completed. Implementation is
in process.• Office of Security & Hazardous Materials Safety
(approximately 470 employees) use PIV Cards exclusively for Network Logon and internal Web Applications.
Federal AviationAdministration
22
Federal AviationAdministration
23
Contacts
• For more information or to arrange for demonstrations of the FAA systems please contact:• Ed Ebright
• [email protected]• 202-439-7091
• Guy Davidson• [email protected]• 202-359-3638
Federal AviationAdministration
Questions & Answers
