Wave Systems Corp. (fka WAVXQ)

[goin fishn]

Govt PIV Cards use applets and biometrics

From an 1/25/06 interview with Jim Schoening, GSA Smartcard Project Manager. It is a Q/A format

Whole interview is found here:

http://appserv.gcn.com/forum/qna_forum/38060-2.html

Some hilites


Falls Church, VA: PIV is a great challenge to agencies but of the two classes of individuals, employees and contractors, PIV card issuance and management is for more complex for contractors. Given that a contractor may work for more that one organization at the same time, has a process been developed to avoid duplication of credential issuance? The same holds for instances where a contractor may be temporarily between engangements because of funding or acquisition process delays. That could lead to revocations and new credential issuance expenses that might otherwise be avoidable. Has any consideration been given to GSA centrally managing contractor PIV credentials? That could reduce the level of effort agencies would expend and allow them to focus just on managing authorization privileges instead of both.

GSA's Jim Schoening:
Each agency is currently required to handle badging issues for contractors they employ. Vendors should complete a NACI equivalent for each of their employees and have them available to provide to agencies so that a badge maybe issued. Each agency may handle how a vendor is badges, it could be a permanent badge or a temporary. The suggestion of GSA handling badging of vendors is a good one and I will submit it for consideration. It would save a lot of money in reducing redundant issuance.



Good suggestion. This appears to be exactly the kind of thing the HSPD-12 IPWG is trying to hammer out. My guess is they would embrace this, although it is up to the agency to decide if they'd agree provide this service. --Rob Thormeyer

*********************************

Washington, DC: What are the minimal components that an agency has to instantiate to be considered HSPD-12 compliant?

GSA's Jim Schoening: Agencies must comply with policy for issuance of PIV cards and must have the ability to authenticate them either as a stand-alone system or part of a physical-access system.

******************************

Kirby McKinney - Pennsylvania: How far down the road of FIPS201 compliancy can an agency currently travel safely? Will cards procured at this time be useless and invalid in the future? Or, if changes are made, can the Applet on the card be upgraded/updated to allow the continued use of the card?

GSA's Jim Schoening: Although FIPS-201 compliant cards may be available soon, the PIV applets have not yet been fully tested. The result is that if cards are issued now you may have a compatibility issue in the future. Depending on the card acquired you may be able to update the applet or you might not. My recommendation is to hold off for awhile, you can proceed to design your card's topology and topcoat laminates.



Sorry if already posted


goin fishn