17.1 - Interagency Acquisitions, Interagency Transactions, and ...
Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed...
Transcript of Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed...
![Page 1: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/1.jpg)
Interagency Advisory Board Meeting Agenda, Wednesday, July 27, 2011
1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. A TWIC Program Status and Update (John Schwartz, TSA)
3. CAC/PKI Logon to Warriorgateway.org (Devin Holmes, Warrior
Gateway)
4. A Federal Security Professional PACS Perspective since the Signing of HSPD 12 (Ron Martin, HHS)
5. Closing Remarks (Mr. Tim Baldridge, IAB Chair)
![Page 2: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/2.jpg)
A Federal PACS perspective since the
signing of HSPD 12
From head-in-the-sand to the AWAKENING!
Ron Martin, CPP
![Page 3: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/3.jpg)
Physical Security View of IT interference with system design
![Page 4: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/4.jpg)
Initial Convergence Cooperation Between IT and Physical Security
Less Today than Yesterday
![Page 5: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/5.jpg)
OVERVIEW
“…we must have a human to technological mix to perform the security mission of the future...”
Convergence is more than the joining of Physical Security and Information Technology
It will touch all of us
Ron Martin, CPP PSTN Interview 2002
![Page 6: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/6.jpg)
Keeping up with the ”state of the art” in terms of new technology, new concepts, new studies, changing laws, and industry trends is a very personal as well as a professional necessity, especially for those in leadership roles.
![Page 7: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/7.jpg)
SIA Government Sales Summit - June 2005 50
What ‘s A Stovepipe System?
A Stovepipe System ties up the activity of the system from bottom to top. – It prevents information exchange at
intermediate levels – It prevents component substitutions from
other sources – It limits innovation and defers product
improvements
![Page 8: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/8.jpg)
SIA Government Sales Summit - June 2005 51
Standards Break Stovepipes Apart
Many Existing Standards For Interconnection Of Field Devices But Some Work Still Needed
Interfaces To Edge Devices Are A Current Focus
Standard Middleware Application Interfaces and Infrastructure To Meet System Architecture Requirements
Head-end Application Interfaces Where Needed for Provisioning, User Interfaces
User Interface
Shared IT Resources
Infrastructure & Middleware
Edge Devices
Field Devices
![Page 9: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/9.jpg)
NT + OP = EOP
20%
80%
Hardware/Software Storage
IDMS Services
Application Integration
Defining functional/business
requirements
Defining Business Architecture
Creating new policies where
needed
Determining laws, regulations, mandates
to be followed Identity Management is a broad capability
and requires an integrated solution
Reviewing policies
Determining budget requirements
Entity Management Credentialing
Access Management Facilities
Components of the Process
Policy, Planning,
Politics and Management
Technology
![Page 10: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/10.jpg)
FIPS 201
CONTROL MEASURES
The Three Sides of HSPD-12
PIV - 1
Accreditation
Compliance
Conformance
Physical
Logical
POLICIES
![Page 11: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/11.jpg)
Systems
Technology
Laws, Policies, R
ules
Processes HSPD-12
Federal Information Security Management Act
FIPS 201
![Page 12: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/12.jpg)
Physical Security & OCIO Responsibilities
Ensuring the development of a baseline solution that meets FIPS 201 compliance
Ensuring entry control points or general access to Agency facilities comply with HSPD-12
Identifying and offering common solution options that leverage economies of scale
Provide security training courses
Assisting with the rollout of CMS & IDMS
Centralized reporting to OMB
General Responsibilities
Developing a Bureau implementation plan that meets OMB’s due dates and FIPS 201 requirements
Processing Investigations
Establishing controlled access at Level 3, 4 & 5 facilities
Purchasing and maintaining future PCIF equipment (fingerprint & card readers etc.)
Participate in HSPD-12 Working Group meeting and reporting Bureau progress
RESPONSIBILITIES
Convergence must start within the Department
2006 Discussions
![Page 13: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/13.jpg)
![Page 14: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/14.jpg)
Copyright © 2011 Deloitte Development LLC. All rights reserved. 57 Confidential and Proprietary
HSPD-12 Policy Retrospective “As promptly as possible... the heads of executive departments and agencies shall… require the use of identification by Federal employees and contractors that meets the Standard in gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems.”
– Homeland Security Presidential Directive 12 (HSPD-12), August 27, 2004
“[For] Risk Based Facility Access – Use the appropriate card authentication mechanism… with minimal reliance on visual authentication.” “Compliance with the Standard requires the activation of at least one digital certificate on the identity credential for access control. Agencies must require the use of the identity credential for system access.”
– OMB M-05-24, August 5, 2005
“We want to ensure business processes are being followed in order to foster the trusted environment needed for the credentials to be accepted by Departments and agencies...”
– M-07-06, January 11, 2007
“If your agency has not already completed its plan for incorporating the use of PIV credentials with physical and logical access control systems, we ask you to ensure these plans are developed as soon as possible and in coordination with officials from your agency’s personnel, physical security, budget, and other appropriate offices.”
– OMB Guidance for HSPD-12 Implementation, May 23, 2008
“The target state … reflects full implementation of the PIV card for electronic physical access for employees and contractors ...” “In the target state... it is intended that agencies will leverage the various capabilities of the PIV card, particularly the PIV authentication digital credential, to grant access to applications at all levels of assurance.”
– FICAM Roadmap and Implementation Guidance, November 19, 2009
2004
2005
2006
2007
2008
2009
2010
![Page 15: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/15.jpg)
Copyright © 2011 Deloitte Development LLC. All rights reserved. 58 Confidential and Proprietary
NIST Workshop : first call for industry solutions
HSPD-12 Retrospective Part two
OMB Requires the use of the Approved Products and service provider lists
– OMB Guidance for HSPD-12 M-06-18
M-10-28 gives HSPD-12 Authority for Implementation to The Department of Homeland Security -OMB issues Continuing Guidance for the Implementation of HSPD-12 M-11-11
2004
2005
2006
2007
2008
2010
2011
NIST Cooperative Research and Development Agreement (CRADA) Second Call for Industry solutions
![Page 16: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/16.jpg)
Compendium of Standards
![Page 17: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/17.jpg)
CONVERGENCE SUBCOMMITTEE
Interagency Security Committee (ISC)
E. O. 12977
The convergence subcommittee develops mechanisms to support Federal agencies' integration of information management controls with security programs.
![Page 18: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/18.jpg)
CHARTER
Mission
• To provide agencies with mechanisms to support security programs while integrating controls.
Scope • Develop specific strategies with accompanying
templates that will enable the agency’s physical security specialist to assess, plan, procure, budget, evaluate and accredit programs and systems.
![Page 19: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/19.jpg)
PACS Reality Check
“…The Physical Access Control System is a significant security component of any enterprise. These systems are an inherent and essential part of the overall security protection environment and must be interfaced to the enterprise Identification Management System (IDMS) and a Card Management System (CMS) to provide full HSPD-12 interoperability and FIPS 201-1 compliance. ..”
Ron Martin, CPP April 2007
The PACS is an Application that resides on the organization’s enterprise. It therefore must adhere to all of the Logical Access Control protocols.
![Page 20: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/20.jpg)
A PACS Model from SP 800-116 Unrestricted, Controlled, Limited, Exclusion
•Controlled
•area
•Limited
•area •Exclusion
•area
•Facility services
•Admin
•Buildings
•HQ
•Lab
•Space •Trade Secret
•Access
•Point
•A
•Access
•Point
•B
•Access
•Point
•C
•Controlled
•area •Limited •area
•Exclusion
•area
•Facility services
•Admin
•Buildings
•HQ
•Lab
•Space Very Important stuff
•Access
•Point
•A
•Access
•Point
•A
•Access
•Point
•B
•Access
•Point
•B
•Access
•Point
•C
•Access
•Point
•C
Unrestricted Area
Important stuff Stuff
![Page 21: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/21.jpg)
Traditional Architecture Relationships
Identifies User Functional Requirements
Provides Common Specs and Standards
IDs New Technologies
“What we do”
“Specs we use”
VIEWS
“How we do it”
A1 C
omma
nd &
Con
trol IN
BN
Ops
A1.1
Exec
ute I
N BN
Miss
ions
A1.1.
1 Com
mand
IN B
N
A1.1.
2 Con
trol T
actic
al Op
s
A1.1.
3 Main
tain U
pdate
d En
emy S
ituati
onA1
.1.4 C
oord
inate
Effec
ts fo
r Cu
rrent
Ops
A1.1.
5 Main
tain S
U/CO
PA1
.1.6 A
dvise
& A
ssist
BN
CDR
A1.2
Plan
s & C
oord
inates
Co
mbat
Ops
A1.2.
1 Plan
Futu
re O
psA1
.2.2 C
oord
inate
Curre
nt
Ops
A1.2.
3 Main
tain S
U/CO
P
A1.3
Coor
dinate
CSS
A1.3.
1 Sup
ervis
e Rea
r CP
Ops
A1.3.
2 Coo
rdina
te Lo
gistic
s Su
ppor
t
A2 P
rovid
e CS
& CS
S
A2.1
C2/S
ustai
n HHC
Ops
A2.1.
1 Plan
s HHC
Ops
A2.1.
2 Dire
cts H
HC O
ps
A2.1.
3 Main
tain S
u/COP
A2.1.
4 Sus
tain H
HC O
ps
A2.1.
5 Sup
port
BN C
P Op
s
A2.2
Prov
ide
Comm
unica
tions
A2.2.
1 Rec
eive D
irecti
on
ABCSAllow automated database updating
ABCSDisseminate tailored, initial and updated geo-spatial
ABCSEstablish Common Database (Common
ABCSImplement bandwidth conservation measures
ABCSProvide Command and Control on the move
ABCSProvide Commander with a multi-level secure,
ABCSProvide Commander with accurate battlefield
ABCSProvide Commander with timely battlefield situational
ABCSProvide Commanders the capability to input CCIRs
ABCSProvide Common Look and Feel in HW/SW for every
ABCSProvide for continuity of operations due to planned
ABCSProvide VTC and Whiteboard capability for
System Functions
OPERATIONAL
TECHNICAL SYSTEM
Relates System Elements And Capabilities To Operational Requirements
![Page 22: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/22.jpg)
M-11-11
Office of Management and Budget (OMB) Memorandum M-11-11, issued on February 3, 2011, provides additional guidance for agencies in the continued implementation of HSPD-12.
It requires that agencies designate a lead official for ensuring issuance of a policy requiring the use of the PIV credential as the common means of authentication. Additionally, an agency’s policy must include the following requirements: • All new systems under development must be enabled to use PIV credentials prior to being made
operational. • All existing physical and logical access control systems must be upgraded to use PIV credentials prior to
the agency using development and technology refresh funds to complete other activities. • Procurements for services and products involving facility or system access control must be in
accordance with HSPD-12 policy and the FAR. • Agencies must accept and electronically verify PIV credentials issued by other
federal agencies. • Agencies implementations must align with the Federal Identity, Credential, and Access Management
(FICAM) Roadmap and Implementation Guidance.
![Page 23: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/23.jpg)
INTEROPERABILITY VERSION 1 CONCEPT
2005 NIST Discussion
![Page 24: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/24.jpg)
67
Credential Management Systems Architecture Design
![Page 25: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/25.jpg)
Visitor PIV, CAC, Card Holder Driver Lic, Passport
Visitor Groups
Visitor Check-in Certificate Check,
Biometric & Picture (optional)
Physical Convergence Management
Sponsor Request Portal
Convergence Server
Card Provisioned in
PACS
Unescorted Access
Visitor Badge Issued
CRL 1 (DOD)
OCSP Check
CRL 2 (Federal Bridge)
CRL n (Other)
Cert Issuer to CRL Mapping
Escorted Access
Per Policy
Visitor Kiosk
Future
OMB M-11-11 Requirement
Identity Store
LACS
![Page 26: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/26.jpg)
69 U.S. Department of Health and Human Services
Conceptual System Architecture – Department View (Waterfall)
Identity Verification
Enrollment Visitor Mgmt
Short-term Foreign National Visitors
Virtual Directory Services
Unique Person Identifier Service
Role Mgmt (Future)
Identity Management
Services
Credential Management
Services
Issuance (PIV, HHS PIV-I)
Sponsorship - Identity and Access Administration
People Management – EHRP, OPDIV systems (NED, CDC Neighborhood, etc.)
Access Management
Logical Physical
Post Issuance Support
Identity Lifecycle Services
Directory Services
Role Management
Services
Provisioning Services
Account Provisioning
Credential Provisioning
![Page 27: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/27.jpg)
70
Certificate Validation for non-HHS Smart Cards
OCSP
FBCA
Independent PACS
CDC
Credential Provisioning and Gateway Service
COTS Connectors
SCMS Services
Enterprise PACS
FDA
NIH
PSC HQ Industry Bridges HHS
IHS
AHRQ
CMS
Credential Provisioning and Gateway Service (Close up)
![Page 28: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/28.jpg)
71
Current State PACS
Client Server with PACS
Software/Database
Multi Door Controller
Contactless PIV Reader
Reader Interface
![Page 29: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/29.jpg)
72
End State PACS Option A
Option B
Multi Door Controller with local certificates (updated daily)
Contactless PIV Reader
Reader Interface
Smart Reader Interface (to verify certificates)
Multi Door Controller
Contact PIV Reader
![Page 30: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/30.jpg)
73
Enterprise End State
Server with PACS Software/Database Client
Multi door Controller
Contactless PIV Reader
(CAK)
Reader Interface
![Page 31: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/31.jpg)
Card Authentication Key (CAK)
• The Asymmetric CAK optional now; mandatory soon (FIPS 201-2)
• CAK is read contactless • Can be handled in the same manner as the PIV
Authorization Certificate • The Symmetric CAK can be use locally
![Page 32: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/32.jpg)
Card Authentication Key (CAK) Security Considerations
• The security of the device hosting the authentication
• The location where authentication is performed • The data available to the authentication process • Added processing power to execute the
authentication
![Page 33: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/33.jpg)
Card Authentication Key (CAK) Cost Savings
• Few to Many • Comparison of the cost to apply
authentication to servers vs. many readers • Hosting in servers conform to cloud
computing
![Page 34: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/34.jpg)
ICAM Target Vision
As part of complying with OMB M-11-11, agencies will need to bring their implementations into alignment with the architecture and direction found in the FICAM Roadmap and Implementation Guidance. Key features of the anticipated target state include: • Increased automation and streamlining of business processes • Establishment of authoritative sources for identity data and the capability
to exchange that data between systems • Full implementation of PIV credentials for employees, contractors, and
affiliates accessing physical and logical resources • Creation of enterprise-wide ICAM services to eliminate redundancy • Adoption of standards and commercially-available products • Increased emphasis on high levels of identity assurance • Improved trust and interoperability across agencies and with external
communities • Enhanced capabilities for handling external users • Protecting privacy in all process and system improvements
![Page 35: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/35.jpg)
The enterprise PACS is depicted as a piece of the larger Security Management System (SMS), which has interconnections with other physical security elements.
FICAM Recognition
•Fire Alarm Systems
•Video Surveillance (Closed Circuit Television)
•Short-term visitor MGT
•Intercoms and Emergency Management Notification
•Security Officer touring
•Intrusion and explosive detection systems
![Page 36: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/36.jpg)
•END-USERS
•INTEGRATORS
•ROLE RESULT
•SOLUTIONS
•MANUFACTURERS •PRODUCTS
•REQUIREMENTS
•TO
MEE
T O
R S
ATIS
FY
•TO
SPE
CIFY
The implementation of M-11-11 is applicable to end-users, integrators/solution providers and manufacturers/developers
![Page 37: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/37.jpg)
I AM EXCITED NOW!!!!
![Page 38: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/38.jpg)
HSPD – 12
Resistance is Futile!
LOGICAL & PHYSICAL ACCESS WILL BE ASSIMILATED INTO THE SMART CARD!
MARCH 2006
![Page 39: Interagency Advisory Board (IAB) MeetingBusiness Architecture Creating new . policies where . needed . Determining laws, regulations, mandates . to be followed . Identity Management](https://reader034.fdocuments.net/reader034/viewer/2022050111/5f4875706762177f1f118c20/html5/thumbnails/39.jpg)
R. Martin, CPP
M-11-11: Normatively referenced SP 800-116 and The FICAM Roadmap FIPS 201: FIPS 201-2 “the Standard” will be revised to include Physical Access Requirements FICAM PART “B” Phase 2 and FIPS 201-2 will be finished CY-2011