Federal ICAM Information Sharing Day and Vendor Expo

The Federal Identity, Credential and Access Management Subcommittee Announces the ICAM Information Sharing Day and Vendor Expo

On November 27^th, the Identity, Credential, and Access Management Subcommittee (ICAMSC) will hold the ICAM Information Sharing Day and Vendor Expo. The focus of this ICAM Information Day and Vendor Expo will be the use of PIV credentials in systems such as Physical Access Control Systems (PACS), Logical Access Control Systems (LACS), mobile devices and cloud services. The participating vendors will demonstrate their latest information assurance and security products and services related to the use of the PIV.

LOGISTICS/VENUE INFORMATION  

The ICAM Information Day and Vendor Expo will be held on November 27, 2012 in coordination with the Smart Cards in Government Conference which will be held November 28^th – 30^th at the following location:

Washington Convention Center
801 Mount Vernon Place Northwest, Washington, DC 20001

There will be no fee for federal employees and contractors with PIV attending the ICAM Information Day event.

REGISTRATION INFORMATION

Those attending ICAM Information Day and Vendor Expo should register at the following site: www.GovSmartID.com

AGENDA

Please note that the agenda is subject to change.

Timeframe	Description	Speaker
9:00 – 9:15	Welcome and Opening Remarks	Deb Gallagher (GSA) and/or Paul Grant (DoD)
9:15 – 10:00	Keynote Address: Enabling CAC/PIV in a Mobile Government Workforce	Rob Carey (DoD)
10:00 – 12:00	Opening of the Vendor Exhibits
12:00 – 12:30	Lunch break (lunch not provided)
12:30 – 1:00	Security Policy and Standards for Use of Mobile Devices on Federal Networks	Carol Bales (OMB)/ Donna Dodson (NIST)
1:00 – 1:30	Expectation of PIV use with Logical Access Systems	Bill Erwin (DoD)
1:30 – 2:00	Expectation of PIV use with Mobile Devices	Deb Gallagher (GSA)
2:00 – 2:30	Expectation of PIV use with Physical Access Systems	Will Morrison (FAA)
2:30 – 3:00	Afternoon Break (vendor exhibits will remain open)
3:00 – 3:15	FIPS 201-2 Status	Hilde Ferraiolo (NIST)
3:15 – 3:30	Update on FY FISMA Metrics for PIV Use	Glen Lee (DOE)/ Rajeev Pillai ( GSA)
3:30 – 3:45	Trust Framework Update	Anil John (GSA)
3:45 – 4:15	Open Discussion	Deb Gallagher (GSA) and/or Paul Grant (DoD)
4:15 – 4:30	Closing Remarks	Deb Gallagher (GSA) and/or Paul Grant (DoD)

FIPS 201 Evaluation Program Industry Session Followup

The industry feedback day was very well attended, and we thank everyone for the constructive feedback you provided. Below is a recap of the main points that were touched upon during the session:

• Interoperability: GSA will be re-orienting the program to focus on the intent of HSPD-12; which includes both security and interoperability considerations for federal agency identity management implementations. This may require that existing categories be refined or deleted and new categories created to make them more understandable and relevant. New system/subsystem categorizations may also be required in order to form the basis for interoperability testing requirements.
  
  
• Standards & Specifications: With concurrence from both NIST and OMB, a Requirements Traceability Matrix that includes interoperability will use FIPS 201 as a starting point for conformance, but will also leverage the FICAM Roadmap and Implementation Guidance as well as additional relevant material to develop the interoperability requirements.
  
  While it will take some time to fully implement; we’re going to start identifying the minimum appropriate infrastructure subsystems and boundaries to support both PACS and LACS implementations, since a single PIV Card must work across both environments. The identification of subsystem-to-subsystem interfaces going forward can form the basis for developing the specification for each interface which in turn should drive standardization and interoperability.
  
  
• Industry/Lab(s) Interaction Process: Industry would like more visibility into the evaluation process, and to speed the certification process wherever possible. Vendors would like better definition of when product re-testing is required, especially when new standards are introduced (e.g., upcoming FIPS 201-2). The industry seemed to be open to new Lab involvement and even a mix (LACS, PACS, and Interoperability) going forward if it will speed up the process and reduce contracting complexity.
  
  GSA will also consider if and where vendor self-attestation might fit within the program evaluation process.

While we address the above in the medium to long term, there was concurrence that while the GSA APL continues to be a great starting point, improved categorization and additional information about product compatibility would enhance its utility for our Agency Customers in the near term. We will be looking to see how to make this possible.

Our next step is to hold an Agency Session on Tuesday, June 19 (9 a.m - 12 p.m. EST) at GSA OCS, 1275 First Street NE, DC (NY Ave Exit - DC Metro Red Line) to gather feedback from our Agency Customers. An invitation has already been extended to Agencies through their representatives to the ICAMSC and FPKI Working Groups. If you are an Agency representative interested in attending this session, please contact me [chi.hickey (at) gsa (dot) gov] for details.

:- by Chi Hickey

Feedback on the GSA FIPS 201 Evaluation Program

The GSA FIPS 201 Approved Product List (APL) is the US Government's trusted source of information for Federal Agencies about products and services that are compliant to Federal policy, standards, guidelines and technical specifications. The Office of Management and Budget (OMB) has directed Federal agencies to purchase only products and services that that are on the APL for implementation of HSPD-12.

The GSA Office of Government-wide Policy (OGP) authorizes and is the approval authority of Labs that evaluate products and services for compliance with FIPS 201.

To date, Lab testing has been on an individual component basis to determine conformance to specifications and standards. While this has served us well in the past, as we have matured and implemented the HSPD-12 initiative across agencies, it has become clear that the evaluation and testing goals for the APL need to evolve to address the changing needs of our customers.

In particular, conformance to specifications and standards, while essential, is just the first step in putting together a set of components that work together in an interoperable manner. To that end, we are currently undertaking a top to bottom review of the FIPS 201 T&E Process and will be working in partnership with our Agency Customers, NIST, testing labs and other stakeholders to determine the way forward that preserves the progress made to date, while looking to provide a more comprehensive out-of-the-box interoperable experience for products on the APL.

We are setting up a series of facilitated half day sessions to engage with and get input from Agency as well as Industry (Vendors/Labs/Other) Stakeholders on how we can work together to add to the value of the FIPS 201 testing and certification process.

The Industry session has been scheduled for Thursday, June 7 (9 a.m - 12 p.m. EST) at GSA OCS, 1275 First Street NE, DC (NY Ave Exit - DC Metro Red Line). If you are interested in attending this session, please contact Chi Hickey [chi.hickey (at) gsa (dot) gov] for details.

:- by Deb Gallagher