OMB memo mandates FIPS 201 compliance for all new systems
When the White House Office of Management and Budget released a memorandum in February mandating that all agencies to start using the FIPS 201 PIV credentials for physical and logical access, it was met with mixed responses.
Vendors and consultants cheered. The credentials would finally be used for more than a flash badge and new contracts were in site. Agencies, however, bemoaned another unfunded mandate. Agency sources say it’s 2005 all over again referring to the original HSPD-12 document that mandated credential issuance with no additional budget.
Agencies were required to submit plans on how they would implement PIV-enabled systems by the end of March, and all new physical and logical access systems under development following the memo’s release must be PIV-enabled.
There are 614 words in the rest of this article …
Library Access Required
Library subscribers have access to the full archives of more than 10,000 original news items and feature articles published by AVISIAN’s suite of ID technology publications (ContactlessNews.com, CR80News.com, DigitalIDNews.com, FIPS201.com, NFCNews.com, RFIDNews.org, SecureIDNews.com, and ThirdFactor.com).
For just $49, you receive unlimited password-protected access to content on all of AVISIAN’s sites for an entire year. Your subscription helps fund the continued creation of independent, insightful content. Find out more.
Sign in as a Subscriber
If you are already a subscriber, you may sign in now. Enter your Email Address and Password and click Sign In.
If you have forgotten your password, enter just your Email Address, and click Send Password.
The PIV card is stupid for most situations involving computers--one must wonder which political contributors benefiteed from the additional government expense. A person needs the ID to get in the building. Then they have to stick the card into the computer to sign on. How many people could get at the PC before with a password? Now many people forget to remove the card when they leave their desk--so both card and PC are vulnerable. This introduces additional risk rather than removing it. And personally identifying information is on the card. Some people, to avoid messing with the extra steps and delay of the card just turn off their monitors to make it appear they locked the computer when taking a short time away from the desk rather than locking it. A considerable amount of time is wasted while the PIV cards are read for sign-in, while they must be reset if they cease to behave properly. It is unclear that, within a standard civilian agency where most people need lower security, that this is worth the extra tax dollars.
Seams like a great idea that would be better suited for use with a RFID card rather than a smart card.
"Agencies, however, bemoaned another unfunded mandate." regarding the OMB Memo calling for use of PIV Credentials for their intended purpose is almost laughable. For those Agencies who have representatives calling the directive and unfunded mandate have the wrong staff representing the agency and taxpayer economic interest. The Return on Investment to the Agency, to the Agencies Business Processes, to Employees and Citizens Privacy, and to the Agencies Security far outweighs the cost of the implementation of the services.