PIV Interoperability for Non-Federal Organizations
After the events of September 11, 2001 the Homeland Security Presidential Directive 12 (HSPD-12) introduced Federal Information Processing Standards (FIPS 201) and Personal Identity Verification (PIV) requirements to enhance trust in interactions and transactions that occur in the federal environment.
As the PIV initiative progresses, PIV interoperability has become an essential requirement for commercial enterprises that interact with federal government agencies on a daily basis. Non-federal issuers of identity cards need to produce employee identity cards that can interoperate technically with federal government PIV systems and can be trusted by federal government relying parties (e.g., via cross-certification). However, the PIV card standard is limited in scope to the federal government and has several requirements that only the federal government community can address.
In response to these interoperability requirements, the Federal Chief Information Officers (CIO) Council defined standards for PIV-interoperable cards for non-federal issuers during its April 2009 meeting, whereby a PIV-interoperable identity card is defined as a card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued in a manner that allows federal government relying parties to trust the card. (For more details about the standards, see “Personal Identity Verification Interoperability for Non-Federal Issuers,” issued by the Federal CIO Council, May 2009; www.cio.gov.)
Several federally sponsored PIV-interoperable programs already exist. The programs include the First Responder Authentication Credential (FRAC), the Transportation Worker Identity Credential (TWIC™), and the Aviation Credential Interoperability Solution (ACIS). Many other programs are in development with the same desired goal of technical interoperability and trustworthiness in the federal government PIV environment. Examples of commercial companies with PIV interoperability are Northrop Grumman, Raytheon, Boeing, EADS, CSC, and Lockheed Martin.
To address the newly defined PIV-interoperable card standards, ActivIdentity has modified its ActivID™ Card Management System, which is used in conjunction with its ActivClient™ security software. Many customers deploying the ActivIdentity PIV-interoperable credential management solution are also leveraging the ActivIdentity PIV+ applet, which enables public key infrastructure (PKI) -based access control as well as one-time password-based authentication on a single PIV-interoperable identity card. The ActivIdentity PIV+ applet together with the ActivID Card Management System and ActivClient are part of the government-approved product list.