HSPD-12: the security and compliance challenge

IBM Tivoli Security and the United States Federal Government: HSPD-12

What are HSPD-12 and FIPS 201?

"This new standard will enable federal agencies to issue more secure and reliable forms of identification to better protect federal assets against threats such as terrorist attacks. It also will help safeguard against other risks such as identity theft." -- U.S. Commerce Secretary Carlos Gutierrez

U.S. President George W. Bush signed Homeland Security Presidential Directive No. 12 (HSPD-12) on August 27, 2004, which mandates the development and use of a standard ID credential for all U.S. federal employees and contractors. In February 2005, the National Institute of Standards & Technology released the Federal Information Processing Standard No. 201 (FIPS 201) defining the technical requirements to meet the HSPD-12 mandate, including a common federal smart card credential. There are two "Personal Identity Verification" phases to this deployment:

• PIV-I describes the minimum requirements for a system meeting the FIPS 201 control, security and privacy objectives, including the identity proofing process. PIV-I is to be deployed by October 2005.
• PIV-II provides detailed technical specifications to support the control and security objectives in PIV-I and the details for technical interoperability of PIV cards with the authentication, access control, and management systems across the Federal Government. PIV-II is to be deployed by a date to be determined by the OMB (estimated to be deployed by October 2006).

What role can IBM Tivoli play in helping government organizations comply with this presidential directive?

While the immediate focus is on the specific FIPS credential and physical security requirements, achieving the broader intent of this mandate requires a centralized identity and access management system that can enforce and audit agency policies consistently across all these HSPD-12 solutions, while lowering operational costs.

While the immediate focus is on the specific FIPS credential and physical security requirements, achieving the broader intent of this mandate requires a centralized identity and access management system that can enforce and audit agency policies consistently across all these HSPD-12 solutions, while lowering operational costs.

• IBM Tivoli Identity Manager provides the identity management "backplane" needed across our strong set of partner technologies that comprise a complete HSPD-12 solution. Beyond enforcing this standard, TIM helps agencies meet operational challenges, improve citizen service, and enable more informed decision-making.
• IBM Tivoli Access Manager enforces strong agency-spanning access control policies that leverage these new multi-factor credentials (e.g. agencies must enforce role-based access control to limit contractor privileges).
• IBM Tivoli Federated Identity Manager extends this integrated security infrastructure by implementing Federal E-Authorization standards to secure federated transactions between agencies.

Key Tivoli differentiators

Tivoli's commitment to, and leadership of, industry standards allows us to best support multi-vendor HSPD-12 infrastructures. Tivoli's market-leading identity management platform best provides the cross-organization provisioning and operational efficiencies needed to effectively meet this security imperative and audit compliance cost effectively. IBM's strong partner ecosystem includes a successful, pre-integrated HSPD-12 solution with ActivCard.

Downloads

• HSPD-12 solution sheet (170KB)