Putting strengths of PIV cards to work help agencies achieve ROI
White Paper
By Robert Brandewie
SVP Public Sector Solutions ActivIdentity
Once federal agencies have set a course for issuing and managing Personal Identity Verification (PIV) cards, they must draw on the strengths of the smart card – network authentication, single sign on, digital signature and data protection and encryption – to stimulate their use, capitalize on the security enhancements that the cards can bring and increase the agency’s return on investment (ROI).
“CIO’s must use their ingenuity and business acumen to match these new capabilities to realworld business problems in their organization – thereby maximizing the returns for their agency,” said Jason Hart, CEO at ActivIdentity.
As it turns out, the difficult march toward adopting an in-house solution, a managed service option or an outsourcing approach to rolling out smart cards in the face of HSPD-12, is only half of the battle.
HSPD-12 “means the use of a single token (PIV Card) to access federal facilities and to log onto federal information networks,” says Philip Lee, a partner at the Identity Alliance.
Getting workers to overcome lingering resistance and actually use the cards is another struggle altogether – one that requires finding a compelling application or two that make cardholders keenly aware of the value of their smart card – and also solves pending security issues for an agency.
Today’s cards feature a number of capabilities that can increase their value in an agency and make workers want or need to use them.
Network Authentication
Determining whether a user is who he or she claims to be when trying to access a network has never been easier than with PIV cards. Instead of users having to remember long, complicated passwords that change every 30 days or so, required authentication information is carried in a protected mode on the card.
The most cardholders have to do is remember a personal identification number (PIN), much easier because the number is shorter than a password, rarely changes and can be used for all enabled applications.
This helps boost security, too, by eliminating the likelihood that users will jot down passwords and other security information on a sticky pad. The results can be stunning. Using common access cards to support its Public Key Infrastructure (PKI) initiative, the Defense Information Systems Agency (DISA) has already seen a dramatic downturn in successful network attacks.
Similarly, the number of help desk calls should decline since users don’t have to remember or regularly change their network password.
Application Authentication and Single Sign On
Widespread use of smart cards also make it possible for agencies to set up single sign on privileges for workers. “It’s basically the end of user authorization,” says Hart. “Once you’re on, you’re on.”
Single sign on provides a secure store of user name and passwords that can be stored on the smartcard – protecting them and requiring another factor for authentication. Used this way, single sign on can serve a bridge technology - providing increased security for legacy applications while they are modernized with more secure access methods like PKI.
Printer Authentication
Despite establishing stringent security policies and specific guidelines for handling sensitive information, agencies face continuing challenges as technology improves. One relatively new area of concern is the increasing capabilities of printers to scan, print and even forward information. These multifunction printers provide great productivity enhancements but can present a challenge for protection of sensitive information. In addition, documents containing privacy related or other sensitive data are often sent to unsecured, shared printers.
Using PIV cards can help staunch the flow of sensitive information to printers and beyond. User identities are authenticated using the card and the worker can only access the device or perform a function if authorized. In addition, audit files are generated that allow management to review transactions to ensure compliance with agency regulations.
Printer manufacturers are already working smart cards into the equation. For instance, Hewlett- Packard recently announced that its printers now had these capabilities and would require smart card based authentication before printing, emailing or scanning a document.
Data Protection and Encryption
Much of the strides in data protection and encryption have focused on data in transit. But as many agencies have learned sensitive data is often in jeopardy when data is at rest in a laptop computer or other mobile device that has been lost or stolen.
The names and Social Security numbers of state employees in Ohio recently went missing on a back-up tape that was stolen out of the unlocked car of an intern. And remediation can be expensive – involving extensive investigative resources, outreach to the people who may have been impacted, and even buying identity theft protection for those affected.
But technology is available that ties encryption to PIV cards and lets workers use the cards in combination with data at rest encryption software to protect the information. “This new technology adds another level of security, another factor for authentication while protecting the privacy of any customer and the confidentiality of an agency’s business data,” says Hart.
The ActivIdentity Difference
ActivIdentity can help agencies put the inherent strengths of PIV cards to work, stimulate user adoption of the cards and realize a greater return on their investments. ActivIdentity offers a Smart Employee ID for PIV solution that includes the ActivIdentity market-leading ActivClient® middleware, ActivID™ Card Management System (CMS) and SecureLogin® SSO. ActivIdentity is an acknowledged pioneer in the area of secure identification and authentication.
Robert Brandewie has more than 30 years of identity strategy and policy development experience. Prior to joining ActivIdentity as SVP Public Sector Solutions, Robert served as Director of the Defense Manpower Data Center (DMDC) and was architect of the Common Access Card system (CAC) for the Department of Defense.
More information
HSPD-12: Does PIV work for you? On-demand webinar
- Get a fresh perspective on Identity challenges and HSPD12, and learn about ways to use PIV cards that achieve greater security. View this on-demand webinar
Contact ActivIdentity Sales
Related PIV / HSPD-12 solutions
Related products
Register for the
