News : Newsletters : Alliance Member Bulletin : June 2018

Executive Director’s Corner

“THE” Federal Identity Policy in the Spotlight at 2018 Securing Federal Identity Event

Our annual federal identity and access security conference, known as Securing Federal Identity, wrapped up last week in Washington, DC.  Much of the attention at this year’s conference was on the widely distributed document (still unnamed but known as M-18-XX due to its current draft-only status) released for public comment in April by the Office of Management and Budget. After many references to it by keynote speakers from OMB, GSA, DHS, and NIST and the audience during Q&A sessions, the group collectively settled on referring to the document as “THE Federal Identity Policy Document.” This is an appropriate name given its significance in reinforcing the existing identity roadmap under HSPD-12 and shaping the future of identity, credential, and access management for years to come.

It was refreshing and encouraging to see a federal policy document – one intended to replace several older security policy directives and technical reference documents – strongly recommit to the core trusted PIV credentialing standard and use mandates that have been official policy (though not always followed) for more than ten years.  In some cases, the directives could not keep up with the rapidly changing cybersecurity landscape and the technology shifts involving mobile and multi-factor authentication.

“THE” Federal Identity Policy Document embraces the changing cybersecurity landscape and challenges agencies to be accountable to work together to enable innovation by filling the gaps in the specifications, the training and oversight, and the procurement vehicles. It also advocates the use of shared services providers so that each agency does not have to build and operate their own identity ecosystem.   Having these federal identity, credential, and access management leaders present to explain the intent and direction of the new policy was greatly appreciated by the audience of more than 300 registrants and conference speakers, of which more than 50 percent were government employees.

The event was also an opportunity for security industry suppliers and integrators to speak out about some of the challenges they face in implementing what the government asks industry to provide. Procurement challenges, tightened budgets, and deployment of PIV-enabled PACS to work together or side-by-side with non-compliant legacy systems were some of the issues raised.  Other security industry leaders demonstrated how mobile solutions and derived mobile credentials could take the current PIV card into the future with multiple means of secure mobile authentication.  It was a good showing for how government and industry can help each other achieve present and future cybersecurity goals.

Thank you for your support of the Secure Technology Alliance.


New Redesign for Website

A redesigned website for the Secure Technology Alliance was recently unveiled, providing members with new features, targeted content, enhanced search and smarter navigation. The clean, fresh design of https://www.securetechalliance.org includes a significant number of updates:

  • A restructured homepage to reflect the Alliance’s mission, the role it plays in the payments, identity and access markets, and key applications covered by the organization
  • Simpler, more direct navigation throughout the website to provide intuitive access to information and resources
  • A new Knowledge Center, which provides organized and searchable access to all Alliance resources, including white papers, webinars, infographics, FAQs and more
  • Mobile-friendly design that dynamically adjusts to smart phones and tablets
  • A significantly improved site-wide search function
  • Visually appealing graphics and ads on internal pages to promote the latest Alliance conferences, educational events, resources and training programs
  • Information tagging throughout the site, which provides suggested related articles to visitors on internal pages
  • A detailed Education and Training section of the website to draw interest in available programs

Council Highlights

  • Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site
  • The Access Control Council and Identity Council held joint in-person meetings on June 5-6 at the Securing Federal Identity Conference in Washington, DC. Representatives from GSA participated on the first day to discuss the planned September “reverse industry day” agenda; NIST participated on the second day for a detailed discussion of the upcoming revision to Special Publication 800-116, “A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)”
  • The Access Control Council completed the successful webinar series on PIV-enabled PACS implementation, providing a comprehensive workshop covering all aspects of planning, procuring and implementing new PIV-enabled PACS. Recordings of all six webinars are available on the Secure Technology Alliance web site.   The Access Control Council also published a new white paper, TWIC Card/Reader Challenges with Physical Access Control Systems: A Field Troubleshooting Guide.  Members contributing to this project included:  HID Global; Identification Technology Partners; Leidos; NextgenID; and Parsons
  • The Access Control Council and Identity Council collaborated to develop and submit comments on the draft OMB M-18-XX “Strengthening Cybersecurity of Federal Agencies through Improved Identity, Credential and Access Management.” Members contributing to the comments included:  DHS; GSA; HID Global; ID Technology Partners; Identiv; Intercede; Lenel; NextgenID; Parsons; SecureKey; SigNet Technologies; Tyco/Software House; XTec, Inc.
  • The Identity Council continues work on the mobile identity landscape white paper and has several webinars planned to review access control, transportation, banking and other use cases. The next webinar will be in late July
  • The Mobile Council published an update to the white paper, Trusted Execution Environment (TEE) 101: A Primer
  • The Payments Council held a webinar, Contactless Payments: Issuer Benefits and Considerations, on May 31st. A merchant-focused webinar is being planned for later this summer.  The Council has also started to work on a new white paper on biometric payment cards.  The white paper will provide a high-level description of biometric payment cards to educate issuers on functionality and benefits
  • The Transportation Council currently has two active projects: a webinar on mobile ticketing and Near Field Communications (NFC); part two of the payments convergence white paper, focusing on potential barriers to implementation of multimodal payment strategies and suggesting ways of addressing these challenges

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected].


New U.S. Payments Forum Resources

The U.S. Payments Forum Mobile and Contactless Payments Working Committee published a new resource, Contactless Resources: Implementation Considerations and Clarifications.  The document provides clarification on contactless implementation considerations.


Issuer Contactless Payments Webinar

The Alliance Payments Council hosted a successful webinar, Contactless Payments: Issuer Benefits and Considerations, on May 31st.  The webinar had 286 attendees and 488 registrants.  Polls were used in this webinar and produced some interesting results:

  • Of 195 people responding to a poll on stakeholder type, 54% were issuers.
  • Of 140 people responding to a poll on issuance plans, 48.6% indicated that they would be issuing contactless or dual-interface cards within three years (21.4% in one year or less).

Presenters included: Andreas Aabye, Visa; Jose Correa, NXP Semiconductors; Oliver Manahan, Infineon Technologies; Cathy Medich, Secure Technology Alliance; and Jamie Topolski, Fiserv.

A second webinar in the series is being scheduled later this summer to provide contactless implementation education for merchants.


Welcome New Member

  • 9 Point 8

Congratulations CSEIP Recipients

  • Fred Conover, Structure Works Inc
  • Sean Harrison, LS3 Inc.
  • Henry Leahy, LS3 Inc.
  • Omar Lopez, LS3 Inc.
  • Anthony Iovine, Security 101
  • Martin Fletes, Digital Technologies Inc.
  • John Murdock, Total Automation Group

Training, Exam, and Recertification Dates

CSEIP

  • June 19-21, National Center for Advanced Payments and Security
  • July 24-26, National Center for Advanced Payments and Security
  • July 28-30, National Center for Advanced Payments and Security

CSEIP Recertification

The online instructor-led review course is four hours, from 11 AM ET – 3 PM ET. The hour-long exam follows from 3 PM ET to 4 PM ET. Register for one of these upcoming certification dates:

  • July 19
  • August 23

Save the Date

“Securing Digital ID 2018,” a new event from the Alliance, is scheduled for Dec. 4-5 in Alexandria, VA, just outside of Washington, DC. Save the date and look for more details soon!