Using FIPS 201 and the PIV Card for the Corporate Enterprise
Corporate enterprises have always required employees to carry cards or badges that verify the employee’s identity and allow the employee to access enterprise resources. However, changes in both the regulatory environment and the amount of risk that enterprises face from unauthorized access are driving executives to reevaluate their identity management practices. How should a potential employee’s identity be verified? How can corporate security ensure that only authorized employees have access to facilities, enterprise networks, and computers? How can authorized employees use identity credentials to access enterprise resources easily and efficiently?
Establishing a robust identity management framework within an enterprise requires both the implementation of new business processes and the selection of appropriate credentialing technology. While there are many approaches to enterprise identity management, industry and government have worked for over 10 years to develop both a standardized identification process within the government and specifications for proving an individual’s identity and providing individuals with a secure identity credential. The process and technical specifications, which are now being implemented throughout the Federal Government, are documented as Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. This standard provides an identity management framework that enterprises should regard as a best practice in the design and implementation of their own identity management programs.
This white paper provides a high level overview of FIPS 201 and a summary of the benefits of considering this standard as a starting point for achieving identity assurance and access control across the corporate enterprise.
About the Smart Card Alliance Identity Council
The Smart Card Alliance Identity Council is focused on promoting the need for technologies and usage solutions regarding human identity information to address the challenges of securing identity information and reducing identity fraud, and to help organizations realize the benefits that secure identity information delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.
About the Smart Card Alliance Physical Access Council
The Smart Card Alliance Physical Access Council is focused on accelerating the widespread acceptance, usage, and application of smart card technology for physical access control. The group brings together, in an open forum, leading users and technologists from both the public and private sectors and works on activities that are important to the physical access industry and that will address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software and reader vendors; physical access control systems vendors; and integration service providers.
Identity and Physical Access Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.