Publications – Security
The Smart Card Alliance Identity Council developed this position paper to provide the Alliance interpretation and position on the OMB-defined levels of assurance.
This brief was developed by the Smart Card Alliance Healthcare Council to describe the benefits of smart cards for healthcare applications and to provide a comparison with magnetic stripe cards.
This white paper was developed by the Secure Technology Alliance Payments Council to provide a primer on blockchain technology, discuss use cases that are currently commercially available or being piloted, and discuss the role secure element/smart card technology plays in the different use cases.
This document was developed by the Smart Card Alliance to address questions raised by the media about the security of contactless payment transactions and the risk of fraud to consumers.
- Effective Healthcare Identity Management: A Necessary First Step for Improving U.S. Healthcare Information Systems
Government policy makers are looking carefully at the best ways to improve the efficiency of information systems in the healthcare industry. Much emphasis has been placed on the need for electronic health records for every American, and at ways to exchange those records at the regional, state and national levels. This brief was developed by the Smart Card Alliance Healthcare and Identity Councils to introduce the current problems with healthcare identity management, security and privacy, and propose leveraging existing federal standards and technologies already used in other government identity programs.
- FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
The Smart Card Alliance Identity Council and Physical Access Council developed the summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance to highlight key concepts and to make it more accessible to its target audiences. In developing and publishing the summary, the Smart Card Alliance hopes to expand the audience reading the document and promote its concepts broadly through the identity, credential and access management industry. The summary includes the FICAM segment architecture, as-is and target use cases, and roadmap and initiatives for Federal implementation of the FICAM architecture.
- FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems
This Physical Access Council white paper provides a roadmap to the key specifications that agencies need to consider in implementing FIPS 201-compliant physical access control systems and provides an overview of the key open questions where work is still being done on standards definition and implementation guidance.
- FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience
The Smart Card Alliance Physical Access Council developed this white paper to discuss factors that impact PIV II card transaction performance in PACS applications and provide recommendations on data encoding, user training and installation that can improve the user experience and reduce PIV II card PACS transaction time.
GSA published this guide with contributions from Secure Technology Alliance Access Control Council resources and members. The guide presents the concepts related to Federal Identity, Credential, and Access Management-compliant PACS.
This white paper was developed for healthcare CFOs by the Smart Card Alliance Healthcare Council to outline the key benefits and business case for using smart cards for healthcare applications. The white paper outlines some of the major challenges faced by healthcare CFOs and discusses how smart card technology can provide innovative, practical and cost-effective solutions.
- Healthcare Identity Management: The Foundation for a Secure and Trusted National Health Information Network
Policy makers are looking carefully at the best ways to improve our healthcare system with much emphasis being placed on the need for electronic health records for every American. This effort also includes creating an infrastructure to allow the exchange of these records at the regional, state and national levels. This paper introduces the current challenges and explains why identity management in healthcare is an essential and foundational element that must be made a priority by policy makers in order to achieve the goals of widespread use of electronic health records to support the secure and seamless exchange of healthcare information. The paper also recommends best practices for introducing a healthcare identity management infrastructure–one that provides the needed security and privacy controls that should be specified by policy makers.
This report discusses how smart cards can help health care providers and insurance companies meet the requirements of HIPAA Privacy and Security Rules. Designed as an educational overview for decision makers, it summarizes the HIPAA privacy and security requirements, provides an overview on how smart cards work, describes how smart cards can be used to support HIPAA compliance and implement other health care applications, and outlines key implementation success factors. The report includes profiles of several U.S. and international smart health card implementations.
The Smart Card Alliance developed this position paper to describe the issues with unique identifiers and discuss how smart cards can be used as authenticators when using unique identifiers.
The Smart Card Alliance Identity Council developed this glossary to define commonly used terms related to identity and smart card technology and applications.
This position paper describes key elements in the design of an identity management system that affect privacy and security and the benefits that smart cards bring to identity management systems.
This FAQ answers questions about privacy, security and smart card benefits for identity management systems.
- Industry Recommendations for Implementing PIV Credentials with Physical Access Control Systems: A Quick Guide to Implementing Essential NIST SP 800-116 R1 Requirements
This guide was developed by the Secure Technology Alliance Access Control Council to identify the essentials for a successful deployment of a physical access control system (PACS) that complies with Federal Information Processing Standard (FIPS) 201 and provide a streamlined, practical, layman’s version of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-116 R1.
This white paper was developed by the Secure Technology Alliance Mobile Council to provide an overview of mobile ID authentication, to highlight use cases that rely on secure user credentials stored on a mobile device, and to provide some perspectives on how emerging technologies and standards are addressing the growing need for mobile ID authentication. Use cases highlighted include access control, payments, government-to-consumer services, and corporate applications.
- Personal Identity Verification Interoperability (PIV-I) for Non-Federal Issuers: Trusted Identities for Citizens across States, Counties, Cities and Businesses
This white paper was developed by the Smart Card Alliance Physical Access Council and Identity Council to describe the benefits of FIPS 201, PIV standards and PIV-I framework for state and local governments to enable interoperability and trust across different government issuers for a wide variety of identity credentialing programs. The white paper discusses policy, process and technology considerations related to the implementation of state and local government identity credentialing initiatives. The white paper summarizes important aspects of the current state of policy, process and technology and identifies opportunities to support additional work to further improve each through the use of the PIV-I framework and the PIV standard.
- Privacy, Identity, and the Use of RFID and RF-Enabled Smart Card Technology – A Smart Card Alliance Brief for State and Local Governments
State policy makers are looking carefully at the use of RFID technology in identity cards and the implications that holds for protecting privacy and personal information in identity applications and systems. This brief was developed by the Smart Card Alliance Identity Council to examine best practices for privacy-secure identity systems from the point of view of card technologies.
This white paper was developed to provide an overview of the ecosystem of proximity mobile payments. It introduces the stakeholders in the mobile payment ecosystem and describes their roles and responsibilities in assuring the security of sensitive data. It explains how the payment application, consumer credentials and consumer account information are securely delivered to, loaded on and stored in a mobile device. It explains how a mobile device transmits data to a merchant at the point of sale, identifies risks present during the lifecycle of the payment device, and suggests countermeasures. It also identifies industry standards and certifications organization organizations that address this ecosystem.
This white paper was developed by the Smart Card Alliance Healthcare Council to describe the value that smart cards deliver in a variety of U.S. healthcare applications. Developed as an educational overview for executives and senior managers in healthcare provider organizations, it reviews key challenges that the U.S. healthcare provider industry faces and examines the key drivers for implementing smart card-based systems to address these challenges. The white paper concludes with profiles of a number of organizations who are implementing smart cards illustrating the diversity of applications that are enabled by smart card technology and the business benefits that the technology delivers to healthcare organizations.
This frequently asked questions document was developed to answer questions about how smart cards work and how the technology is used to manage patient identity and protect a healthcare consumer’s personal information.
This report is written for executive level technology and security managers and provides an overview of how biometrics and smart cards can be used to provide the highest security in an identity system. The report discusses the definition of a secure identification system, the function of biometrics in ID systems, biometric technology choices, and the advantages of coupling biometrics with smart card technology.
This white paper was developed by the Smart Card Alliance Healthcare Council to describe the benefits of smart cards to healthcare industry participants. The paper describes the challenges within the healthcare industry and the clear opportunities for the use of smart card technology for security and privacy in healthcare. The paper examines smart card use in healthcare today and suggests additional applications for consideration.
This white paper was developed by the Smart Card Alliance Access Control Council to discuss the benefits of using smart card technology for strong authentication for logical access.
This white paper was developed by the Smart Card Alliance Payments Council Security Work Group to provide an overview of the security features available with contactless and contact smart cards and describe how the security features might apply or be important to different applications.