Q

How will HSPD-12 affect authentication?

HSPD-12, signed in 2004, has called for standardized access to government facilities. In this expert Q&A, Joel Dubin reviews the mandate and states how it could impact today's authentication methods.

How will the government's Homeland Security Presidential Directive-12 mandate affect authentication?
The Homeland Security Presidential Directive-12 (HSPD-12) was designed to standardize physical access to government facilities. President George W. Bush signed the directive in 2004 in an effort to eliminate the current hodgepodge of different systems that government employees used to get into their offices.

The program is supposed to eventually create a standardized ID badge for all government employees, but is currently only in a pilot stage for selected facilities around the country. The badge is supposed to be tamperproof and not susceptible to counterfeiting.

The badge is essentially a smart card that contains a photo and biometric information, or in this case, a fingerprint, from the user. In addition, users will need to enter a PIN number into the device where they insert the card. The system is a textbook three-factor authentication system. It consists of something you know (the PIN), something you have (the card) and something you are (the fingerprint).

Optionally, any system meeting the standard can also support public key infrastructure (PKI) and digital certificates (DC).

Although the HSPD-12 directive states it also covers logical access to IT systems -- since technologically speaking, physical and logical access is slowly converging -- the current rollout is only for physical access to federal sites.

With that in mind, there might not be an immediate impact on authentication. However, you can expect that the same three-factor authentication system and smart card will be needed to access government IT systems down the road; probably within the next five years.

For specific information, consult the Federal Information Processing Standard Publication 201 (FIPS 201) on the National Institute of Technology Web site, which details implementing the HSPD-required Personal Identity Verification (PIV) cards.

More information:

  • Make sure your smart cards are tamper-proof.
  • Learn about other infosec-related regs.
  • This was first published in December 2006
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close