Large deployment includes 260 operating buildings, staff of 9,000
Oak Ridge National Labs, a technology research facility for the U.S. Department of Energy, is deploying a mix of PIV and CIV credentials throughout its Tennessee facilities.
The new smart card credentials will be used for physical and logical access, says John Watson, group manager for the Laboratory Protection Division System at Oak Ridge. The lab went with the PIV smart cards for those employees who travel and need to use the credentials for access to other facilities, while CIV credentials will be for those who are just using the cards on site.
The CIV credentials were less expensive than the PIV, Watson says. “You have to look at the risk and the most cost efficient way to do business and save the government money,” he explains. “If you look at the cost of PIV versus CIV, it’s a substantial savings, and if you have 4,500 people who don’t travel or visit other sites you have to look at ways to save.”
The employees issued CIV credentials still undergo a background check, but it’s not the same as the one undergone by those 3,500 employees receiving PIV credentials, Watson says.
The CIV credentials have one other difference from the PIV credentials, a proximity chip. Employees preferred the performance of the proximity technology – that reacts quickly when held within a few inches of a reader – to the performance of the contactless smart cards that require a more purposeful tap-and-hold presentation, Watson says.
To facilitate the use of both technologies, the lab’s 1,400 entry points were outfitted with multi-tech readers that read both contactless smart cards and prox, Watson says.
The lab will also be rolling out logical access using the credentials. PIV cardholders will use those certificates to gain access to controlled information systems, to digitally sign documents and encrypt emails, says Thomas Flynn, vice president for Identity and Access at Gemalto North America.
Gemalto is seeing enterprises that are associated with confidential government research and development and critical infrastructure, such as Oak Ridge, shore up security with PIV solutions, Flynn explains. Although FIPS 201 and PIV aren’t mandated for these organizations, the work they are doing in the federal space is necessitating it.
Utility companies also are starting to deploy FIPS 201-specified PIV card systems for physical and logical access, says Flynn.
For the deployment at Oak Ridge National Labs, Gemalto collaborated with Charismathics for logical access and Quantum Secure for physical access. This all-in-one offer gives Oak Ridge a layered protection that reduces potential security breaches while safeguarding employee identities.