Vendor consortium formed to guide agencies in HSPD-12 compliance and operation
04 October, 2006
category: Biometrics, Government, Library
By Andy Williams, Contributing Editor
Lots of questions … too many places to go to seek answers. Wanting to lend assistance in solving that problem is a key purpose behind a new consortium established to help integrators and federal agencies deal with the many nuances of HSPD-12 compliance. Called, predictability enough, the HSPD-12 Interoperability Consortium, it was founded by smart card, authentication and encryption solutions provider SafeNet and now includes eight other companies, some of them SafeNet competitors.
According to Safenet, the Consortium’s goals are: to provide an industry perspective to government agencies and system integrators; to offer an end-to-end interoperable HSPD-12 (Homeland Security Presidential Directive) solution; to build a testing lab to demonstrate preconfigured and pre-tested solutions; and to create solutions flexible enough to meet the needs of the consortium members’ customers.
The HSPD-12 Consortium’s other nine founding members include Consul Risk Management, security audit and compliance; CoreStreet, provider of certificate validation infrastructure and application software; Entrust, certificate Authority, shared service provider, and encryption solutions; Forum Systems, secured systems architecture; Precise Biometrics, biometric solutions; Probaris Technologies, secured business process solutions; Intercede, smart card management; and Omnikey, smart card readers.
“We’re in active discussion now with other people. We want this to be a truly open consortium,” said SafeNet’s Andy Solterbeck, vice president and general manager, Commercial Enterprise Business Unit. “Our intent is to bring in people who can contribute to solutions, such as business processes, credential management capability and hardware. There’s no point in building a locked-out consortium.”
Put another way, he added, “Unless you leverage” the products and solutions provided by consortium members, “it would be a pointless enterprise. This is how we ensure the right people are members of the consortium. The best way to describe (consortium members) is that they are people we have worked with in the market, but whom we also compete with in the marketplace.”
So, why the consortium? “It’s really interesting in that there’s a fairly good understanding in what HSPD-12 is, an interoperability standard for a piece of plastic and what the card needs to be able to do,” said Mr. Solterbeck. “But all the stuff that surrounds that card; what am I going to do with it; how do I use it for physical and logical access, identity management…what’s going to be different after HSPD-12 is implemented…we were getting all those questions. So we put together this consortium (to show federal agencies and integrators) how that card could be leveraged to be more efficient in the implementation, from certification, to deployment.”
Commented Phil Saunders, general manager of SafeNet’s Borderless Security Business Unit: “Our goal is to remove confusion about the many pieces of HSPD-12 and make the job of system integrators and government agencies easier.”
The consortium is designed to provide assurances of compliance and of interoperability between the many components required to meet the HSPD 12 mandate including smart cards, PKI, middleware, card credential management systems, biometrics and physical access systems.
He said the consortium is “in the process of building a lab (in Roslyn, Virginia) where the agencies can come in and see the various solutions and we’re doing seminars to allow the government to share its expertise. We’re also putting up a web site they can come to as an information resource.”
The HSPD-12 card, he said, has a couple of components, the logical access part which holds the certificates and physical access which grants you access to the building. “There’s the ability for that card to become your authentication device for lots of different applications. The hot topic now is disk and file encryption. That card could be integrated to the solution that protects the laptop. The card could be used for things like signing and authentication.”
He added: “We’re going from the very specific to the very broad. Unless you’re actually enabling a business process, the card isn’t all that useful. For example, the OMB directive that said any agency that allows data to leave its premises must be encrypted is now a presidential edict.”
That falls right into one of SafeNet’s areas of expertise. “We’ve been a cryptographic supplier to the federal government for 20 plus years. Over 60% of our business is with the federal government,” he said.
Even after the Oct. 27 deadline has passed, there will still be plenty of work for the consortium. “The real question is how do we help the agencies and integrators once they have met the requirement,” said Mr. Solterbeck. “Basically as long as the agency has issued one PIV Card by October 27th they are in compliance, so the real question is what will they do with the cards once they are issued? The consortium will help with showing real business applications of the card, such as disk encryption, two factor remote access etc.”
Additional resources:
Visit the consortium online at www.hspd-12.org.
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at FIPS201.com. Click to visit FIPS201.com.