Department of Veterans Affairs Personal Identity Verification (PIV) Program

Brian Epley, VA PIV Program Manager

August 14, 2007

Agenda

• • • • • • History • • Authentication Authorization Infrastructure Program (AAIP) Required Changes Current State and Future Goals • • • • PIV 0.5

PIV 1.0

PIV 2.0

PIV + Architecture Achievements National Deployment Schedule Resources 2

VA PIV History

•

Experience -

Oct 2004, VA conducted a 10-month pilot that included: • Issued 1,100 cards prior to HSPD-12 • • • Provided logical and physical access Three digital certificates Used an application process similar to the PIV process •

Investment -

VA procured a substantial amount of • resources to support earlier smart card initiative • 85,000 smart cards • Front-end and Back-end components (servers, workstations, printers, etc.)

Business Requirement -

VA’s unique operational mission requires a tailored solution • Large affiliate population (80,000+) requires “OneVA” (non-PIV) cards • 24-hour turn around on issuance • 24/7 Help desk support 3

VA PIV History (Continued)

• Increased Return on Investment • VA’s focus is to advance the use of identity and access management (IAM) across the Department • Mapping of user privileges • • • Provisioning and deprovisioning services Synchronization of data with authoritative sources Rights management with standardized Role Based Access Control (RBAC) models • Management of entity profiles • The IAM solution can be used to support management of veteran identities • Establishing an enterprise IAM backbone within the VA will save millions of dollars 4

VA PIV Status

The Department of Veteran Affairs successfully complied with HSPD 12 • Issued first card to PCI Manager October 20 th • Issued twelve credentials to Sponsor, Registrar and Issuers between October 20 th • • and October 26 th Issued three ID credentials to employees October 27 th Issued 1,400+ credentials since October 27 th VA legacy cards (ActivCard Applet v.2 on Cyberflex Access 64k v.1) • Provide logical and physical access • • Have three digital certificates Comply with topographical requirements Key Differences • Does not have fingerprints loaded on the card • The card stock is non-compliant VA will begin PIV National Deployment September 2007 • 24-month deployment to implement PIV Enrollment Operations Centers at approximately 225 field locations serving 1,200+ facilities across CONUS 5

PIV Architecture - Version 0.5

October 2006

PIV 0.5 Objectives

• Interim FIPS-201 Compliance -Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption • Disaster Recovery Capability 6

PIV Architecture - Version 2.0

PIV 2.0 Objectives

• Full Compliance with FIPS 201 -Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption • Disaster Recovery Capability • Help Desk • Establish VA Interfaces • Establish Federal Enterprise Interfaces 7

PIV Architecture – Version 3.0

Future Enterprise Integration

PIV 3.0 Objectives

• Integrate into VA Enterprise Architecture • Establish SSO with additional enterprise applications • Link authoritative data sources using IAM backbone • Establish interoperability with other Shared Service Providers • Add 3rd Data Center leg for load-balancing across CONUS • Integrate VA PIV with GSA MSO and Federal peers 8

Achievements

• • • VA PIV is 1 of 4 Successful Federal HSPD-12 programs PIV is currently in production at VACO • Issued 1,400+ credentials that support: • Smartcard authentication • • • Unique IDs Digital signature E-mail encryption PIV participated in OED IAM Workshop to identify duplicative requirements and enterprise solutions to meet the needs of: • Active Directory • • VBA – Loan Guarantee Program, VIP OS&LE – Security Investigations Center (SIC) • Centralized and timely adjudication • • VHA & VBA VHA EA Integration —SSO 9

Enterprise Integration Achievements

• • • Sharing data sets based on correlated Unique Identifier (UID) • Active Directory • PAID Combined program requirements • VBA • Loan Guarantee Program • OneVA VIP Portal • • EA OneVA Portal/SSO VHA Resource collaboration • e-Authentication • • Soft Certificate initiative DoD/CAC 10

PIV National Deployment

• Site transformation from PIV 1 “Process” to incorporate use of PIV systems to achieve HSPD-12 compliance and unified “OneVA” credentials • 24-month deployment to implement PIV Enrollment Operations Centers at approximately 225 field locations serving 1,200+ facilities across US • Multi-Administration collaboration to determine VISN/Region geographic sequence • Based on VISN/Region site readiness • Involves comprehensive 120-day preparation 11

Deployment Schedule

12

13

VA PIV Resources

• VA PIV Intranet site: •

vaww.va.gov/PIVproject

• VA PIV PMO e-mail address: •

[email protected]

• VA PIV Team members: • PIV Executive Steering Committee • Brian Epley, Program Manager • Gloria A. Harris, Business Manager • Leonard Kenon, Project Manager • Maurice Claggett , Project Manager • Multiple contract resources • Multiple Working Groups 14