- Insider threat looms large in San Francisco
- Woman fired over death threat
- IT admin pleads not guilty
- Tape storage gets more dense
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Last issue I talked about some recent updates to existing products. Today we look at another announcement: The National Institute of Standards and Technology has established the NIST Personal Identity Verification Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. Or, in terms the layman can understand, a government agency (NIST) has drawn up standards for products to satisfy a government initiative (FIPS 201). FIPS 201 is the standard evolved to meet the requirements of HSPD-12 (Homeland Security Presidential Directive #12). All of which defines what is needed for authorization to enter federal facilities.
This is important, obviously, for those who work for, do business with, or supply to the government. And that’s roughly, ALL OF US (at least in the United States). Significantly, also, these federal standards have a way of becoming de facto standards in many other places.
The new NIST publication is a list of all validated PIV Card Application (past and present). That is, it’s the list government agencies need to use to select approved products and vendors. It’s also a list that non-government organizations (NGO) should look at to determine who to talk to about their physical (and, in many cases, logical) access needs.
Some old friends are on the list (ActivIdentity, Sagem, Gemalto) but there are also some folks who don’t evoke any memories with me – Keycorp, Safenet, SETECS, CardLogix, TecSec. And there’s one that I know, but not in an identity context – Hitachi.
The identity management and identity and access management space is growing fast and no one person (certainly not me!) can hope to keep up with all the new entries and new developments. A list like the one NIST is compiling and publishing can be a godsend to someone looking to implement a solution and needing fast access to a full range of possible providers.
If you aren’t ready for physical access solutions just yet, keep the URL handy for the day you are. And if you know of any other lists like this – drop me a note and we’ll share the information.
There’s a new presentation linked from the IdM Journal’s resources library that merits your attention. “A Case for Collaborative Identity Management in a Complex Decentralized Environment” is an hour-long presentation on the value of approaching identity management as a collective responsibility. According to the Cornell University researchers who are presenting the study, the business and IT sides of the house must partner to meet rising expectations for streamlined access to information in a world where services are distributed not only across multiple campus units but also across multiple institutions. It’s well worth the registration and setup process you need to go through to hear it.
Investment of a Technology should be 'held off' because there hasn't been enough investment in it yet? Is...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment