NIST publishes list of approved products and vendors
NIST Personal Identity Verification Program validates products, vendors for federal agencies
Security: Identity Management Alert
By
Dave Kearns
,
Network World
, 01/30/2008
Sign up for this newsletter now!
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
- Share/Email
- Tweet This
- Print
Last issue I talked about some recent updates to existing products. Today we look at another announcement: The National Institute of
Standards and Technology has established the NIST Personal Identity Verification Program (NPIVP) to validate Personal Identity
Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. Or, in terms the layman can
understand, a government agency (NIST) has drawn up standards for products to satisfy a government initiative (FIPS 201).
FIPS 201 is the standard evolved to meet the requirements of HSPD-12 (Homeland Security Presidential Directive #12). All of
which defines what is needed for authorization to enter federal facilities.
This is important, obviously, for those who work for, do business with, or supply to the government. And that’s roughly, ALL
OF US (at least in the United States). Significantly, also, these federal standards have a way of becoming de facto standards
in many other places.
The new NIST publication is a list of all validated PIV Card Application (past and present). That is, it’s the list government agencies need to use
to select approved products and vendors. It’s also a list that non-government organizations (NGO) should look at to determine
who to talk to about their physical (and, in many cases, logical) access needs.
Some old friends are on the list (ActivIdentity, Sagem, Gemalto) but there are also some folks who don’t evoke any memories
with me – Keycorp, Safenet, SETECS, CardLogix, TecSec. And there’s one that I know, but not in an identity context – Hitachi.
The identity management and identity and access management space is growing fast and no one person (certainly not me!) can
hope to keep up with all the new entries and new developments. A list like the one NIST is compiling and publishing can be
a godsend to someone looking to implement a solution and needing fast access to a full range of possible providers.
If you aren’t ready for physical access solutions just yet, keep the URL handy for the day you are. And if you know of any
other lists like this – drop me a note and we’ll share the information.
There’s a new presentation linked from the IdM Journal’s resources library that merits your attention. “A Case for Collaborative Identity Management in a Complex Decentralized Environment” is an hour-long
presentation on the value of approaching identity management as a collective responsibility. According to the Cornell University
researchers who are presenting the study, the business and IT sides of the house must partner to meet rising expectations
for streamlined access to information in a world where services are distributed not only across multiple campus units but
also across multiple institutions. It’s well worth the registration and setup process you need to go through to hear it.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Comment