Last issue I talked about some recent updates to existing products. Today we look at another announcement: The National Institute of Standards and Technology has established the NIST Personal Identity Verification Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. Or, in terms the layman can understand, a government agency (NIST) has drawn up standards for products to satisfy a government initiative (FIPS 201). FIPS 201 is the standard evolved to meet the requirements of HSPD-12 (Homeland Security Presidential Directive #12). All of which defines what is needed for authorization to enter federal facilities.

This is important, obviously, for those who work for, do business with, or supply to the government. And that’s roughly, ALL OF US (at least in the United States). Significantly, also, these federal standards have a way of becoming de facto standards in many other places.

The new NIST publication is a list of all validated PIV Card Application (past and present). That is, it’s the list government agencies need to use to select approved products and vendors. It’s also a list that non-government organizations (NGO) should look at to determine who to talk to about their physical (and, in many cases, logical) access needs.

Some old friends are on the list (ActivIdentity, Sagem, Gemalto) but there are also some folks who don’t evoke any memories with me – Keycorp, Safenet, SETECS, CardLogix, TecSec. And there’s one that I know, but not in an identity context – Hitachi.

The identity management and identity and access management space is growing fast and no one person (certainly not me!) can hope to keep up with all the new entries and new developments. A list like the one NIST is compiling and publishing can be a godsend to someone looking to implement a solution and needing fast access to a full range of possible providers.

If you aren’t ready for physical access solutions just yet, keep the URL handy for the day you are. And if you know of any other lists like this – drop me a note and we’ll share the information.

There’s a new presentation linked from the IdM Journal’s resources library that merits your attention. “A Case for Collaborative Identity Management in a Complex Decentralized Environment” is an hour-long presentation on the value of approaching identity management as a collective responsibility. According to the Cornell University researchers who are presenting the study, the business and IT sides of the house must partner to meet rising expectations for streamlined access to information in a world where services are distributed not only across multiple campus units but also across multiple institutions. It’s well worth the registration and setup process you need to go through to hear it.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports