10 Aug 2014

Challenges

The Federal Emergency Management Agency (FEMA) provides the foundation for disaster planning and response in the United States when local and state government agencies require support. Now part of the Department of Homeland Security, FEMA’s headquarters is in the heart of the nation’s capital, bustling with activity, and is considered one of the busiest federal facilities. The Washington, D.C. office is visited by hundreds of people each day, with a high number of cross-over visits from other federal agency employees.

With the advent of HSPD-12 and OMB M-11-11, FEMA began the process of leveraging the full capabilities of Personal Identification Verification (PIV) credentials now in the possession of 4.5 million federal employees and contractors.

In late 2010, Tyco Integrated Security, Federal Systems Division, began working with FEMA to execute a two-phase process of registering its employees’ PIV cards into its enterprise-wide physical access control system (PACS). Next, it deployed a new web-based visitor management system to electronically validate visitors’ PIV cards and provide an electronic visitor audit-trail.

“What FEMA is doing sets them apart,” said Don Woody, Senior Technology Manager, Federal Systems Division with Tyco Integrated Security, who directed the deployment at FEMA’s Washington, D.C., facility. “By streamlining its visitor management process, FEMA now has a high-assurance credentialing system that is seamlessly integrated to its PACS, is HSPD-12 compliant, and reduces manpower required to process, track and escort visitors.”

Solutions

FEMA streamlined its PIV registration process by using HID Global’s pivCLASS Registration Engine and several dedicated workstations to read, validate, authenticate and automatically register each FEMA PIV card into its existing PACS. Now, the process to register a fully-vetted PIV card into the PACS takes less than 30 seconds.

Results

The new visitor management system allows for web-based pre-authorisation of visitors. When guests from another agency arrive in the lobby and they present their PIV card to the security officer or lobby attendant, the PIV credential is placed into a smart card reader. The visitor then enters the card’s PIN on a pin pad and if it matches the PIN encoded on the PIV credential the cardholder is prompted to match their fingerprint biometrically. After a match, the system checks the PIV card’s digital certificate against the certificate authority revocation list to ensure the card is not revoked.

After the full electronic validation process, the visitor is granted permission to enter the facility. In addition, the visitor’s PIV card can be registered into FEMA’s PACS, if needed for future visits.

“FEMA is one of the few government agencies that has standardised its access control system and is using the full electronic capabilities of its PIV credentials,” said Geri Castaldo, vice president, Business Development, Federal Identity with HID Global. “Becoming HSPD-12 and OMB M-11-11 compliant doesn’t have to be a daunting process and FEMA is an example of a success story.”

Download HID White Paper: Best practices for integrating mobile into the access control architecture now!