[Infowarrior] - Identity Management: Tiers of Trust Consortium

Richard Forno rforno at infowarrior.org
Tue Sep 11 16:39:30 UTC 2007 

(good leadership and a well-rounded industry consortium here to address a
fundamental need for first responders.......rf)

Former US Cybersecurity Advisor Spearheads  Consortium to Help First
Responders Prepare for Crisis Situations

Tiers of TrustTM Consortium Aims to Solve Problems Experienced by Law
Enforcement, Fire Departments, and Paramedics  During 9/11 and Hurricane
Katrina

Washington, DC ‹ September 11, 2007 ‹ Howard A. Schmidt, former US
Cybersecurity Advisor, today announced the Tiers of Trust consortium to
assist First Responders such as the New York Fire Department, International
Red Cross, State of California Public Health, and Verizon in successfully
preparing for crisis situations.  First Responders are the backbone of
America¹s critical infrastructure, including law enforcement, fire, hazmat,
rescue and public health organizations as well as private sector utilities,
communications and transportation companies responsible for responding to
national and local emergency situations.  The consortium aims to solve
problems experienced by these organizations during 9/11 and Hurricane
Katrina.  For more information about the Tiers of Trust go to
www.TiersofTrust.com.

Why? Some of the major problems during past crisis situations were due to
unreliable identification of First Responders.  During the 9/11 attacks over
300 First Responders in New York were lost because officials could not
account for who entered and left the scene.  While in DC, response officials
rushing to the Pentagon were denied entry because their identities and
privileges could not be verified.  During the Hurricane Katrina recovery,
hundreds of licensed medical personnel were not deployed effectively because
they could not prove their credentials and certifications.  To fix problem
such as these, the government developed new identification requirements
through Homeland Security Presidential Directive-12 (HSPD-12) and the
Federal Information Processing Standard (FIPS 201) for federal employees and
contractors.

³While this regulation has the right intentions, the implementations to date
have exceeded the budgets within these First Responder groups, making
compliance impossible,² said Howard A. Schmidt.  ³Our goal is to enable
First Responders to meet the federal requirements at a fraction of the cost,
allowing them to spend budgets on much needed equipment and training.²

How? Tiers of Trust enables First Responders to implement graduated
privileges based on identities.  The consortium grants registered First
Responders free access to high-tech software to create identification
credentials with contactless smart cards, using the mandatory FIPS 201
fields of the FASC-N (Federal Agency Smart Card Number), CHUID (Card Holder
Unique Identifier), and expiration date.

Homeland Security Presidential Directive ­ 12 (HSPD-12) outlines policy for
a common identification standard for federal employees and contractors. With
regard to secure and reliable forms of identification, HSPD-12 states ³The
Standard will include graduated criteria, from least secure to most secure,
to ensure flexibility on selecting the appropriate level of security for
each application.²  The Tiers of Trust program implements this risk-based
concept initially for first responders, realizing that not all first
responders will ever need to gain ³physical access to federally controlled
facilities and logical access to federally controlled information systems².
Thus careful classification of roles and privilege levels may yield a
significant headcount where a significant cost savings is not only prudent,
but advisable.

"Right now, it is cheaper to rebuild everybody's house rather than to give
First Responders a smart card," said Jon Callas, CTO and CSO of PGP
Corporation.  "Tiers of Trust is changing this."

What? Howard A. Schmidt is spearheading the Tiers of Trust consortium with
leading security organizations including HID, SNS (Secure Network Systems),
PGP Corporation, OMNIKEY, Catcher, TX Systems and Clear Government
Solutions.......(more)

< - >

http://www.tiersoftrust.com/

More information about the Infowarrior mailing list