Archive

Archive for September, 2012

The “skinny” on Commercial Identity Verification (CIV) Credential. Are they for you?

September 17, 2012 Leave a comment

The “Skinny”

The Commercial Identity Verification (CIV) credential, takes a chapter from the Federal Information Processing Standard 201 (FIPS 201), initiated by the Homeland Security Presidential Directive (HSPD-12) mandate.  The mandate required Federal agencies to deploy and support an identity credential that can be used across all Federal agencies for both physical and logical access.

 

The CIV credential takes advantage of the PIV infrastructure that has been developed, tested, and refined over the past ten years.  By adopting the CIV credential, corporations or medical environments no longer have to create multiple identities for each employee to work in the various standalone systems.  Identity creation and enrollment is completed at one central location.  Once an employee receives their CIV credential, this one credential can be used at locations enterprise-wide.

 

Each employee’s CIV card can be a tool for authenticating identity and authorizing access to doors and resources such as inventory control, accounting, process control systems, and HR databases.  In addition, a single identity allows a provisioning system to confirm that an employee is actually on the premises before enabling that person to log on to a desktop computer and enterprise network.  At the same time, it blocks access from an external device, such as a remote computer, after physical presence is established within an office.

 

To make the CIV credential work in your organization, your infrastructure will need to change from multiple standalone solutions to one that is enterprise-wide.  Due to the Federal mandate, multiple vendors offer interoperable solutions using off-the-shelf products because of competition, prices will become more and more affordable.

 

In a typical implementation, each CIV credential holds one unique user identification number that is tied to the person’s network account.  This allows access to authorized applications, plus the physical access control system in the proper buildings.

 

Are they for you?

 

A CIV credentialing program provides corporations with the ability to improve efficiency and reduce resources while maintaining overall security.  However, to determine if this is the solution for you, ask yourself the following questions:

 

  1. Are only authorized employees accessing the corporate property and networks?
  2. Is any portion of the network, access control system, etc., vulnerable, posing a security risk?
  3. How many resources are allocated to resetting employee passwords and logins?
  4. Overall, what is the current level of security? Poor, Fair, Satisfactory, Excellent?

 

These are just a few of the questions that can be addressed.  Every organization is unique and therefore it is best to speak to an ID Consultant during the fact-finding and qualification process.

 

 

Reference:

 

Smart Card Alliance.  October 2011.  The Commercial Identity Verification (CIV) Credential – Leveraging FIPS 201 and the PIV Specifications: Is the CIV Credential Right for You?  Retrieved from http://www.smartcardalliance.org/resources/pdf/CIV_WP_101611.pdf