Department of Veterans Affairs Personal Identity Verification (PIV) Program

1. Department of Veterans Affairs Personal Identity Verification (PIV) Program Brian Epley, VA PIV Program Manager August 14, 2007

2. Agenda History Authentication Authorization Infrastructure Program (AAIP) Required Changes Current State and Future Goals PIV 0.5 PIV 1.0 PIV 2.0 PIV + Architecture Achievements National Deployment Schedule Resources

3. VA PIV History • Experience-Oct 2004, VA conducted a 10-month pilot that included: • Issued 1,100 cards prior to HSPD-12 • Provided logical and physical access • Three digital certificates • Used an application process similar to the PIV process • Investment-VA procured a substantial amount of resources to support earlier smart card initiative • 85,000 smart cards • Front-end and Back-end components (servers, workstations, printers, etc.) • Business Requirement-VA’s unique operational mission requires a tailored solution • Large affiliate population (80,000+) requires “OneVA” (non-PIV) cards • 24-hour turn around on issuance • 24/7 Help desk support

4. VA PIV History (Continued) • Increased Return on Investment • VA’s focus is to advance the use of identity and access management (IAM) across the Department • Mapping of user privileges • Provisioning and deprovisioning services • Synchronization of data with authoritative sources • Rights management with standardized Role Based Access Control (RBAC) models • Management of entity profiles • The IAM solution can be used to support management of veteran identities • Establishing an enterprise IAM backbone within the VA will save millions of dollars

5. VA PIV Status • The Department of Veteran Affairs successfully complied with HSPD 12 • Issued first card to PCI Manager October 20th • Issued twelve credentialsto Sponsor, Registrar and Issuers between October 20th and October 26th • Issued three ID credentialsto employees October 27th • Issued 1,400+ credentials since October 27th • VA legacy cards (ActivCard Applet v.2 on Cyberflex Access 64k v.1) • Provide logical and physical access • Have three digital certificates • Comply with topographical requirements • Key Differences • Does not have fingerprints loaded on the card • The card stock is non-compliant • VA will begin PIV National Deployment September 2007 • 24-month deploymentto implement PIV Enrollment Operations Centers at approximately 225 field locations serving 1,200+ facilities across CONUS

6. PIV Architecture - Version 0.5October 2006 • PIV 0.5 Objectives • Interim FIPS-201 Compliance • -Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption • Disaster Recovery Capability

7. PIV Architecture - Version 2.0 • PIV 2.0 Objectives • Full Compliance with FIPS 201 • -Smart Cards -Authentication -Unique IDs -Digital Signature -Email encryption • Disaster Recovery Capability • Help Desk • Establish VA Interfaces • Establish Federal Enterprise Interfaces

8. PIV Architecture – Version 3.0Future Enterprise Integration • PIV 3.0 Objectives • Integrate into VA Enterprise Architecture • Establish SSO with additional enterprise applications • Link authoritative data sources using IAM backbone • Establish interoperability with other Shared Service Providers • Add 3rd Data Center leg for load-balancing across CONUS • Integrate VA PIV with GSA MSO and Federal peers

9. Achievements • VA PIV is 1 of 4 Successful Federal HSPD-12 programs • PIV is currently in production at VACO • Issued 1,400+ credentials that support: • Smartcard authentication • Unique IDs • Digital signature • E-mail encryption • PIV participated in OED IAM Workshop to identify duplicative requirements and enterprise solutions to meet the needs of: • Active Directory • VBA – Loan Guarantee Program, VIP • OS&LE – Security Investigations Center (SIC) • Centralized and timely adjudication • VHA & VBA • VHA EA Integration—SSO

10. Enterprise Integration Achievements • Sharing data sets based on correlated Unique Identifier (UID) • Active Directory • PAID • Combined program requirements • VBA • Loan Guarantee Program • OneVA VIP Portal • EA OneVA Portal/SSO • VHA • Resource collaboration • e-Authentication • Soft Certificate initiative • DoD/CAC

11. PIV National Deployment • Site transformation from PIV-1 “Process” to incorporate use of PIV systems to achieve HSPD-12 compliance and unified “OneVA” credentials • 24-month deployment to implement PIV Enrollment Operations Centers at approximately 225 field locations serving 1,200+ facilities across US • Multi-Administration collaboration to determine VISN/Region geographic sequence • Based on VISN/Regionsite readiness • Involves comprehensive 120-day preparation

12. Deployment Schedule

14. VA PIV Resources • VA PIV Intranet site: • vaww.va.gov/PIVproject • VA PIV PMO e-mail address: • VAPIVPRO@va.gov • VA PIV Team members: • PIV Executive Steering Committee • Brian Epley, Program Manager • Gloria A. Harris, Business Manager • Leonard Kenon, Project Manager • Maurice Claggett , Project Manager • Multiple contract resources • Multiple Working Groups