AMAG Technology Helps Guide Department Of Defense To FIPS 201 Compliance

The Department of Defense (DoD) issues Common Access Cards (CAC) to more than 4 million military, retried military and contractors throughout the world. DoD was tasked with complying with the Federal Information Processing Standards (FIPS) Publication 201. FIPS 201 is a federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.

AMAG Technology partnered with the DoD to upgrade an existing smartcard based access control system. AMAG Technology manufactures intelligent networked solutions scaled to manage security management challenges from small, remote facilities to multi-national organizations.

Various groups within the DoD have AMAG Technology’s existing Symmetry Security Management Systems that have been in place for as long as 10 years. The fully upgraded integrated system would address physical access control system (PACS) considerations in the DoD’s mission to become Homeland Security Presidential Directive (HSPD) -12 compliant and utilize the next generation FIPS-201 compliant, DoD Common Access Cards.

The Symmetry Security Management System had to support the existing and the next generation FIPS 201 complaint Common Access Cards. Users would be issued their next generation Common Access Card when their older card expired, therefore there would be a number of years over which both versions of the card would be active.

AMAG Technology’s Symmetry Common Access Card Reader with Symmetry Homeland Security Management System was chosen to implement the transition. The dual technology reader allowed the DoD to continue using their current access card (a contact chip smartcard with no contactless component) while upgrading to the FIPS compliant card that contains both contact and contactless interfaces.

“The system was originally designed before HSPD-12 using the SEWIG-012 Data Model, and it needed to move to the FIPS model,” said AMAG Technology mid-Atlantic and federal regional sales manager, Walter Coady. “AMAG committed to the DoD that we would follow the evolution of FIPS 201 and manufacture a fully compliant reader.”

Readers designed and manufactured prior to FIPS 201 were flashed to work. Using the Symmetry Common Access Card reader provided a cost effective solution due to its ability to be flash upgraded in the field. The reader offered the unique ability to read multiple smartcard technologies eliminating the need for an expensive hardware upgrade once all cards were FIPS-201/HSPD-12 compliant, and thus future-proofing the product.

Challenges

The DoD was an early adopter of using smart cards for physical access control. However, staying on top of ever-changing standards remained a challenge. AMAG has worked with the DoD and other federal government customers to support developing smartcard implementation guidance. In the federal government, standards often precede product availability. AMAG developed the Symmetry smartcard reader to meet customer demand.

Working through the process of developing a dual technology reader supporting both the earlier Common Access Card and the FIPS 201 compliant version was difficult. AMAG was developing the Symmetry reader at the same time the new cards were being developed, therefore there were no sample cards to work from. Understanding how the card was going to operate and how it would look was learned through trial and error.

The current security system needed to remain compliant and operational throughout the entire transition. Every time a card was swiped, the system had to work. Downtime was not an option. AMAG’s engineering and product development team provided the migration path to full compliance with all of the specifications met.

While the original system used the SEIWG-012 data model, the actual card number was pulled from the Social Security number field. The Social Security number was subsequently classified as Personal Privacy Information, and could not be used in the system in that manner.

AMAG then turned to the Electronic Data Interchange Person Identifier (EDI-PI) as the number on the card they would authenticate. In the FIPS-201 solution, the new data model includes the Federal Agency Smart Credential Number (FASC-N) within the Cardholder Unique Identifier (CHUID). The new reader firmware had to read the Federal Agency Smart Credential Number through the contactless interface, but the Electronic Data Interchange Person Identifier data off the contact interface of the older card.

“It was AMAG’s vision to provide the highest level of interoperability for Personal Identity Verification cards from all agencies by following the intent of FIPS 201 by reading the Federal Agency Smart Credential Number from the Cardholder Unique Identifier,” Coady said. “Access control requires fast throughput, and this new card provided real challenges in that area.”

Significant effort by AMAG’s product development team was put in on the project upfront to ensure the new FIPS compliant system will save time in the future and be more cost effective. Due to Symmetry’s intuitive design, future upgrades will occur via the software, which is the least expensive to change. Expensive hardware upgrades will not be needed because of the dual technology Symmetry smart card reader.

Lessons Learned

A close partnership among all entities involved was critical to the success of this project. Getting a commitment from the manufacturer, not just the integrator was pivotal. AMAG was involved in every aspect of the installation because migrating to FIPS 201 compliancy was new to everyone. AMAG’s engineering and product development team tackled the challenges involved, eventually becoming the expert. At the time, this was so new, integrators were looking for guidance as much as the end users. AMAG was willing to dedicate the time, resources and effort to learn what was needed for the DoD to successfully upgrade to FIPS 201 compliancy.

AMAG Technology is a dedicated partner and has a long history supporting the US Government on smartcard programs, and has learned more from implementing standards compliant solutions than can be gleaned from reading documents.

In many FIPS 201 solutions, the Federal Agency Smart Credential Number data isn’t available to the security operator -- it is not printed on the card or available on a cross-reference list. The system should have a means of reading the Federal Agency Smart Credential Number, and populate the card holder record within the SMS. That will speed up the process of enrollment.

Two-factor authentication was needed. The Symmetry Common Access Card Reader reads the Electronic Data Interchange Person Identifier number on the contact chip, but cannot get to the chip until it unlocks the Common Access Card with the card’s PIN. Every time the card is used, the person must enter a PIN. This provides a two factor authentication. The challenge is that the FIPS compliant credential didn’t require a PIN for contactless access to the data. The Symmetry application has the ability to require a PIN when using the card. During the transition time period to the contactless card, those with the older cards enter two PINs (the CAC PIN to unlock the card data and the SMS PIN). Contactless card users simply enter the SMS PIN.

The Symmetry Common Access Card Reader includes contact smartcard interface, contactless smartcard interface, keypad and LCD display. The reader is flash ROM programmable, which proved to be a huge cost savings since multiple firmware versions have been provided over the years to meet changing requirements. If not for this feature, various versions of the hardware would have to have been provided, increasing costs to all involved. AMAG’s engineering efforts helped the DoD save a considerable amount of money.

The Symmetry Common Access Card Reader supports multiple card data formats. The ability of the reader to know what type of card was being presented and how to read that specific card enabled much of the functionality that was required to achieve compliance.

Future

AMAG Technology’s Symmetry smart card reader made the transition possible and saved money in the process.

Symmetry has given the DoD a migration path from the Common Access Card to the CAC-NG (next generation) without replacing any readers. AMAG is committed to supporting FIPS 201 and will continue working with customers on future changes that are made.

The Physical Access Control System is only a part of the overall picture of FIPS 201 compliance. While not specifically required by the standard, business process rules can be handled in a more automated fashion when the PACS is integrated with the Identity Management System (IDMS).

The Symmetry system from AMAG Technology has the integration capability to allow such a solution as the requirements of the DoD may demand. Since then, Symmetry Security Management Solutions have been selected by a multitude of federal, state and local governments because it cost-effectively delivers the most reliable, flexible and technologically advanced converged security solution available. AMAG Technology will continue to dedicate time and resources to the DoD as standards change and upgrade over time.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3