VA PIV Project Concept and Scope
The PIV System is compromised of sub-systems and primary interfaces that work collaboratively to provide required services. The sub-systems that make up the PIV System are independent and fully functional systems, each with their own primary responsibilities and requirements that interface with one another to meet the objectives of FIPS 201. The sub-systems of the VA PIV System are:
One of the primary interfaces of the PIV System includes Physical Access Control Systems (PACS). This primary interface is a fundamental component captured within the PIV System architecture, given that the expectation of the PIV System are to integrate personnel, logical, and physical security services as they pertain to identity. PACS are expected to work in conjunction with the PIV System, in the sense that, the PACS will utilize the identity services of the PIV System and make access and authorization decisions based upon that service. In addition to the primary interface of PACS, there is also a need to have authoritative data made available to the PIV System to support the consolidation and provision of ubiquitous identity across the VA Enterprise. The following interfaces are defined for the PIV System:
The goal of the PIV System is to achieve compliance with HSPD-12 and FIPS 201. Within the context of this goal, the system intends to provide:
The VA PIV Project is a Departmental initiative intended to provide compliance with HSPD-12, FIPS -201, the Federal Common Policy, and related standards which address the Federal Government need for a standardized identity (PIV) credential to be issued all Federal employees and contractors. The PIV credential will be used for identification and authentication across Federal logical and physical access systems. FIPS-201 defines the requirements for the PIV credential enrollment and issuance processes necessary to provide a common assurance level under which all PIV credentials are issued.
The VA PIV System will implement PIV Card, PKI, and Identity and Access Management services to meet the requirements of FIPS 201. The VA PIV System automates the enrollment and issuance processes for the PIV credential, manages the identities of PIV cardholders, manages the lifecycle of the PIV credential, provides data management and provisioning services for interfacing systems, and provides audit and reporting data on PIV System transactions and events. The VA PIV System is also designed to deliver “security as a service” by integrating with the VA Enterprise Architecture service-oriented systems model. It provides an integrated approach to the broad, heterogeneous VA network and forwards the concepts embodied in the One-VA strategic goal. In doing so, the program intends to reduce the cost of ownership for identity services. Further, the initiative offers improved security of critical VA assets and extends broad protection for privacy and identity information maintained by VA.
The VA PIV Project represents a significant commitment by management to control, reduce, and establish reasonable cost structures for authentication and authorization services required to support HSPD-12 compliance. Further, the PIV Project is central to VA’s broad One-VA strategy and will facilitate VA compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the E-Sign Act, new privacy and financial legislation like the Gramm-Leach-Bliley Act, Sarbanes-Oxley, the Architectural and Transportation Barriers Compliance Board Electronic and Information Technology Accessibility Standards (Section 508) and will resolve a VA authentication and authorization “material weakness” that has been cited by the Office of the Inspector General (OIG). The PIV Project will ensure compliance with HSPD-12 and FIPS 201, facilitate VA’s move towards a One-VA approach, reduce costs, and improve the enterprise security posture.