Published on 1 November, 2013
|FICAM testing program ensures that products conform with existing APL approval procedures
HID Global, a worldwide leader in secure identity solutions, and Tyco Security Products, part of Tyco, the world’s largest pure-play fire protection and security company, announced recently that the companies have joined forces to deliver the industry’s first fully FICAM-compliant solutions for end-to-end physical access control systems (PACS). The complete offering comprises each company’s federal identity solutions, providing added value through increased security, cost efficiencies and interoperability. The U.S. General Services Administration (GSA) introduced the new FICAM testing requirements earlier this year as part of a realignment of its Approved Products List (APL) with the FICAM roadmap for standardisation and a consistent approach to deploying and managing appropriate identity assurance, credentialing, and access control services.
The GSA test program included subjecting the system components to dozens of attacks to ensure that the system is not prone denial of service, credential spoofing, or other types of unauthorised access. The FICAM testing program ensures that products conform with existing APL approval procedures, and integrate other vendors' products to create a complete end-to-end high assurance solution that government agencies can procure. End-to-end systems are tested both as individual components as well as holistically to ensure that agencies meet all of the requirements in FIPS 201 and SP 800-116.
The solution includes: HID Global’s
pivCLASS® Registration Engine,
pivCLASS Certificate Manager,
pivCLASS Reader Services,
Module (PAM), pivCLASS
IDPublisher™, and pivCLASS
“FICAM testing is by far the most comprehensive testing that we have seen,” stated Bob Fontana, vice president of engineering, Federal Identity Solutions with HID Global. “HID Global is excited to be part of the first FICAM-compliant system approved by the GSA and available to the U.S. Government. The government has raised the bar in standardisation and HID Global has met this challenge, offering federal agencies improved security solutions.”
The HID Global and Tyco Security Products PACS solution includes: HID Global’s pivCLASS® Registration Engine, pivCLASS Certificate Manager, pivCLASS Reader Services, pivCLASS Authentication Module (PAM), pivCLASS IDPublisher™, and pivCLASS RK40®/RKCL40™ readers, as well as Tyco Security Products’ Software House C•CURE 9000 security and event management system.
The pivCLASS Registration Engine seamlessly integrates with Tyco’s Software House C•CURE 9000 for PIV and PIV-I card validation, provisioning, and de-provisioning when a certificate is no longer valid. Credentials presented at the door are cryptographically challenged by the pivCLASS PAM. If the card is authentic and valid, the card identifier is passed to the Software House iSTAR controller, which performs the authorisation check before admitting the cardholder. A special messaging interface ensures that all invalid transactions are captured and forwarded to the C•CURE 9000 PACS event monitor.
“The successful testing of Software House’s C•CURE 9000 for FICAM end-to-end compliance, together with HID Global’s pivCLASS Government Solutions portfolio, assures U.S. Federal agencies that they are procuring FICAM solutions that will meet all of the FIPS 201processing standards,” said Stafford Mahfouz, Manager of Government programs for Software House, Tyco Security Products. The companies’ solutions on are the GSA Approved Product Listing.