HID Global’s pivCLASS Registration Engine provides the VA Financial Services Center with a single, PIV-compliant access control credential. The Financial Services Center in Austin, Texas is an organization of the U.S. Department of Veterans Affairs that offers a range of financial and accounting products and services to both the VA and other government agencies.
When the Financial Services Center and its 300 employees moved into a brand new facility it needed to implement an access control and credentialing system that would both enable it to manage the access of its employees and also comply with FIPS-201, which requires a common identification standard for Federal employees and contractors as mandated by the government thanks to HSPD-12, Homeland Security Presidential Directive 12.
Secured government buildings
With few reference points within the U.S. Department of Veterans Affairs, the VA Financial Services Center would enter unchartered territory as it began the process to implement Personal Identity Verification (PIV) cards as its credentialing solution for all of its employees and contractors.
VA Financial Services Center needed to implement a solution, verify the cardholder’s identity, and then harvest the data for use
The project was one of the first of its kind where a government facility planned to use the full capabilities of the PIV card for its employees and contractors to gain physical and logical access to secured government buildings and computer resources, according to Royce Cox, account manager at Tech Systems’ local Austin office. Tech Systems served as the systems integrator for the Financial Services Center project. To use the full capabilities of the PIV card, the VA Financial Services Center needed to implement a solution that could validate each employee’s PIV credential, verify the cardholder’s identity, and then harvest the data for use with a physical access control system.
Effective access control
The VA Financial Services Center turned to HID Global’s pivCLASS Registration Engine software, to provide a solution with the ability to receive, store, recall and send information in a secure fashion from each PIV card to the physical access control system. pivCLASS Registration Engine, a software-based solution, is used in conjunction with the Software House C•CURE 800/8000 physical access control system to allow the VA Financial Services Center to use the PIV card as a single card access control solution facility-wide. Card holders use the PIV ID card to gain access into the building and verify privileges once inside the facility.
“This system allows us to automate the entry of PIV badge information into the physical security system, ensuring effective access control. Additionally, it allows us to easily grant limited access (areas within the building and time access) to VA employees visiting from other stations, which eliminates the need for visitors to wait for daily passes,” said Howard Harrison, VA Financial Services Center Facility Manager. “Also once in the system, as long as there is not a badge change we can grant access on an as visit basis.”
Revocation status of the cardholder
If at some time in the future it finds that a certificate has been revoked, it can go in to the C•Cure system and suspend the card as well"
In addition to using the PIV cards for internal facility and logical security access purposes, the Financial Services Center continuously checks the revocation status of the cardholder of the FIPS 201 compliant card on an ongoing basis.
“After registering the PIV cards in the VA’s C•Cure 800 access control system via pivCLASS Registration Engine, our software revalidates all the certificates that we know about each day,” said Geri Castaldo, vice president of Business Development, Federal Identity with HID Global. He further added, “If at some time in the future it finds that a certificate has been revoked, it can go in to the C•Cure system and suspend the card as well as send an email to a distribution list and say that it found a revoked card.”
Results Today, the Financial Services Center uses its PIV cards to manage the access of employees and contractors at its Austin, Texas facility. In addition, employees also use their PIV cards to log onto their computers, providing for a more secure environment within the facility.