When managing an unplanned event, threat, or disaster, the last thing anyone wants is to worry about verifying who was in a building or place. This is where the management of identities comes into play. You need to have confidence that people are who they say they are so you can get on with the task at hand.
That’s why, in 2004, the US government issued a directive requiring federal agencies to develop and deploy a credential system. The goal was to create a government-wide standard for secure, reliable forms of identification to be issued to all federal government employees and contractors.
Concerns around potential attacks were at the top of everyone’s mind. It was at this time that the government identified inconsistencies in the quality and security of the identification systems being used to gain access to secure facilities.
From this directive, the US government established its own Identity, Credential, and Access Management (ICAM) strategy, known as FICAM. Initially published in 2009, FICAM provides a common set of ICAM standards, best practices, and implementation guidelines for US federal agencies and the contractors who work with them.
The steps for protecting access to resources
Under ICAM, an organization constructs a trusted digital identity based on a person’s defining attributes through identity management.
Then, using credential management, the organization can associate that digital identity with authoritative proof of the claimed identity.
And, finally, with access management, the organization can leverage trusted identities and authoritative credentials to ensure that only permitted individuals are granted access to protected resources.
The impact of FICAM
As with other ICAM strategies, FICAM is a set of security disciplines that allows an organization to enable the right individual to access the right resource at the right time for the right reasons. Under FICAM, physical access control and logical access control systems must be held to the same standard. Gaining access to servers and physical environments requires the same level of management.
But its goals extend beyond protecting sensitive resources and areas. In addition to standardizing ICAM, the federal management strategy is also intended to reduce identity fraud, enable safe information sharing, and increase efficiency with regards to information technology.
Challenges to making the switch
Despite the fact that FICAM was passed more than a decade and a half ago, many systems—both inside and outside of the federal government—are old and don’t meet the requirements. When it comes to complying, these organizations face a variety of challenges.
In some cases, the cost associated with ripping out an existing access control system (ACS) is prohibitive. For others, an already substantial investment in technology means they’re wary of propriety solutions. But non-compliance could result in forgoing future government contracts.
Traditionally, the options for replacing a non-compliant system or securing a new site were limited. FICAM-approved ACS options were often proprietary in nature. This restricted an organization’s ability to take advantage of advancing innovation and tied it to a single provider.
Now, as organizations look to modernize their systems, they can look to Genetec for certified solutions.
FICAM-compliant options from Genetec
Whether you’re looking to install a new system or retrofit an existing one, Security Center Synergis is built on an open architecture platform that can efficiently validate Personal Identity Verification (PIV and PIV-I) credentials for federal employees and contractors. Our FICAM-compliant options enable you to comply with the most stringent federal standards for access and identity with minimal disruptions. And, because the solutions are non-proprietary, you won’t be tied to a single vendor moving forward.
Option #1: a new installation
For new installations, using onboard authentication with the Mercury LP4502 controller is an efficient and cost-effective approach. By embedding pivCLASS® authentication firmware into a Mercury LP4502 controller, organizations can reduce their hardware expenditures and benefit from a quick authentication process.
Option #2: upgrading an existing system
In the case of a retrofit, upgrading an existing system by adding a dedicated pivCLASS® Authentication Module (PAM) from HID to an installation is a great option. This performs the reader PKI validation to the known and trusted root authority. Authentication using HID PAM allows organizations to manage costs by keeping any supported existing controllers.