This white paper highlights a successful pilot visitor management project undertaken by a U.S. federal government agency, which successfully meets the objectives of FICAM use case 4.9. ADT Security Services integrated the solution, which included technology from SISCO® and Codebench.®

Introduction
Over 5 million Personal Identity Verification (PIV) smart cards have been issued to federal employees, yet there has not been widespread usage of PIV smart cards for authentication and access to agency's facilities, networks and information systems. On February 3, 2011, the Office of Management and Budget (OMB) and the U.S. Department of Homeland Security (DHS) issued an enforcement memo¹ outlining required steps that federal security officials must take to meet HSPD-12 objectives of fostering a single trusted identity system, unifying physical and logical security, and increased efficiencies.

Agencies have been directed to align their plans with the Federal Chief Information Officers (CIO) Council's Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance². The FICAM Roadmap outlines a visitor management use case and target future state (Section 4.9) for how agencies should perform credentialing and validation of visitors to federal facilities.

This white paper highlights a successful pilot visitor management project undertaken by a U.S. federal government agency, which successfully meets the objectives of the FICAM use case 4.9. ADT Security Services provided the integrated solution, which included technologies from SISCO® and Codebench.®

The Background
The FICAM Roadmap points out that "today there are disjointed processes and mechanisms for performing identity proofing and temporary credential issuance for visitors, regardless of whether they hold a valid federal agency identity card or not." FICAM outlines a target state (Section 4.9.2) for PIV-enabled visitor management, in which it is expected that agencies will continue to:

• Automate to eliminate cumbersome paper-based processes
• Improve traceability for visitor sponsorship and access logging
• Reduce the amount of time necessary to process visitors upon arrival at the facility

For visitors from another federal agency, the target state will standardize on the use of PIV credentials for access and will incorporate the ability to provision outside PIV card credentials into the Physical Access Control System (PACS) and perform electronic authentication and validation of card certificates.

For individuals who require long-term facility access but do not meet the requirements to receive a PIV card, it is expected that agencies will adopt a common approach for issuing and accepting a Facility Access Card (FAC), subject to agency or facility security policies. A FAC is an ID card that is technically compatible with, but physically and electronically distinct from the PIV card. The FAC should be interoperable with PIV cards and allow for access to local facilities through electronic authentication mechanisms.

FICAM Roadmap - Figure 40: Use Case 9 Target Process Diagram²

The Problem
The FICAM Roadmap points out two gaps between "as-is" and target states. Up until now, federal agencies have faced:

1. Lack of automation and consistency in agency processes/systems used for visitor access control. Agencies should upgrade current technologies, including Web-enabled functionality, to support more automated processes for submitting an access request form (prior to arriving at a site). Additionally, software should be implemented to enforce escort rules at access points.
2. Inability to electronically authenticate and accept PIV and PIV-interoperable credentials from visitors. PACS should make use of PIV and PIV-interoperable credentials (including certificate checks for Level 4 access points) for across-agency visitors.

One of ADT's federal customers sought a robust visitor management solution at its headquarters site to migrate to the target state. In addition, the agency wanted to control costs by streamlining competing/redundant security activities across the agency and enable seamless access for all employees, regardless of which federal government agency they worked.

The Solution
Up until now, there has not been an integrated visitor management solution implemented that met the future state requirements. ADT integrated capabilities from two technology firms to create a solution that will meet the government's requirements in a simple, but robust, manner.

ADT's solution features SISCO's GOV-PASS® visitor management system and Codebench's application for FIPS-201- compliant credentials. The site protocol requires all visitors to be pre-authorized and have identification, including a U.S. government-issued state ID or driver's license, a valid passport or a PIV card. A current photo of the visitor can also be captured. The data will be verified against a pre-authorized list of visitors, and if cleared, a non-transferable photo pass will be issued.

When a PIV card is presented, upon validation of the PIV credential with the Federal Bridge, the PIV will be automatically enrolled into the agency's PACS server, and access rights through the "front doors" will be assigned to the PIV credential.

When the visitor is cleared, an email or SMS notification of visitor arrival will be sent to the respective person being visited.

Improved Process

Benefits Summary
The agency is now able to allow all employees and contractor personnel logged into the agency's domain to preauthorize visitors. For the first time, visitors from federal government agencies, who are in possession of a valid PIV credential, will be able to use their PIV credential as the access medium for entrance into, and display while in, the agency's facility.

The integration with the PACS is seamless, and requires no interaction with the PACS server by the operator. ADT's enterprise integration is capable of interfacing with terminals in all of the agency's buildings across the country, while maintaining all of the records in a centralized database. This process will help to reduce the time it takes to sign in visitors, provide an improved audit trail, and reduce the overall manpower required to process, track and escort visitors.


For more information on ADT's visitor management solution, please contact:

Don Woody
ADT Security Services, Inc.
Federal Systems Division
301.247.2222
dwoody@adt.com

1. Office of Management and Budget Memorandum M-11-11, Jacob J. Lew, February 2, 2011


2. Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidence, Ver. 1.0, Nov. 10, 2009

Information in this article is current as of June 2011, the publication date. No part of this document may be reproduced in whole or part without the prior written permission of ADT. License information available at www.adt.com/licenses or by calling 1.800.ADT.ASAP®. © 2011 ADT. All rights reserved. ADT, the ADT logo and 1.800.ADT.ASAP are registered trademarks of ADT Services AG and are used under license. All trademarks not owned by ADT Services AG are the property of their respective owners, and are used with permission or allowed under applicable laws.