Company

Let’s get reacquainted. FIPSlink is our APL approved software for Validation and Authentication of FIPS201 Credentials (PIV/CAC/TWIC). That’s the beginning.

The term “zero trust” was first used to describe a security model based on the principle of “never trust, always verify.” Over the last 15 years, IT professionals have embraced this model to never trust a user or device on the network by default, even if that user or device is already inside the network. This strategy ensures that every access request is validated.

Are you issuing a low assurance credentials in a high assurance access control environment? Examples of low assurance credentials are low security access cards like Prox, iClass, SEOS and MiFare Classic/Desfire.  What do you do for students, interns, and short-term employees who may only be on-site for 90 days but will not receive their PIV card until near the end of their time? What about long term contractors or employees who may not be eligible for a PIV card? Visitor badges are intended for short term use, but we know facilities are making exceptions and by doing so taking a big security risk. You can issue all of those people a high assurance credential controlled in your environment instead of taking that risk.

At the recent DEFCON 32 convention in Las Vegas, an interesting presentation (High Intensity Deconstruction: Chronicles of a Cryptographic Heist) was made outlining an approach to “stealing” the keys from certain HID encoders for the iCLASS SE platform.  While much of the talk goes way over my head, it seems like the standard keys for ICLASS SE & SEOS are vulnerable to the approach outlined.

The Cybersecurity Infrastructure Security Agency (CISA) released guidance on the topic of Convergence for federal agencies in 2019. Physical Security and IT departments are increasingly recognizing the reality of converged threats. The traditional separation between these two domains has often led to isolated management of vulnerabilities, which might seem manageable on their own. However, when malicious attacks or simple oversights bridge these gaps, the risks can escalate dramatically.

Next month will mark the 20th anniversary of President Bush signing into law Homeland Security Presidential Directive-12 (HSPD-12) on August 27, 2004. The directive transformed identity management for federal employees and introduced the Personal Identity Verification (PIV) credential.   A few years later FIPS-201-1 was established to meet the security and inoperability goals of HSPD-12.

One of the most critical, or at least most visible elements of TWIC validation revolves around the TWIC Cancelled Card List (CCL), a CSV file published by the TSA daily that defines which TWIC credentials have been cancelled (lost/revoked/etc.) that should no longer be considered valid for use.

Validation and registration of CAC /PIV / PIV-I / TWIC credentials into an access control system via FIPSlink has never been easier. Facility personnel can now register card holders with an Android based handheld device in addition to a windows-based PC or laptop.

Hello! I’m Shane Istre, the new North Region Sales Manager at Identity One. My region covers the Northeast, west all the way to Chicago and South to Maryland.