Archive for May, 2012
Government PIVs : A Piece of the Security Puzzle

Government PIVs : A Piece of the Security Puzzle

                If you work in a government office or are a government contractor then chances are you have some form of government identification. That would be called a Government Personnel Identification Verification Card (PIV). For government workers and contractors, this smart card is an important piece of equipment. The PIVs are part of the Federal Information Processing Standard Publication 201 (FIPS 201) which is U.S. Federal government standard that specifies PIV requirements for federal employees and contractors. It also grew out of Homeland Security Presidential Directive 12; which in 2004 originally called for a standardization of identification for government employees and contractors.

Having a PIV will give you access to government/sensitive information and the equipment that monitors, contains and destroys of that information. It is meant to prevent the unauthorized access of government buildings and computer systems.

What is a PIV? A PIV is a card system implemented to store and collect biographic and biometric information which includes; full name, social security number, applicant ID number, date of birth, current address, a digital color photograph, fingerprints (10), biometric template (two fingerprints), organization, employee affiliation, work e-mail address, work telephone number, office address, copies of identity source document, employee status, military status, foreign national status, federal emergency response official status, law enforcement official status, results of background check, government agency code and PIV card issuance location.

All of this information is collected and combined with a Personal Identification Number (PIN), expiration date, card serial number, issuer identification number and a Contact Integrated Circuit Chip (ICC)/contactless ICC. There is also PIV authentication key, PIV registrar approval and a cardholder unique identifier which is used to authenticate the cardholder to host computer systems.

Why is all this information collected? This information allows the Department of Justice (DOJ) the ability to conduct background investigations and other national security checks for government employees and contractors. It also completes the identity proofing and registration process and creates a data record in the PIV Identity Management System (IDMS). The final result will be the issuing of a PIV card.

The privacy issues of each individual are also addressed. The risk of data compromise is addressed by physical, administrative and technical security measures. All information is on a need to know basis and all individuals with access have undergone vetting processes and have been trained to protect privacy data. Employee/contractor data is also protected in the physical sense with locked doors and storage containers and hosting facility buildings have security guards and secured doors and all entrances are monitored by surveillance equipment. Picture ID badges are required for access to the data and facilities. Technically, the data is encrypted when in transit and secured networks and servers are used.

A complete copy of the PIV standard and all its information can be found here.

All right, they have all this personal information and they secure it safely. Good news but what happens when the data is updated, revised or discarded? Computer files are easily changed and updated but paper copies that contain now incorrect information can’t just be tossed in the dumpster out back. They need to be shredded before disposal. That is where K.L. Security and our division of Dahle Paper Shredders come in.

Like with many other products, the government demands a higher standard for shredders that are used to destroy sensitive information. Our NSA/CSS 02-01 High Security Paper Shredders meet the current standard for the destruction of top secret COMSEC documents and materials and our products can be found on the NSA/CSS Evaluated Products List (EPL) for high security crosscut paper shredders; being on this list means that our products have been evaluated by the NSA or its designee and they meet the requirements of NSA/CSS 02-01.

One of our products on this list is the 20394 High Security Paper Shredder; it has a 16” feed opening and is driven by a powerful 2 hp motor. The solid steel frame houses and aligns two perfectly matched cutting cylinders that are milled from a single bar of German Solingen steel. The design maximizes durability and minimizes flexing to produce a consistently 1mm x 4.7mm particle size. It is also housed in a wooden cabinet with casters, making it easy to move and position in different places of operation.

The 20434 NSA-CSS 02-01 High Security Shredder has a lot of great features. It is designed to be used in a small office setting or by a team of employees for the destruction of top secret documents. Among the features are electronic sensors that turn the shredder on when you’re ready to use it and shut it off when the shred compartment is full or open. The matching pair of solid steel cutting cylinders is capable of reducing a single sheet of paper into over 15,500 particles. While the particles are reduced to such a small size that they’re impossible to reassemble, we still recommend that you stir the shredded paper to protect security and mitigate risk.

We want this article to serve two purposes. First off, if you are a government employee/contractor, we want you to be fully aware of how and what government security precautions and standards affect you. Second, we want to tell you about our NSA/CSS/GSA approved products that would be perfect for use in your government office. Information is digitalized across the boards nowadays but paper copies remain or can be produced. You must be prepared to shred documents when the need arises, use the right shredder.