ActivID Credential Management Solutions

enables government agencies to trust the identities of their users to grant them physical and logical access

Credential Management for Government Agencies

Identity Assurance for Government Agencies. Secure Access without Compromise.

HID Identity Assurance solutions enable government agencies to deliver a well-orchestrated experience that meets stringent compliance mandates.

The HID Identity Assurance portfolio enables government agencies to establish trust in the identities of their users, so they can grant them appropriate access to buildings, networks, systems and cloud-based resources. With more than 200 local, state, federal and international government agencies in the U.S., Europe, Asia, Australia and beyond, there are literally millions of government employees who carry and use credentials issued by HID Global to get secure access to the resources they need. HID Global has the experience agencies can rely on to deliver a simple, coordinated approach to delivering strong authentication for physical and online access.

As governments adapt to the ever-changing threat landscape and increasingly towards the mobile environment, it’s more important than ever to have a comprehensive solution that can address all the agencies’ Identity Assurance requirements today and in the future. HID Global solutions can help government agencies support:

Increased Security - with multi-factor authentication; HID Identity Assurance solutions have been certified or approved for the following standards:

  • Common Criteria / NIAP - In June 1993, the sponsoring organizations of the existing US, Canadian, and European criteria (TCSEC, ITSEC, and similar) started the Common Criteria Project to align their separate criteria into a single set of IT security criteria. Version 1.0 of the CC was completed in January 1996. Based on a number of trial evaluations and an extensive public review, Version 1.0 was extensively revised and CC Version 2.0 was produced in April of 1998. This became ISO International Standard 15408 in 1999. The CC Project subsequently incorporated the minor changes that had resulted in the ISO process, producing CC version 2.1 in August 1999. Today the international community has embraced the CC through the Common Criteria Recognition Arrangement (CCRA) whereby the signers have agreed to accept the results of CC evaluations performed by other CCRA members. The US program for Common Criteria certification is called NIAP which stands for National Information Assurance Partnership.
  • U.S. DoD Joint Interoperability Test Command - The Joint Interoperability Test Command (JITC) is the Public Key Infrastructure (PKI) test and certification organization for the U.S. Department of Defense (DoD). JITC has replicated the DoD's PKI environment to ensure a commercial product will meet their PKI standards when the product is fully deployed and in use within the DoD.
  • FIPS 140-2 - The Computer Security Division of the U.S. National Institute of Standards and Technology (NIST) manages a number of FIPS (Federal Information Processing Standards) covering cryptography, that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). These standards have been adopted by the U.S. and Canadian governments to guide their purchases of products that are intended to protect the security of electronic information and e-commerce. FIPS 140-1 standard was created in 1994 and it specifies requirements for the proper design and implementation of products that perform cryptographic operations. In 2001 a more stringent version of the standard was released called FIPS 140-2. Products are certified under the FIPS CMVP (Cryptographic Module Validation Program). CMVP is managed by NIST and CSE, the Communications Security Establishment of the Canadian government. The CMVP charter is to make sure that products correctly implement FIPS-approved cryptographic standards. FIPS 140 has four levels and these levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed.
  • FIPS 201The Federal Information Processing Standard 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, was developed by NIST in response to the Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, which mandates the establishment of a standard for identification of Federal Government employees and contractors. The FIPS 201 PIV card is to be used for both physical and logical access control.

Mobile Access – providing identity assurance in critical situations that require accurate information about credential holders, but where connectivity may be unreliable, such as in First Responder, maritime and transportation, and border control scenarios.

eGovernment Intiatives – offering a cost effective and easy to manage single authentication and authorization solution for creating secure eGovernment systems; enables users to connect and access eGovernment applications from any location, through a variety of devices, using any of the more than 20 supported strong authentication methods.