January 2009

Securing Education

Views: 148

VeriSign's solutions provided efficient budget monitoring system for US department of education

The U.S. Department of Education (ED) was created in 1980 by combining offices from several federal agencies. ED's 4,200 employees and $68.6 billion budget are concentrated on the promotion of student achievement and preparation for global competitiveness through the use of quality education programs. The department is responsible for establishing policies on federal financial aid relating to education, and the distribution and monitoring of those funds. ED also is chartered with collecting data on America's schools, disseminating education-related research findings, and ensuring that an appropriate nationwide focus is maintained on key educational issues. The department's elementary and secondary programs serve more than 14,000 school districts and approximately 56 million students attending approximately 97,000 public schools and 28,000 private schools. Department programs also provide grant, loan, and work-study assistance to about 11 million post-secondary students.

By Presidential Decree

The Homeland Security Presidential Directive-12 (HSPD-12) was signed in August of 2004, mandating stringent identity verification and authentication checks for all federal employees and contractors. Winona Varnon, director of security services at the U.S. Department of Education, elaborated, “The directive involves validating that a person is who they say they are before they are granted permission to enter a federal building or access federally controlled information systems. HSPD-12 contains very specific requirements for the process of personal identity verification (PIV). It involves a smart card-a “PIV card”-with embedded biometric data, including both facial images and fingerprints, and PKI-based digital certificates obtained from an approved Shared Service Provider public key infrastructure (SSP PKI).” She continued, “We performed extensive market research to determine who would be our PKI provider and issuer of our smart cards. We selected VeriSign after thoroughly reviewing and vetting over 20 companies. We were impressed that VeriSign had the longest history and the best reputation for being a solid provider of PKI solutions. In addition, we were very pleased with the company's obviously excellent track record of working with both federal and private entities.”

Federal Agency Turns to VeriSign for Mission-Critical Services

VeriSign Shared Service Provider PKI Service is built upon a proven, hosted PKI platform with the high reliability, scalability, and availability needed for federal agency mission-critical SSP PKI services. To enable these agencies to deploy a low cost, robust solution for complying with specific Federal Information Processing Standards (FIPS), VeriSign provides a SSP PKI service and a complementary Card Management System (CMS), MyID PIV for VeriSign, for the personalization and management of PIV smart cards. Both VeriSign SSP PKI Service and MyID PIV for VeriSign are on the GSA Approved Products List for FIPS 201-certified products and services. The feature-rich VeriSign SSP PKI Service provides SSP PKI capabilities and functionality, including a Registration Authority (RA), key management, repository, all necessary archive services, and a dedicated federal agency Certification Authority (CA). Additionally, VeriSign SSP PKI Service contains a responder service based on Online Certificate Status Protocol (OCSP). By selecting VeriSign SSP PKI Service, federal agencies are able to take full advantage of VeriSign's highly available and scalable PKI platform to help ensure the availability and integrity of their core SSP PKI services. The VeriSign solution utilizes a global repository service, and can be seamlessly integrated into existing federal agency enterprise directories for storage and retrieval of digital certificates. Audit policies and procedures support the most rigorous compliance requirements. A full suite of disaster recovery capabilities is provided through geographically distributed back-up datacenters with a dedicated secure link to mirror all transactions in the event of a failure with a primary agency SSP PKI CA. MyID PIV for VeriSign was certified by the GSA in 2006, making VeriSign the first vendor to receive certification using FIPS 201 compliant certificates. By adopting a wholly standards-based approach, the U.S. Department of Education was more quickly and cost-effectively able to implement a proven HSPD-12 solution, saving tax payers' money.

VeriSign's Powerful Combination of PKI Services

My ID PIV for VeriSign is integrated with VeriSign SSP PKI Service. Together they offer numerous and flexible deployment alternatives, with custom tailored features and workflow options for meeting FIPS 201 requirements. The solution integrates user enrollment, document capture, biometric capture, card production, credentialing, and printing within a strictly role-separated application suite. Varnon recalled, “As a result of VeriSign's industry leadership in PKI and related identity protection solutions, it is well positioned to provide support to the other vendors engaged by the department to deliver products and services in support of HSPD-12 compliance-so we purchased 30 days worth of VeriSign Professional Services. VeriSign's unique ability to leverage established relationships with other GSA approved HSPD-12 vendors to achieve near seamless product integration provided the necessary experience and leadership the department needed in accomplishing such a complex undertaking. The implementation went extremely smoothly. We have since issued approximately 1,800 cards and we're ahead of schedule, by September 1st 2008 we will have issued a total of 5,200 cards.”

As part of HSPD-12, the U.S. Department of Education performs a stringent series of verifications on each individual application, including corroboration of supplied statements, confirmation of physical characteristics, and a detailed national agency background check (incorporating employment, criminal, and military verifications, where relevant). All verified information is entered into the enrollment application, and sent electronically to the security management system where it is substantiated once again by an ED employee. At this point, the entire record is sent to MyID PIV for VeriSign prior to creation of the physical smart card. Once claimed by the applicant, a final fingerprint match is performed and a 6-digit PIN is assigned prior to the issue of a certificate against the approved smart card. PKI digital certificates are fully hosted through managed services provided through VeriSign SSP PKI Service. “The VeriSign Professional Services Organization's unique ability to partner with the Department of Education in the review, evaluation, implementation and compliance with the myriad of requirements identified in all related National Institute of Standards and Technology (NIST) documentation as well as FIPS 201 is directly proportionate to the success achieved here at the Department,” Varnon stated. “From the outset, VeriSign was able to leverage best-of-breed industry experience with PKI and integrate it with a comprehensive understanding of the government's objectives to help accelerate the project timeline. VeriSign's offering of VeriSign SSP PKI Service, MyID PIV for VeriSign, and related key management capabilities, with VeriSign Professional Services resulted in us being able to focus on those elements and aspects of the solution where the department's in-house skills and competencies would be most beneficial.”

Benefits Abound

Varnon explained some of the benefits she experienced, “We see great advantages from having implemented a common security credential that will become interoperable across multiple government tiers-if an individual has a validated smart card, then any federal agency has the ability to access the shared services bridge for PKI-based digital certificates and validate that this person really is who they say they are. By utilizing the VeriSign solution, we have great flexibility for the future, and are well positioned to handle upcoming federal mandates with the minimum of fuss. I also feel confident that the smart card is extremely difficult to tamper with, or to use in an inappropriate manner. A great by-product of this initiative is that it has forced every agency to reevaluate all existing personal identity validation related data-we've been able to start with an entire database of clean, accurate, and current data.” She concluded, “VeriSign SSP PKI Service has achieved full Authority to Operate (ATO) and is fully certified and accredited by GSA. VeriSign's ATO status was a significant contributing factor to the department's recent achievement of full ATO compliance with all aspects of the Department of Education HSPD-12 solution.

I would absolutely recommend VeriSign-it goes above and beyond to make sure we are completely satisfied. Without any doubts this is a superior PKI solution and one that is unmatched by any other vendor or government-managed service offering that I know of. I feel very secure that this is the best product on the market-so secure, that I have bet my career and the success of ED's ability to comply with HSPD-12 on it!”

Comments

comments

Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top