Missouri Responder Credentialing Strategy Meeting
- 25 pages
- For Official Use Only
- June 18, 2009
Policy:Public Law 110-53 and supporting requirements
Process:Credential issuance, attribute registration, validation
People:Federal/Emergency Response Official (F/ERO) registrations
Products & services:FIPS 201 infrastructures and tool sets
Practice:NCRC validated demonstrations
Performance measures:Proven capability
Timeline:National roll-out plan
End state: Streamlined investment strategy
…
Public Law 110-53
“Implementing Recommendations of the 9/11 Commission Act of 2007”I.Date of enactment: August 3, 2007
(1) Title IV SEC. 405. FEDERAL RESPONSE CAPABILITY INVENTORY
(2) Title IV SEC. 406. REPORTING REQUIREMENTS
(3) Title IV SEC. 407. FEDERAL PREPAREDNESS
(4) Title IV SEC. 408. CREDENTIALING AND TYPING
(5) Title IV SEC. 409. MODEL STANDARDS AND GUIDELINES FOR CRITICAL INFRASTRUCTURE WORKERS
II.NLT August 2, 2008: The FEMA Administrator is to develop standards for credentialing and typing of incident management personnel, emergency response providers, and other personnel (including temporary personnel) and shall:
(1)provide the standards developed, including detailed written guidance, to
a) Federal agencies that have responsibilities under the National Response Plan and other personnel (e.g. National Infrastructure Protection Plan critical infrastructure/key resources, National Continuity Policy Implementation Plan essential government personnel)
b) State, local, and tribal governments
(2)provide expertise and technical assistance to aid Federal, State, local, and tribal government agencies with implementing the standard
(3)consult with the Secretary of Health and Human Services in developing standards for credentialing health care professionals
(4)establish model standards and guidelines for credentialing critical infrastructure workers that may be used by a State
III.NLT February 2, 2009: Each Federal agency with F/ERO responsibilities are to be credentialed and typed in accordance with the standards
(1) F/ERO personnel are to be registered in the database system (F/ERO Repository) for real time exchange of information and rapid validation of credentialed personnel
(2) F/ERO repository will be populated by Federal agencies via HSPD 12 Issuance Infrastructure
…
Personal Identity Verification Interoperability (PIV I)
Non-Federal Issuers (NFI) Identity Authentication PKI Certificate
NFI PIV Interoperable Cards:
- must include an Identity Authentication PKI Certificate issued by a Certification Authority (CA)
- chains to the Federal Bridge Certification Authority (FBCA) at the Medium Hardware assurance level via cross-certification
This will enable Federal government relying parties to:
- verify the validity of the identity card via the Identity Authentication PKI Certificate
- verify the issuing organization (i.e., CA cross-certified with FBCA)
- be assured that the certificate (and by extension, the card) hasnot been revoked or invalidated since issuance
Identity Proofing
During identity proofing, the applicant is required to:
- appear in person and provide two forms of identity source documents in original form from the list of acceptable documents included in Form I-9
- At least one of the documents must be a valid State or Federal government-issued picture identification (ID)
- This identity proofing process is commensurate with OMB Memorandum M-04-04, E-Authentication Personal Identity Verification (PIV) Interoperability For Non-Federal Issuers
…