2016_HSA_Yrbk_YUMPU_r2___
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
GSN <strong>2016</strong> DIGITAL YEARBOOK OF HOMELAND SECURITY AWARDS RECIPIENTS<br />
<strong>2016</strong><br />
GSN <strong>2016</strong> Government Excellence Award<br />
Federal Emergency Management Agency (FEMA)<br />
<strong>2016</strong> Winner<br />
Awards Category:<br />
––––––––––––––––––––––––––––––––––––––––<br />
Most Notable Cybersecurity Program or Technology<br />
Name of Nominated Product, Service,<br />
or Program:<br />
––––––––––––––––––––––––––––––––––––––––<br />
Personal Identity Verification (PIV)<br />
and Single Sign On (SSO) Enablement<br />
Reason this entry deserves to win:<br />
––––––––––––––––––––––––––––––––––––––––<br />
In June of 2015, the Office of Personnel Management<br />
suffered a high-profile data breach which spurred action<br />
on cyber security across numerous agencies. Adrian<br />
Gardner, the Chief Information Officer (CIO) of the<br />
Federal Emergency Management Agency (FEMA), was<br />
determined to safeguard his agency’s information. He<br />
sought a comprehensive, rigorous solution rather than a<br />
“Band-Aid” approach, and had a very aggressive schedule<br />
to implement the solution in six months. Mr. Gardner<br />
requested that 76 high priority systems be Personal<br />
Identity Verification (PIV) Card and Single Sign On<br />
(SSO) enabled to ensure that industry leading security<br />
standards, aligning with FEMA’s Target Actionable Architecture,<br />
would be applied to systems containing user<br />
information.<br />
The FEMA PIV SSO project was kicked off on October<br />
1, 2015, consisting of a joint FEMA-IBM initiative that incorporated<br />
efforts led by the Office of the Chief Information<br />
Officer (OCIO) and supported by various mission<br />
critical FEMA program areas. The scope of the effort<br />
included the implementation of an enterprise security<br />
infrastructure based on the IBM Security Access Manager<br />
(ISAM) Webseal, Federated Identity Manager (FIM)<br />
and Integrated Windows Authentication (IWA) technologies.<br />
FEMA’s systems leverage a wide variety of technologies,<br />
including Java, C++, .NET, PowerBuilder,<br />
and Mainframe. The PIV/SSO implementation approach<br />
varied depending upon the technology and existing<br />
authentication mechanism of the specific application.<br />
FEMA understood that no single solution would be<br />
82