Government Security News 2016 Digital Yearbook
GSN's Homeland Security Awards Digital Yearbook of Winners and Finalists
GSN's Homeland Security Awards Digital Yearbook of Winners and Finalists
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ing Cloud based systems and systems outside of the<br />
FEMA Enterprise Network, were deployed at the end of<br />
March, meeting the initial six-month deadline through<br />
tight collaboration across all stakeholders.<br />
The completion of PIV/SSO enablement is a significant<br />
step in furthering FEMA’s cyber defenses and<br />
controls to better protect FEMA data, including information<br />
from disaster survivors and FEMA partners. The<br />
PIV/SSO effort not only introduced a scalable enterprise<br />
security platform but it also integrated all FEMA’s critical<br />
systems within the infrastructure to ensure the security<br />
of the organization’s applications and the data which<br />
it maintains. This was accomplished with minimal user<br />
interruption as the integrated FEMA-IBM team carefully<br />
planned the deployment of the systems taking into consideration<br />
FEMA restrictions of system changes during<br />
active disaster declarations.<br />
This project PIV enabled FEMA systems at the application<br />
level, allowing FEMA to attain the Level of<br />
Assurance 4, in accordance with the NIST SP 800-63<br />
requirements, for their high value systems. With this<br />
capability, the agency has transformed the way all users<br />
access their applications, simplifying and streaming<br />
their access to the applications while improving system<br />
security and reducing FEMA operational overhead of<br />
manually updating employee records. By creating a<br />
standardized solution approach across disparate identity<br />
architectures throughout different FEMA IT Systems,<br />
this project also reduces the effort for any new system to<br />
be integrated within FEMA’s enterprise security infrastructure<br />
in the future. The FEMA PIV/SSO effort applied<br />
industry-leading security standards and created a robust<br />
security layer, which enhances FEMA’s ability to both<br />
secure and control access to sensitive information. This<br />
implementation not only leveraged an architecture that<br />
conforms to various FICAM model objectives, but also<br />
helped FEMA reach its objective of meeting OMB and<br />
DHS mandates.<br />
Summary highlights of how the PIV/SSO initiative transformed<br />
FEMA’s security posture include:<br />
• Implementation of an architecture that conforms<br />
to goals for Federal Identity, Credential, and Access<br />
Management (FICAM) model.<br />
• FEMA attainment of Level of Assurance 4, in<br />
accordance with the NIST SP 800-63 requirements,<br />
for their high value systems.<br />
• Implementation of appropriate policy controls<br />
such as User Based Enforcement (UBE).<br />
• Reduced PII Exposure and improved audit<br />
reporting.<br />
• A standardized solution across disparate<br />
identity architecture throughout different<br />
FEMA IT Systems.<br />
• Reduced FEMA operational overhead of manually<br />
updating employee records.<br />
84 85
Change language