More Than a Flash of a Pass

August 2007
By Rita Boland

An enrollment officer uses a document authenticator to scan and verify an applicant’s source document at a Federation for Identity and Cross-Credentialing Systems (FiXs) enrollment center. FiXs is working with the federal government and contractors to create a uniform identification authentication system.
A Web-based system confirms the legitimacy of credentials.

The U.S. Defense Department has established an identification authentication network between itself and private industry. The worldwide, federated system will protect physical access to military and secure locations while maintaining personnel privacy. The network ultimately will be used for logical access as well. 

The Defense Cross-Credentialing Identification System (DCCIS) allows member organizations to authenticate visitors from other member organizations. All parties store and maintain identification data on their own personnel, and the information is shared securely on demand, with data such as social security numbers protected because it never leaves the home database. 

DCCIS meets specific physical access control requirements across the Defense Department and its contractors. Developers designed the system to read a range of media and to accept a range of credentials to accommodate the differences in identification badge systems and credentials.

The Office of Information Assurance at the Office of the Assistant Secretary of Defense for Networks and Information Integration, the Office of Force Protection, the Under Secretary of Defense for Intelligence and the Defense Manpower Data Center (DMDC) are the federal sponsors of DCCIS. The DMDC acts as the implementation agency. The first phase of the program—physical security—began recently.

Mary Dixon, director of the DMDC, explains that the program aims to curtail the culture of “flash passes” in which people simply present an identification card and the guard determines whether to let them pass. “We need to move in the direction of being able to authenticate,” Dixon says.

The authentication entails ensuring that the individual holding the credentials is the actual person and that the credentialing organizations went through the proper steps to guarantee correct identification. Officials at the specific locations still have the final authority to grant or deny access to anyone, but DCCIS validates that the individuals applying for admittance have undergone a background check and that the check was conducted according to an established screening method.  DCCIS makes bases more secure and guarantees that the credentials being presented are valid and that the presenter went through a vetting process.

The DMDC knew it could institute the system with Defense Department credentials because the department already had built a similar system in which guards scan a card and use the Defense National Visitors Center (DNVC) Web-based application to access the database that issued the credential. The database provides a picture of the credential holder, his or her name and affiliation along with the option to perform a biometric check. Dixon says the DMDC was less certain about how to incorporate all of the military’s partners.

The DMDC initiated DCCIS with its industry partners so military installations would have some assurance that companies researched employees before issuing credentials to them. The parties agreed on a set of operating rules for background checks and on what information they would store. Also, the parties had to agree to revoke the credentials within a certain number of hours after an employee leaves a company. “That was equally important,” Dixon explains. The system now is updated within three hours of an employee’s departure.

To mediate between the parties and to develop independent standards, the nonprofit Federation for Identity and Cross-Credentialing Systems (FiXs) was formed. FiXs is a coalition with a mission to “establish and maintain a worldwide, interoperable identity and cross-credentialing network built on security, privacy, trust, standard operating rules, policies and technical standards.” The FiXs network verifies and authenticates the identities of personnel seeking access to government-controlled areas as well as secure commercial sites.

An enrollment officer captures an applicant’s fingerprint into the FiXs network as part of the enrollment process. Biometrics technology is being used to validate credential holders.
FiXs officially was formed in November 2004 as a forum for companies to exchange information among themselves and with the government on issues such as privacy, human relations, trust models, risk and liability and financial penalties. FiXs developed the initial trust model and in December 2004 met with the National Institute of Standards and Technology to share what it was doing. From this, a proposed group of rules and processes eventually became Homeland Security Presidential Directive-12 (HSPD-12). The directive mandates the development and implementation of a governmentwide standard for a secure and reliable new identification card issued to federal employees and contractors. FiXs complies with HSPD-12 and provides the interoperable network it requires.

One of the founding members of FiXs is the National Automated Clearing House Association (NACHA), which develops operating rules and business practices for the financial industry. NACHA helped FiXs draft the original rules for and navigate through the legal issues of setting up the network. “What we’re doing here is standing up an identification authentication network that is not unlike the automated teller machine network or the credit card network that you would be used to seeing if you went to your bank,” Dr. Michael Mestrovich, president of FiXs, explains.

For instance, in the finance world, a network reads a credit or debit card and provides information about the user. DCCIS works in much the same way. Mestrovich shares that these networks operate only if they have a strong principle of governance, operating rules and privacy and legal policies. The most difficult part of the FiXs network process, he adds, is getting all the lawyers, human resources personnel and security staff to agree on a common work set. Just as banks have to trust each other, the parties participating in DCCIS have to have faith in their partners.

With DCCIS, companies stand behind the individuals they sponsor and retain the data on them. “It is federated,” Mestrovich states. “There is no big database in the sky.” FiXs and DMDC officials signed a memorandum of understanding in January 2006 that made official their agreement to trust each other’s policies.

Dixon shares that her organization benefits from not having to issue a credential to everyone who needs access to an installation or to store privacy information on those people. Also, companies know when employees leave their service before the DMDC does, so the system is updated more quickly.

With DCCIS, a card or credential is scanned and read; the information goes to a gateway broker that reaches back into the issuing database to determine whether the credential is good; minimal information such as name, gender and date of birth are displayed; and a biometric check question is asked. The system works whether a contractor wants access to a government area or a federal employee or service member needs entrance to a secure location.

SRA International and Northrop Grumman are two companies participating in the early stages of the DCCIS effort. Northrop Grumman is managing the databases for both companies and has completed the design, development and testing of its systems. It is making its systems compatible with the applicable standards, and its personnel will be issued the new credentials. The company plans to retrain human resources and security personnel to execute the vetting process, enrollment and provisioning in accordance with DCCIS operating rules.

The program will improve security by making current information on personnel available in near real time and by streamlining sharing of identity verification across agency boundaries. Employee privacy also is enhanced because organizations will not release personal data to other agencies. Data never leaves the repository because the identity match is done at the database site.

In addition to providing credentials to contractors, Northrop Grumman will accept government common access cards (CACs) and all industry credentials that are Federal Information Processing Standards Publication 201 (FIPS-201), HSPD-12 and DCCIS compatible once the company’s DCCIS credentialing systems are fully implemented.

DCCIS can accept the two major types of Defense Department credentials—CACs and Teslin cards. Dixon explains that a CAC issued at one location does not guarantee access to another. Using DCCIS, security personnel can authenticate staff from other installations. More than three million CACs will be authenticated internationally through the network. Teslin cards, used primarily by military family members and retirees, operate the same way; however, family members’ cards do not contain biometric information.

The FiXs cards meet HSPD-12 specifications mandating the location of photographs and chips. The cards will have the company logos on them. FiXs does not issue credentials—but instead certifies them—so each card will have a FiXs logo on the back. The cards also will have color differentiations.

To receive FiXs certification, companies must apply for an authority to operate under the system. FiXs then sends an independent certification team to perform an audit, though Mestrovich explains that the term “audit” is used loosely in this context. The team incorporates a checklist to ensure the companies are following all the rules regarding background checks, data storage, security personnel and other criteria. The cards also have to meet a standard, as do the sites where data will be stored. Companies can choose to create their own databases or obtain a contractor for this work. The servers containing the databases access the FiXs network through a trust gateway broker.

Mestrovich believes that using the federated system with various databases protects information better than would a centralized database. “It’s much more difficult to get into several databases as opposed to getting into one,” he points out. He adds that most people talk about “federation” in the technical sense, but FiXs also focuses on federated governing procedures.

Although DCCIS is an operational system, each location can choose whether to implement it or do without. “It’s a tool available to anyone who wants it,” Dixon shares. According to the DMDC, DNVC/DCCIS sites include the DMDC and the Defense Language Institute in Monterey, California; 1555 and 1600 Wilson Boulevard, Rosslyn, Virginia; Fort Hood Visitor Control Center and Fort Hood 11th Military Police Battalion, Fort Hood, Texas; Washington Headquarters Services Naval Research Center, Washington, D.C.; the U.S. Coast Guard Headquarters, Washington, D.C.; and the DMDC Support Office–Asia.

DCCIS maintenance is included in DNVC maintenance. Software and hardware are hosted on existing equipment and software licenses, so DCCIS incurs no additional hardware or software costs. To implement the system at a military base level, installation would require access to the Internet and a method to scan the credential such as a barcode reader.

Dixon says DCCIS has operated smoothly with no major complaints. Personnel using the system commented to the DMDC that they are impressed with it. Dixon hopes anything that makes it tougher to access facilities under false pretenses will deter people from trying.

According to Dixon, more parties, including the U.S. Northern Command, are showing interest in systems that authenticate credentials. She hopes many organizations will take advantage of what DCCIS offers, and she plans to bring other federal agencies and coalition partners into the network. FiXs officials have approached the U.S. Department of Homeland Security and the General Services Administration to demonstrate to those agencies that the solution is scalable to the rest of the federal government. The Defense Department also has suggested the scalability. Mestrovich is confident the network can scale because it is truly federated.

In addition to accepting other government partners and coalition personnel in DCCIS, additional plans for the project include rolling it into the logical aspect to validate identification on computer networks. FiXs is working with a coalition of aerospace companies called the Transatlantic Secure Cooperation Program on solutions for logical identification. “We are trying to converge the two programs and see if we can mesh and adopt across the FiXs network,” Mestrovich says. The next benchmark for FiXs is successfully persuading federal, state and local governments to accept the network on a larger scale.

Web Resources
HSPD-12 Information: