Download:
pdf |
pdfPrivacy Impact Assessment
for the
Personal Identity Verification
October 13, 2006
Contact Point
Cynthia Sjoberg
Program Manager, HSPD-12
Training and Operations Security Division
Office of Security
Department of Homeland Security
(202) 447-5010
Reviewing Official
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
(571) 227-3813
�Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
(!I
' la'~ Homeland
~~~-~
/tosi'-~
..
secur1•ty
Introduction
Program Overview
Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, required the
establishment of a standard for identification of Federal Government employees and contractors. HSPD-1 2
directs the use of a common identification credential for both logical and physical access to federally
controlled facilities and information systems . This initiative is intended to enhance security, increase
efficiency, reduce identity fraud, and protect personal privacy.
HSPD-12 requires that the Federal credential be secure and reliable. A secure and reliable credential
is defined by the Department of Commerce (DOC) as a credential that:
• Is issued based on sound criteria for verifying an individual's identity
• Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
• Can be rapidly authenticated electronically
• Is issued only by providers whose reliability has been established by an official accreditation
process
The National Institute of Standards and Technology (NIST) was asked to produce a standard for
secure and reliable forms of identification. In response, NIST published Federal Information Processing
Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and
Contractors, issued on February 25, 2005 . The credential is for physical and logical access, and other
applications as determined by the individual agencies.
FIPS 20 l consists of two parts: PN I and PIV II. The standards in PIV I support the control
objectives and security requirements described in FIPS 201, including the standard background
investigation required for all Federal employees and long-term contractors. The standards in PIV II support
the technical interoperability requirements described in HSPD-12. PIV II also specifies standards for
implementing identity credentials on integrated circuit cards (i.e., smart cards) for use in a Federal PIV
system. Simply stated, FIPS 201 requires agencies to :
• Establish new roles to facilitate identity proofing, information capture and storage, card issuance
and maintenance, and privacy concerns.
• Develop and implement a new physical and technical infrastructure.
• Establish processes to support the implementation of a PIV program.
In response to HSPD- 12 and to meet the requirements summarized above, the Department of
Homeland Security's (DHS) Office of Security is responsible for the identity management and all aspects of
the Department's HSPD-1 2 implementation including serving as the main internal and external point of
contact with respect to program planning, operations, business management, communications and
technical strategy. The Department is currently .expecting to equip approximately 5500 PIV cards for
physical and logical access at two facilities nationwide beginning in fiscal year 2007 .
2
�Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
ti£)~ Homeland
'"9~ Security
PIA Scope
This PIA provides detail about DHS's role in the collection and management of personally
identifiable information (PII) for the purpose of issuing credentials (ID badges) to meet the requirements
of HSPD- 12 and comply with the standards outlined in FIPS 20 I and its accompanying special publications.
HSPD-1 2 requires a standardized and secure process for personal identity verification through the use of
advanced and interoperable technology. This resulted in a need to collect biographic and biometric
information. This PIA covers the information collected, used, and maintained for these processes,
specifically the:
(i) background investigation; (ii) identity proofing and registration; (iii) Identity
Management System (IDMS), the database used for identity management and access control; and (iv) the
PIV card.
As noted previously, PIV-I requires the implementation of registration, identity proofing, and
issuance procedures in line with the standards of FIPS 20 I; however, the collection of information for
background investigations has been a long-standing requirement for Federal employment. This process
and the elements used are not new. The forms and information collection for the background investigation
process will continue to occur. The PIV-I does not require the implementation of any new systems or
technology. The DHS will continue to issue existing ID badges under PIV-I, but the process for credential
application and issuance will conform to requirements of HSPD-1 2 and FIPS 2 0 I.
This PIA covers both the PIV-I and PIV-II processes. This system will be referred to throughout this
PIA as the DHS's PIV system and the credentials issued referred to as PIV cards.
Basic Program Control Elements
Secure and reliable forms of identification for purposes of this directive means identification that
(a) are issued based on sound criteria for verifying an individual employee's identity; (b) are strongly
resistant to identify fraud, tampering, counterfeiting, and terrorist exploitation: ( c) can be rapidly
authenticated electronically; and ( d) are issued only by providers whose reliability has been established by
an official accreditation process.
Each agency's PIV implementation must meet the above four control objects such that:
• Credentials are only issued (I) to individuals whose true identity has been verified, and (2) after a
proper authority has authorized issuance of the credential.
• Only an individual with a completed background investigation on record is issued a credential.
• An individual is issued a credential only after presenting two-identity source documents, at least
one of which is a valid Federal or state government picture identification document.
• Fraudulent or altered identity source documents are not accepted as genuine.
• A person suspected or known to the government as a terrorist is not issued a credential.
No substitution occurs in the identity-proofing process. More specifically, the individual who
appears for identity proofing, and whose fingerprints are checked, is the person to whom the credential is
issued. This means:
• No credential is issued unless requested by proper authority
• A credential remains serviceable only up to its expiration date. A revocation process exists such
3
�:181'~
:t,tUT.y.t
~
.
~
9c;~..,.D s~~
HomeIand
.
Secur1ty
Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
that expired or invalidated credentials are swiftly revoked.
• A single corrupt official in the process cannot issue a credential with an incorrect identity or to a
person not entitled to the credential.
• An issued credential is verified to not be modified, duplicated, or forged.
As a basic data flow, DHS collects fingerprints and background check paperwork from applicants.
DHS submits each set of information to OPM. OPM then submits the fingerprint card to the FBI in order to
conduct the fingerprint checks. The FBI provides the results (no match or match with criminal record
reference) of the check to OPM who then provides them to DHS along with their own background check
results. Once DHS receives the results of the background check a Personnel Security Assistant, the
individual validating the receipt of the background check, authorizes the issuance of a credential in the
vetting database Personnel Security Activities Management System (PSAMS) 1 • The authorization and the
required data to proceed with the card issuance process is transferred to the PIV Identity Management
System (IDMS) which manages the issuance of the PIV credential. The enrollment officer then reviews the
personnel profile and issues the card to the employee or contractor.
Any information regarding the
background investigation is retained in PSAMS, not in IDMS or on the PIV card itself.
The Office of the Chief Information Officer(OCIO) is actively working to use the connectmty
between US-VISIT's IDENT system and Department of Justices FBI' s system to send the fingerprints directly
to the Department of Justice/FBI. Department of Justice/FBI would then provide the results as indicated
back to DHS. It is anticipated that this connectivity will be in place by December 2006.
Section One: Information Collected and Used in the PIV
Program
1.1
What information is collected and from whom?
The PIV Applicant may be a current or prospective Federal hire, a Federal employee or a contractor.
As required by FIPS 201, DHS will collect biographic and biometric information from the PIV Applicant in
order to: (i) conduct the PIV background investigation; (ii) complete the identity proofing and registration
process; (iii) create a data record in the PIV Identity Management System (IDMS); and (iv) issue a PIV card.
Figure 1 below depicts what information is collected from the PIV Applicant in relation to each of these PIV
processes. There is no shared enrollment using resources or processes with any other agency.
1
PSAMS, as it is otherwise known , is the Department's background check database. A PIA is in progress as of this
PIA 's publication.
4
�Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
Homeland
Security
Figure 1: Information collected from the PIV Applicant for card issuance
Identity
Proofing and
Registration
Date of birth
Place of birth
Social Security Number (SSN)
Other names used
Citizenship
Mother's maiden name
Other identifying information
(height, weight, hair color, eye
color, gender/sex)
Organizational affiliation (e.g.,
Agency name)
Employee affiliation (e.g.,
Contractor, Active Duty, Civilian)
Fingerprints (1 O)
Biometric identifiers (2 fingerprints)
Digital color photograph
Digital signature 2
Telephone numbers
Spouse (current or former), relatives
and associates, information
regarding their citizenship
Marital status
Employment history
Address history
Educational history
Personal references
Military history I record
Illegal drug history
Criminal history
Foreign countries visited
Background investigations history
Financial history
Association history
Signed PIV Request
Signed SF 85 or equivalent
Copies of identity source documents
2
3
IDMS
(Electroni
cally
Stored)
PIV Card
(Physically
Displayed)
PIV Card
(Electronically
Stored)
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
X3
x
x
x
Public key infrastructure (PKI) digital certificate with an asymmetric key pair.
Please note only the Applicant's current address, extracted from the PIV Request Form, is retained in IDMS.
5
�Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
:;~-i~. Homeland
.
~'°<~tto "~ Secur1 ty
~ ~~
s..
1.2
What is the information used for?
The information identified above as being collected is used in each step of the PIV issuance process
as described below:
1. Conduct a background investigation. The PIV background investigation as required by FIPS 201 is a
condition of Federal employment (now extended to contractors) and matches PIV Applicants
information against FBI and IAFIS databases to prevent the hiring of applicants with a criminal
record or possible ties to terrorism. If persons decline providing this information, they cannot be
hired as a permanent employee, nor work at the agency as a contractor long-term (over 6 months).
Two paper-based forms are used to initiate the background investigation, Questionnaire for Non
Sensitive Positions Standard Form 85 (SF-85) or the Questionnaire for National Security Positions
Standard Form 86 (SF-86) .4 This process entails conducting a full National Agency Check (NAC)
or National Agency Check with Inquires (NACI), which are described below:
•
NAC: Consists of searches of the OPM Security /Suitability Investigations Index (Sii). the
Defense Clearance and Investigations Index (DCII), the Federal Bureau of Investigation (FBI)
Identification Division's name and fingerprint files, and other files or indices when necessary.
•
NACI: The basic and minimum investigation required on all new Federal employees consisting
of a NAC with written inquires and searches of records covering specific areas of an
individual's background during the past five years.
It is important to note that the background information collected as part of this process and its
results are kept in the background investigation files; however, it is not stored on the PIV card.
2. Complete the identity proofing and registration process. The biographic information collected
as part of this process is used to establish the PIV applicant's identity. Biometrics are used to ensure
PIV Applicants have not been previously enrolled in the DHS PIV system. As part of this process,
FIPS 201 requires that Applicants provide two forms of identity source documents in original form.
The identity source documents must come from the list of acceptable documents included in Form
I-9, OMB No. 115-0316, Employment Eligibility Verification. 5 PIV Applicants will also participate
in an electronic signature process conforming to the Electronic Signature (ESIGN) Act. This
confirms presentation of and agreement with the privacy notice, confirms the intent to participate
in the PIV process, and submit to a named-based threat background check as required depending
on job requirements.
3. Create a data record in the PIV Identity Management System (IDMS). The IDMS is used during
the registration process to create the PIV Applicant's pre-enrollment and enrollment record,
manage and maintain this information throughout the PIV card lifecycle, and, verify, authenticate
and revoke PIV cardholder access to federal resources. A unique identifier is assigned during
registration and used to represent the individual's identity and associated attributes stored in the
system.
4. Issue a PIV card. A PIV card is issued upon successful completion of the background investigation
and the identity proofing and registration process, and successful completion of the enrollment
process. Biometrics are used during PIV card issuance to verify PIV Applicant identity and
complete activation of the card. This provides much stronger security assurances than typical card
activation protections such as Personal Identification Numbers (PINs) or passwords. Once the
SF 85 and SF 86 can be downloaded at: http: // www.opm.gov / forms/ html/sf.asp
s Form I-9 can be downloaded at: http://uscis. gov / graphics/formsfee/ forms/i-9.htm
4
6
�Privacy Impact Assessment
Personal Identity Verification, Office of Security
October 13, 2006
individual has been issued a PIV Card, the IDMS is updated to reflect that the card has been issued.
The issued PIV card cannot be used for access to DHS facilities and networks until activated at the
participating location, by the local facility operator.
5. Usage of PIV Card for physical and logical access: The biometrics collected are used to verify that
the rightful cardholder is presenting the card in relation to physical and logical access to federal
facilities and information (i.e ., computers). The biographic and other information displayed on
the PIV card is used by physical security guards for identity verification purposes.
1.4
How is the information collected?
Information is collected in paper and electronic form.
1.5
What other information is stored, collected, or used?
Additionally, the DHS PIV IDMS and PIV cards contain other data not collected from the PIV
Applicant that are (i) electronically stored on the card, (ii) electronically stored in the IDMS, and/ or (iii)
physically displayed on the card. This information and the purpose of its use is described in Figure 2
below.
·
Figure 2: Other PIV Information stored, collected or used
Card expiration date
IDMS
PIV Card
PIV Card
(Electronically
Stored)
(Physically
Displayed)
(Electronically
Stored)
x
x
x
To verify card is valid and allow access to
facilities and computer systems
x
To be used for physical access to highly
secured buildings/ space or to log-on to
sensitive computer systems ("level 3") that
require multi-factor authentication,
beyond the typical user ID/ password.
Personal Identification Number
(PIN)
Agency card serial number
Issuer identification number
x
Purpose
x
For tracking and maintaining agency cards
x
Verify issuers authority
Contact Integrated Circuit Chip
(ICC)
x
Used to authenticate a PIV cardholder's
identity with card readers that require card
to be inserted or "swiped To be used for
physical access to buildings/ office space
and logical access to computer systems.
Contactless ICC
x
Used to authenticate a PIV cardholder's
identity with low-frequency radio signal
"proximity loop" card readers that allow
card to pass by the card reader. Use is for
physical access to buildings/office space.
7
��������������������| File Type | application/pdf |
| File Title | Privacy Impact Assessment for Personal Identity Verification |
| Author | DHS Privacy Office |
| File Modified | 2023-11-03 |
| File Created | 2006-10-17 |