Regional Identity, Credential, & Access Management (ICAM) Plan
PROJECT OVERVIEW:
SETRAC was awarded grant funding under the State Homeland Security Program (SHSP) to lead the development of a comprehensive plan to address identified gaps for identity verification and access control for first responders with a standardized, regional approach for the Houston-Galveston Area Council (H-GAC) region. Phase 1 included the development of a high-level regional ICAM plan and a workshop to educate stakeholders on the operational importance of ICAM.
THE PROBLEM:
First responders in the H-GAC region currently have no mechanism for confirming the identity of authorized response personnel in multi-jurisdictional / multi-discipline response and/or incidents involving suspected acts of terrorism. Terrorists are increasingly impersonating first responders and using “cloned” emergency vehicles to carry out acts of terrorism around the world, so having the ability to verify identity and restrict or permit access to buildings and incident scenes is vital to our community safety.
PURPOSE:
- Enhance the safety of emergency response personnel within areas impacted by acts of terrorism by establishing and maintaining a secure environment
- Allow responders immediate access to the information that will enable them to make better decisions and protect themselves and the public during daily operations and incident response
BACKGROUND:
In the past, the granting of physical access to incident sites and other restricted areas would be based on personal judgment, flash pass using badges, and low-level electronic credentials rather than on hard, high-assurance identity verification. Local, state, federal agencies are now working to establish an interoperable credential called the Personal Identity Verification-Interoperable (PIV-I) card in their own organizations, jurisdictions, and regions. Toward this end, emergency response officials are moving toward achieving credentialing interoperability by issuing a First Responder Authentication Credential (FRAC) that complies with the PIV-I standard specifications based on Homeland Security Presidential Directive (HSPD) 12.
WHY ARE CREDENTIALING AND INTEROPERABILITY IMPORTANT?
Credentialing proves two things:
- A person is who they claim they are; and
- A person is still serving in the role under which the credential was issued.
At an incident site, credentials can be used to register responders, track where they go, and prove when they leave. Credentials also can track assets and ensure that roles and responsibilities are being followed. Thanks to a standard for interoperability, a single credential can replace two or more proprietary credentials across multiple access control measures.
WHAT IS CREDENTIALING AND INTEROPERABILITY?
Credentialing is a system by which identification cards or other tokens are used to authenticate a person and transmit skills, qualifications, and other attributes associated with that identity. Interoperability, in the credentialing context, provides the capability for a jurisdiction to access information and trust its legitimacy in order to make decisions about granting access and privileges.
CURRENT RESPONDER CREDENTIALING GUIDANCE:
The National Incident Management System (NIMS) Guideline for the Credentialing of Personnel issued by the Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA) strongly encourages state, local, tribal jurisdictions as well as the public and private sector entities to leverage the federal investment in the FIPS-201 infrastructure. The document also endorses the Federal Chief Information Officer’s PIV-I guidance to promote trust, facilitate interoperability for personnel deployed outside their home jurisdiction, and the ability to make informed decisions for access permissions. Additionally, HSPD-5 requires federal departments and agencies to make adoption of NIMS by state, local, and tribal governments a condition for federal preparedness assistance through grants, contracts, and other activities.