Does compliance to FIPS 201 mean that every door in every federal building and every federal computer terminal must have a PIV card reader?
No. Generally, agencies will implement FIPS-201 access controls on facility access points (i.e. entry doors) first. Further deployment within the facility is at the discretion of the agency facility security manager. Logical access controls that provide for authentication of federal employees and contractors based on PIV credentials are recommended for IT Systems operating at E-Authentication Level 3 or higher. As agencies develop their plans in accordance with HSPD 12, they should focus on the highest-risk facilities and systems for initial deployment of readers. Over time, this could expand to lower-risk systems and facilities. (Ref: OMB M-04-04, DOJ Vulnerability Assessment of Federal Facilities Report – June 1995, ISC Security Design Criteria for New Construction and Major Modernizations – December 2004 and Security Standards in Leased Space – Jan 2005.
Related Questions
- Does compliance to FIPS 201 mean that every door in every federal building and every federal computer terminal must have a PIV card reader?
- Does having a WirelessZone in my building mean that I don have to use wired connections for my desktop computer any longer?
- How does an instructor reserve OIT computer lab or multi-media classrooms in Business Building?
