Diebold to study, design NOAA's identity management system

May provide template for further federal agencies
Monday, March 15, 2010

NORTH CANTON, Ohio—John Stroia, vice president, government security and monitoring solutions, at Diebold pointed to the company’s 2006 acquisition of Actcom as key to a new contract with the National Oceanic and Atmospheric Administration to assess the agency’s current identity, credential and access management (ICAM) system and design a way for the agency to comply with government policies. This ICAM policy dictates that agencies provide a consistent approach for vetting individuals looking for access privileges, create a universal credential, integrate physical and logical access control, and a number of other requirements design to close security gaps and reduce physical and data breaches.

“This applies to any agency,” Stroia said of the work being done with NOAA. “They’re getting these cards issued, and they may have 12 or 13 access control solutions throughout the agency, and they want to be able to use this investment in this card for physical and logical access control at any facility. People are wrestling with how to make that happen. You have to get these disparate systems working together, and as you know the security industry hasn’t been the best in establishing standards, so it’s a bunch of different proprietary systems and it’s a challenge to get those things to work together.”

Actcom specialized in the federal access market, and brought experience helping agencies comply with FIPS 201 and HSPD-12 mandates. “We’ve made a significant investment in this whole credentialing area, and that helped us in this case,” Stroia said.

Because NOAA is out front in addressing the ICAM policy, Stroia said, it’s possible that the architecture that Diebold provide NOAA will serve as a blueprint for other agencies. “One of the challenges in getting funding for this type of thing,” Stroia said, “has been putting together a good program, getting buy in from all the right folks ... We think that going through an effort like this will create a solid architecture, a solid business case to go after the funding, and that’s what’s been missing. Funding makes people talk, so if that’s successful in helping an agency put together a good program and get funding, other agencies will take notice.”

Stroia also thinks these kinds of capabilities, being able to design and advise on both physical and logical issues, will be the “price of entry” for integrators looking to work with the government and enterprise clients in the future. “It’s just the beginning now,” he said, “but you’re going to have to be able to do this, and that’s why we’ve undertaken a significant effort to be good at this.”