Text Size

NASA's Federal Personal Identity Verification (PIV) Credential Teams Up with Google Apps

By Tim Baldridge, NASA ICAM Solutions Architect, MSFC

NASA recently began a pilot program using Google Apps, a suite of applications that brings services such as Google Docs, Images and Videos, Sites, Groups, Calendar, and Contacts together to help NASA workers in today's NASA business and engineering environment. NASA IT Labs, a part of the Office of the Chief Information Officer (CIO), sponsored the pilot to meet the growing demand from workers to access resources anywhere on any device.

About 600 IT staff from 11 NASA Centers and facilities are participating in the pilot by using existing NASA identities and credentials. Cost savings and information protection are realized by accessing cloud computing. Cloud computing refers to resources and applications that are available on the Internet from nearly any Internet-connected device. During this pilot, only nonsensitive NASA data are being placed in the cloud.

Under the pilot, NASA workers can connect to Google Apps for Government using their existing NASA work ID. Through integration between Google Apps, NASA Access Launchpad, and the NASA Consolidated Active Directory (NCAD), workers may use their existing NASA badge, one-time-password token, simplified sign-on, or username and password for access to the Google Apps pilot. This integration demonstrates the technology of the requirement for accepting externally issued identity credentials set forth in memoranda from the Federal Chief Information Officer.

The Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance describe both the enterprise FICAM segment architecture and implementation guidance. The NASA Google Apps pilot provides an example of the benefits from the technology standards in the Federal trust framework. Because the same ID and credential are used, there are no new costs associated with registering or managing new identities or credentials that include the established level of confidence for the individual accessing the resources.

The NASA badge PIV card is issued as a common identification standard for Federal employees and contractors to increase security and reduce opportunities for identity fraud. In a similar manner, all Federal departments and agencies are required to issue PIV cards to their employees and contractors. Today there are more than 6 million PIV cards issued that can be used for personnel identification and that

  1. "[are] issued based on sound criteria for verifying an individual employee's identity;
  2. [are] strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
  3. can be rapidly authenticated electronically; and
  4. [are] issued only by providers whose reliability has been established by an official accreditation process."

More information about Homeland Security Presidential Directive 12.

NASA also accepts and electronically verifies PIV credentials issued by other Federal agencies through a credential registration process. With this capability, any authorized Federal PIV cardholder, which includes the Department of Defense (DOD) Common Access Card (CAC), may access NASA applications with their PIV or CAC credential. This means that today, a PIV or CAC may be used for authentication to the Google Apps for Government NASA site.

It is important to understand the emphasis this and past administrations have placed on everyone who is in IT service delivery. With the convergence of mobile, cloud, and legacy computing infrastructures, the complexity of integration can be overwhelming, even more so when focusing on the confidentiality, integrity, and availability of the information. "The goal for Federal information security in FY 2011 is to build a defensible Federal enterprise that enables agencies to harness technological innovation, while protecting agency information and information systems." More information about Federal Information Security Management is found in Presidential Memorandum M-11-33.

The NASA Procedural Requirements NPR 2841.1 establishes requirements and responsibilities to properly manage FICAM services as an integrated end-to-end service to improve security, efficiency, and inter-Center collaboration at NASA. More information on NPR 2841.1.

The specifics of this NPR apply to owners of information and systems as well as end users, among others. The best application integration approach embraces FICAM services to leverage the full capability and cross-functional interoperability for a seamless user experience, whether it is on a workstation or laptop while the user is in the office or on a mobile device when he or she is away from the office.

For more information on PIV credentials and the Federal CIO Council's "Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance," visit http://www.idmanagement.gov.