Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Post your ideas
IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.
Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
1. Post an idea
2. Upvote ideas that matter most to you
3. Get feedback from the IBM team to refine your idea
Help IBM prioritize your ideas and requests
The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.
Receive notifications on the decision
Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.
PIV Card Support for Sterling MFT/B2B Products
PIV was initially introduced by HSPD-12 (Homeland Security Presidential Directive 12), in August of 2004. However, it is just now that agencies are being mandated to comply with this directive. The first required delivery date that we know of for this functionality is March 31, 2018, by DOL. However, CMS, VA, Treasury BFS, IRS, OPM and DOI have told us that they will also need the functionality sometime in 2018.
â€¢ The concept of PIV Cards was initially introduced to establish a "common identification standard" for Federal Employees and Contractors. See reference at the following link: http://www.dhs.gov/homeland-security-presidential-directive-12
â€¢ The following link contains references and links to all of the current HSPD-12 documents and requirements, which have apparently been changed over the years: http://www.idmanagement.gov/homeland-security-presidential-directive-12
â€¢ The PIV Card requirement is specifically referenced by the FIPS 201-2 standard from March of 2006 and last updated in August of 2013. The latest version is referenced at the following link: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf
â€¢ FIPS 201-2 requires Federal agencies to comply within 12 months of the last change date, which was 8/2013. However, that did not happen as we first started to hear about it from our Federal customers in 2015. In speaking with the DOI Team in 2015, they shared that PIV Cards are based on the Microsoft Smart Card Authentication Architecture, which is documented at the following link and includes a relationship diagram of the parts associated with the architecture: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380142(v=vs.85).aspx
â€¢ The Microsoft Smart Card Authentication Architecture is based on the following PC/SC Workgroup standard: http://www.pcscworkgroup.com/specifications/overview.php
DOI explained that the PIV Card contains a userid and a certificate that are unique to each user. Here is the PIV Card workflow as it was explained to me:
1. The user inserts the PIV Card into a card reader that is attached to the workstation
2. The user presses the CTRL+ALT+DEL keys at the same time
3. Windows reads card and asks for a PIN
4. Once the correct PIN is entered, all of the information is validated. Validation is probably against AD/LDAP. However, the DOI folks on the call were not quite sure.
5. Once the user has been validated/authenticated and logs onto their workstation, they can access any applications that are enabled to use PIV Cards/AD/LDAP, without having to enter logon information because the logon information is apparently passed to the application from the initial logon to the workstation.
Since the PIV Card requirement is a DHS directive, this is something that we really need to incorporate into SEAS as quickly as possible, in order to handle the demand for this functionality, that is just starting and likely to increase in the near future.
Link to original RFE
What is your industry?
Do not place IBM confidential, company confidential, or personal information into any field.