RI.gov R.I. Government Agencies | Privacy Policy |
RI Special Needs Emergency Registry | Contact Us | Search this Site:

Credentialing

IMRI Logo

The Rhode Island Emergency Management Agency (RIEMA) is the coordinating agency for the implementation and sponsorship of First Responder Accreditation Credentials (FRAC) for the State of Rhode Island. The Identity Management Rhode Island (IMRI) FRAC Program, managed by the Providence-based nonprofit Safer Institute, began in 2011 and incorporates the utilization of Personal Identity Verification - Interoperable (PIV-I) smartcards in its response efforts. In this way, the State is promoting enhanced cyber security and interoperability for its first responders and those deployed through state and federal systems. (EMAC, Memorandums of Agreement)

Please review the following information regarding this program. Questions/comments are welcome. IMRI representatives at Safer Institute may be reached via telephone at (800) 313-6305 or email info@saferinstitute.org for more details.

Frequently Asked Questions

What is Homeland Security Presidential Directive 12 (HSPD 12) and why is it important?

Dated August 27, 2004, entitled "Policy for a Common Identification Standard for Federal Employees and Contractors," directed the promulgation of a Federal standard for secure and reliable forms of identification for Federal employees and contractors. It further specified secure and reliable identification that:

  • Is issued based on sound criteria for verifying an individual employee's identity
  • Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
  • Can be rapidly authenticated electronically
  • Is issued only by providers whose reliability has been established by an official accreditation process.

What is OMB 11-11?

M-11-11 is a memorandum to the heads of executive departments and agencies that requires the continued implementation of HSPD-12. It is President Obama's affirmation of strategic initiatives, such as use of FIPS 201 compliant smartcards, to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy.

What is FIPS 201?

In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilites and information system. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.

FIPS 201, together with NIST SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV), is required for U.S. Federal Agencies, but do not apply to U.S. National Security Systems. However, the standard was mostly adopted for PIV-I, which is the type of card issued to first responders in Rhode Island who are part of the IMRI Program.

What is the Identity Management Rhode Island (IMRI) Program?

IMRI is a program coordinated by the Rhode Island Emergency Management Agency to institute Personal Identity Verification – Interoperable (PIV-I) technology for first responders throughout the State.

What is a FRAC card?

FRAC is the acronym for First Responder Authentication Credential, a 'smart' card embedded with biometric information which could be validated through common processes by response agencies throughout the country.

What is a PIV-I card?

A PIV-I card is the most secure and up-to-date version of a FRAC card. It's a credit card-sized identity card that meets the US Government's PIV (Personal Identity Verification) specifications. The PIV-I initiative allows non-federal organizations to issue high security employee credentials that meet the stringent standards established by the U.S. government to increase the security of its systems and facilities. PIV-I cards meet the technical and issuing security standards set by the government.

Who should have a PIV-I card?

Presently, in the United States, a PIV-I card is required by all Federal government contractor employees who require access to U.S. government facilities, networks or information systems. Further, a memorandum issued by the Executive Office of the President, Office of Management and Budget on February 3, 2011 requires the continued implementation of PIV credentials for Government and contractor employees started by Homeland Security Presidential Directive 12 (HSPD 12).

As the IMRI Program is implemented throughout the state, a PIV-I card will be the most secure means to control physical and logical access to resources and disaster scenes.

Those first responders, volunteers, essential staff of pre-registered business entities and emergency response officials who possess a PIV-I card will be pre-credentialed.

Will an IMRI card authorize certain entry to ALL incident sites (in RI)? Who will make that determination?

Without question, the access/security point will have control over who enters an incident site and the instructions issued will be determined by the local Incident Commander to the security/access control point – clearly stipulated at the first briefing and promulgated through the chain of command.

What does the title State Emergency Response Official really infer?

This question is being worked by the IMRI Policy Working Group, and will be sufficiently explained in the finished Policy portion of the IMRI Standing Operating Guidelines document on schedule for publication December 2013 time frame.

The IMRI PIV-I card will be a verified and secure means of certifying identity and training levels meeting the most stringent determined criteria. Will it become a State recognized form of identity? Will the Rhode Island First Responders stand behind the tenets of the IMRI program and participants?

Another question being worked by the IMRI Policy and Liaison Working Group, with expected clarification sufficiently explained in the IMRI Standing Operation Guidelines document. Expected publication in December 2013.

Will FEMA recognize the State of RI IMRI card, and does this mean the card can be utilized for access controls during FEMA supported incident response?

This is a key component of all efforts towards Interoperability – the keystone in the Federal government push towards recognizing identity cards that comply with FIPS 201. (PAC – physical access and LAC – logistical access) will be granted to IMRI cardholders during FEMA supported incident response activities.

The holder of an IMRI card should be credentialed and vetted in which areas?

  • Incident Command Training through ICS 400 (with ICS position-specific training if a member of certain State teams)
  • Basic First Aid/CPR
  • Trained and vetted by the State Agency responsible for issuing licenses to practice. This will be identified on the card itself.
  • Trusted status with local and state police departments and agencies (identified on the card itself) for example - a current BCI, etc

These tenets are under development by the IMRI Steering Committee and especially the Training Work Group. These points are to become protocol and perquisites prior to issue of bona fide IMRI credentials. The Standing Operating Guidelines will provide detailed instructions for those requesting IMRI credentials.

What's the difference between IMRI credentials and identification cards from private vendors like the Corporate Emergency Access System® or TELOSid®? Why should IMRI credentials be adopted?

The major distinction between the Corporate Emergency Access System (CEAS) type cards and IMRI PIV-I cards is that the former is more akin to a "flash pass" and the latter is tied to trusted identity and attribute information, which complies with federal standards used by FEMA and others during a disaster. That said, IMRI is working to address interoperability with the CEAS card to bring both within accepted policty trusted by the State while being certified and authenticated by different sources.

What is the IMRI Steering Committee?

The IMRI Steering Committee is comprised of individuals representing the interests of first responders, state agencies, non-governmental organizations and private industry, working to make recommendations on policy, procedures for the issuance of PIV-I cards.

Members of the Steering Committee work within smaller working groups and task forces based on their interests and expertise to address issues of standardization across the State.

Why should we have our First Responders credentialed in this way? What does the card do for them? What is so important about credentialing?

  • The PIV card topology will be compliant with FIPS 201 standards and recognizable across all Federal and State agencies. Certain required elements will appear on the front and back of all PIV cards, regardless of the agency that issues the PIV cards.
  • The card stock used to produce PIV cards must be listed on the FIPS 201 Approved Products List (APL).
  • The card will have "smart" features that include Public Key Infrastructure (PKI) digital certificates and biometrics.

  • The card has the capability to enable access to computers via SmartCard logon.
  • The card may be read by fixed or mobile readers that control access to an emergency operations center or disaster scene.
  • Ultimately, the Incident Commander wants to ensure that he/she is getting the resource that was requested, not an imposter.
  • First Responders can be individually tracked and informed on areas of personal security, for example, how long they have been on scene, or exposed to the incident area. They will be able to access their training data and update this information.

For Additional Questions Refer to the NIMS Guidleine for the Credentialing of Personnel

The Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) developed the National Incident Management System (NIMS) Guideline for the Credentialing of Personnel to describe national credentialing standards and to provide written guidance regarding the use of those standards. This document describes credentialing and typing processes and identifies tools which Federal Emergency Response Officials (FERO) and emergency managers at all levels of government may use both routinely and to facilitate emergency responder deployment for response, recovery, and restoration. This guideline also provides information about where emergency response leaders can obtain expertise and technical assistance in using the national standards or in ways they can adapt the standards to department, agency, jurisdiction, or organization needs.

To view the NIMS guideline, click here: NIMS Credentialing Guideline Report