Credentialing

The Rhode Island Emergency Management Agency (RIEMA) is the coordinating agency in efforts towards implementation and sponsorship of First Responder Accreditation Credentials (FRAC) to the State of Rhode Island. This program has been introduced and we are well on our way to bringing this important capability to the front line in our response efforts. IMRI – Identity Management Rhode Island is the official title of Rhode Island's First Responder card. Please review the following information regarding this program. Questions/comments are welcome. Call (888) 484-8097 or email info@saferinstitute.com for more details.

Frequently Asked Questions

What is Homeland Security Presidential Directive 12 (HSPD 12) and why is it important?

Dated August 27, 2004, entitled "Policy for a Common Identification Standard for Federal Employees and Contractors," directed the promulgation of a Federal standard for secure and reliable forms of identification for Federal employees and contractors. It further specified secure and reliable identification that:

• Is issued based on sound criteria for verifying an individual employee's identity
• Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
• Can be rapidly authenticated electronically
• Is issued only by providers whose reliability has been established by an official accreditation process.

What is the Identity Management Rhode Island (IMRI) Program?

IMRI is a program coordinated by the Rhode Island Emergency Management Agency to institute Personal Identity Verification – Interoperable (PIV-I) technology for first responders throughout the State.

What is a FRAC card?

FRAC is the acronym for First Responder Authentication Credential, a 'smart' card embedded with biometric information which could be validated through common processes by response agencies throughout the country.

What is a PIV-I card?

A PIV-I card is the most secure and up-to-date version of a FRAC card. It's a credit card-sized identity card that meets the US Government's PIV (Personal Identity Verification) specifications. The PIV-I initiative allows non-federal organizations to issue high security employee credentials that meet the stringent standards established by the U.S. government to increase the security of its systems and facilities. PIV-I cards meet the technical and issuing security standards set by the government.

Who should have a PIV-I card?

Presently, in the United States, a PIV-I card is required by all Federal government contractor employees who require access to U.S. government facilities, networks or information systems. Further, a memorandum issued by the Executive Office of the President, Office of Management and Budget on February 3, 2011 requires the continued implementation of PIV credentials for Government and contractor employees started by Homeland Security Presidential Directive 12 (HSPD 12).

As the IMRI Program is implemented throughout the state, a PIV-I card will be the most secure means to control physical and logical access to resources and disaster scenes.

Those first responders, volunteers, essential staff of pre-registered business entities and emergency response officials who possess a PIV-I card will be pre-credentialed.

Will an IMRI card authorize certain entry to ALL incident sites (in RI)? Who will make that determination?

Without question, the access/security point will have control over who enters an incident site and the instructions issued will be determined by the local Incident Commander to the security/access control point – clearly stipulated at the first briefing and promulgated through the chain of command.

What does the title State Emergency Response Official really infer?

This question is being worked by the IMRI Policy Working Group, and will be sufficiently explained in the finished Policy portion of the IMRI Standing Operating Guidelines document on schedule for publication Dec 2012 time frame.

The IMRI PIV-I card will be a verified and secure means of certifying identity and training levels meeting the most stringent determined criteria. Will it become a State recognized form of identity? Will the Rhode Island First Responders stand behind the tenets of the IMRI program and participants?

Another question being worked by the IMRI Policy and Liaison Working Group, with expected clarification sufficiently explained in the IMRI Standing Operation Guidelines document. Expected publication in Dec 2012.

Will FEMA recognize the State of RI IMRI card, and does this mean the card can be utilized for access controls during FEMA supported incident response?

This is a key component of all efforts towards Interoperability – the keystone in the Federal government push towards recognizing identity cards that comply with FIPS 201. (PAC – physical access and LAC – logistical access) will be granted to IMRI cardholders during FEMA supported incident response activities.

The holder of an IMRI card should be credentialed and vetted in which areas?

• Incident Command Training through ICS 400 (with ICS position-specific training if a member of certain State teams)
• Basic First Aid/CPR
• Trained and vetted by the State Agency responsible for issuing licenses to practice. This will be identified on the card itself.
• Trusted status with local and state police departments and agencies (identified on the card itself) for example - a current BCI, etc

These tenets are under development by the IMRI Steering Committee and especially the Training Work Group. These points are to become protocol and perquisites prior to issue of bona fide IMRI credentials. The Standing Operating Guidelines will provide detailed instructions for those requesting IMRI credentials.

What's the difference between IMRI credentials and identification cards from private vendors like the Corporate Emergency Access System® or TELOSid®? Why should IMRI credentials be adopted?

The major distinction between the CEAS type cards and IMRI PIV-I cards is that the former is more akin to a "flash pass" and the latter is tied to trusted identity and attribute information, which complies with federal standards used by FEMA and others during a disaster.

What is the IMRI Steering Committee?

The IMRI Steering Committee is comprised of individuals representing the interests of first responders, state agencies, non-governmental organizations and private industry, working to make recommendations on policy, procedures for the issuance of PIV-I cards.

Members of the Steering Committee work within smaller working groups and task forces based on their interests and expertise to address issues of standardization across the State.

Why should we have our First Responders credentialed in this way? What does the card do for them? What is so important about credentialing?

• The PIV card topology will be compliant with FIPS 201 standards and recognizable across all Federal and State agencies. Certain required elements will appear on the front and back of all PIV cards, regardless of the agency that issues the PIV cards.
• The card stock used to produce PIV cards must be listed on the FIPS 201 Approved Products List (APL).
• The card will have "smart" features that include Public Key Infrastructure (PKI) digital certificates and biometrics.

• The card has the capability to enable access to computers via SmartCard logon.
• The card may be read by fixed or mobile readers that control access to an emergency operations center or disaster scene.
• Ultimately, the Incident Commander wants to ensure that he/she is getting the resource that was requested, not an imposter.
• First Responders can be individually tracked and informed on areas of personal security, for example, how long they have been on scene, or exposed to the incident area. They will be able to access their training data and update this information.