The Rhode Island Emergency Management Agency (RIEMA) is the coordinating agency for the implementation and sponsorship of First Responder Accreditation Credentials (FRAC) for the State of Rhode Island. The Identity Management Rhode Island (IMRI) FRAC Program, managed by the Providence-based nonprofit Safer Institute, began in 2011 and incorporates the utilization of Personal Identity Verification - Interoperable (PIV-I) smartcards in its response efforts. In this way, the State is promoting enhanced cyber security and interoperability for its first responders and those deployed through state and federal systems. (EMAC, Memorandums of Agreement)
Please review the following information regarding this program. Questions/comments are welcome. IMRI representatives at Safer Institute may be reached via telephone at (800) 313-6305 or email email@example.com for more details.
Dated August 27, 2004, entitled "Policy for a Common Identification Standard for Federal Employees and Contractors," directed the promulgation of a Federal standard for secure and reliable forms of identification for Federal employees and contractors. It further specified secure and reliable identification that:
M-11-11 is a memorandum to the heads of executive departments and agencies that requires the continued implementation of HSPD-12. It is President Obama's affirmation of strategic initiatives, such as use of FIPS 201 compliant smartcards, to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy.
In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilites and information system. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.
FIPS 201, together with NIST SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV), is required for U.S. Federal Agencies, but do not apply to U.S. National Security Systems. However, the standard was mostly adopted for PIV-I, which is the type of card issued to first responders in Rhode Island who are part of the IMRI Program.
IMRI is a program coordinated by the Rhode Island Emergency Management Agency to institute Personal Identity Verification – Interoperable (PIV-I) technology for first responders throughout the State.
FRAC is the acronym for First Responder Authentication Credential, a 'smart' card embedded with biometric information which could be validated through common processes by response agencies throughout the country.
A PIV-I card is the most secure and up-to-date version of a FRAC card. It's a credit card-sized identity card that meets the US Government's PIV (Personal Identity Verification) specifications. The PIV-I initiative allows non-federal organizations to issue high security employee credentials that meet the stringent standards established by the U.S. government to increase the security of its systems and facilities. PIV-I cards meet the technical and issuing security standards set by the government.
Presently, in the United States, a PIV-I card is required by all Federal government contractor employees who require access to U.S. government facilities, networks or information systems. Further, a memorandum issued by the Executive Office of the President, Office of Management and Budget on February 3, 2011 requires the continued implementation of PIV credentials for Government and contractor employees started by Homeland Security Presidential Directive 12 (HSPD 12).
As the IMRI Program is implemented throughout the state, a PIV-I card will be the most secure means to control physical and logical access to resources and disaster scenes.
Those first responders, volunteers, essential staff of pre-registered business entities and emergency response officials who possess a PIV-I card will be pre-credentialed.
Without question, the access/security point will have control over who enters an incident site and the instructions issued will be determined by the local Incident Commander to the security/access control point – clearly stipulated at the first briefing and promulgated through the chain of command.
This question is being worked by the IMRI Policy Working Group, and will be sufficiently explained in the finished Policy portion of the IMRI Standing Operating Guidelines document on schedule for publication December 2013 time frame.
Another question being worked by the IMRI Policy and Liaison Working Group, with expected clarification sufficiently explained in the IMRI Standing Operation Guidelines document. Expected publication in December 2013.
This is a key component of all efforts towards Interoperability – the keystone in the Federal government push towards recognizing identity cards that comply with FIPS 201. (PAC – physical access and LAC – logistical access) will be granted to IMRI cardholders during FEMA supported incident response activities.
These tenets are under development by the IMRI Steering Committee and especially the Training Work Group. These points are to become protocol and perquisites prior to issue of bona fide IMRI credentials. The Standing Operating Guidelines will provide detailed instructions for those requesting IMRI credentials.
The major distinction between the Corporate Emergency Access System (CEAS) type cards and IMRI PIV-I cards is that the former is more akin to a "flash pass" and the latter is tied to trusted identity and attribute information, which complies with federal standards used by FEMA and others during a disaster. That said, IMRI is working to address interoperability with the CEAS card to bring both within accepted policty trusted by the State while being certified and authenticated by different sources.
The IMRI Steering Committee is comprised of individuals representing the interests of first responders, state agencies, non-governmental organizations and private industry, working to make recommendations on policy, procedures for the issuance of PIV-I cards.
Members of the Steering Committee work within smaller working groups and task forces based on their interests and expertise to address issues of standardization across the State.
The Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) developed the National Incident Management System (NIMS) Guideline for the Credentialing of Personnel to describe national credentialing standards and to provide written guidance regarding the use of those standards. This document describes credentialing and typing processes and identifies tools which Federal Emergency Response Officials (FERO) and emergency managers at all levels of government may use both routinely and to facilitate emergency responder deployment for response, recovery, and restoration. This guideline also provides information about where emergency response leaders can obtain expertise and technical assistance in using the national standards or in ways they can adapt the standards to department, agency, jurisdiction, or organization needs.
To view the NIMS guideline, click here: NIMS Credentialing Guideline Report