Enabling M-11-11 with PIV-I that enhances the user experience

What if a user enjoyed a comprehensive single sign on experience to ALL applications upon successful PIV-I Smartcard validation at their desktop or any shared workstation?

Why not?  HSPD-12 and subsequent OMB Memorandum such as M-11-11 require PIV-I Smartcard utilization by November, 2011.  However, the user experience and accelerated secure access can be enhanced if a relatively simple next step is employed.  What if the user simply inserts their card with their provisioned PKI credentials, authenticates to the desktop subsequent to the appropriate validation authority checks (CRL) and leverages their stored Windows Authentication to single sign on to applications they have been provisioned.

The IRS and other forward thinking agencies are steps ahead of many Federal Agencies and DOD to enhance the user experience.  This assures higher levels of security assurance and enables utilization of the required PIV card for LACS (logical access).  Quest Software has a unique PK Authentication offering that takes the PKI and hashes the Windows Authentication to further accelerate secure access.

M-11-11: PIV-I Driver for 2011

Aligning technologies to enable the OMB M-11-11 to enable federal agencies to deploy a highly utilized PIV-I solution set as mandated with tools and solutions available from Quest Software.

Security is one aspect of PIV-I; User adoption is critical. What if a user could insert their PIV-I card; authenticate once and have true enterprise single sign on to all applications they are authorized (based on their PKI credentials)?

Does accelerating simplified access introduce risk?

What about the privileged user's access across the enterprise?

These are the types of questions I am exploring to align with M-11-11 in order to have an open and honest dialogue around PIV-I adoption.

Visit www.idmanagement.gov as an excellent resource for federal government IDM programs.