Regional lCAM Planning
regional identity, credential, and access management plan
M4PS was selected by the SouthEast Texas Regional Advisory Council (SETRAC) to facilitate the development of a regional plan for Identity, Credentialing and Access Management (ICAM) in the Houston-Galveston Area Council (H-GAC) region. This project was initiated with funding from a State Homeland Security Program (SHSP) grant to begin the process of filling critical gaps in the identification of first responders through regionalized credentialing for physical access to buildings and incident scenes as well as virtual access to information systems.
SETRAC was awarded grant funding under the State Homeland Security Program to lead the development of a comprehensive plan to address identified gaps for identity verification and access control for first responders with a standardized, regional approach for the Houston-Galveston Area Council region. Phase 1 was successfully funded through August 2019.
First responders in the H-GAC region currently have no mechanism for confirming the identity of authorized response personnel in multi-jurisdictional | multi-discipline response and/or incidents involving suspected acts of terrorism. Terrorists are increasingly impersonating first responders and using "cloned" emergency vehicles to carry out acts of terrorism around the world, so having the ability to verify identity and restrict or permit access to buildings and incidents scenes is vital to our community safety.
A regional plan to address the widespread adoption of a standardized ICAM program in the law enforcement, fire service, emergency medical service, and justice communities is vital to:
Enhance the safety of emergency response personnel within areas impacted by acts of terrorism by establishing and maintaining a secure environment
Allow responders immediate access to the information that will enable them to make better decisions and protect themselves and the public during daily operations and incident response
Standardized process of First Responder identity verification allows for credentials to be shared across departments throughout the region.
Streamlined First Responder access to facilities such as schools and hospitals during emergency situations or active attacks.
Mitigate the risk of attackers impersonating first responders by controlling access to incident response areas, by being able to validate responder identities through a region wide system.
Form multi-disciplinary First Responder ICAM Planning Workgroup
Outreach and education
a. Hold a 1-day educational seminar for workgroup members, UASI members, department executives and other regional stakeholders
b. Create website to update regional stakeholders or working group activities
Develop Regional ICAM Plan
a. Research existing industry best practices
b. Data collection - conduct surveys to gather baseline for existing identity verification processes and credentialing systems utilized in H-GAC and identify critical gaps
c. Identify functional reference models
In the past, the granting of physical access to incident sites and other restricted areas would be based on personal judgment, flash pass using badges, and low-level electronic credentials rather than on hard, high-assurance identity verification. Local, state, and federal agencies are now working to establish an interoperable credential called the Personal Identity Verification-Interoperable (PIV-1) card in their own organizations, jurisdictions, and regions. Toward this end, emergency response officials are moving toward achieving credentialing interoperability by issuing a First Responder Authentication Credential (FRAC) that complies with the PIV-1 standard specifications based on Homeland Security Presidential Directive (HSPD) 12.
What is credentialing & interoperability?
Credentialing is a system by which identification cards or other tokens are used to authenticate a person and transmit skills, qualifications, and other attributes associated with that identity. Interoperability, in the credentialing context, provides the capability for a jurisdiction to access information and trust its legitimacy in order to make decisions about granting access and privileges.
Why are credentialing & interoperability important?
Credentialing proves two things:
A person is who they claim they are; and
A person is still serving in the role under which the credential was issued.
At an incident site, credentials can be used to register responders, track where they go, and prove when they leave. Credentials also can track assets and ensure that roles and responsibilities are being followed. Thanks to a standard for interoperability, a single credential can replace two or more proprietary credentials across multiple access control measures.
Is there current guidance for credentialing emergency response personnel?
The National Incident Management System (NIMS) Guideline for the Credentialing of Personnel issued by the Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA) strongly encourages state, local, tribal jurisdictions as well as the public and private sector entities to leverage the federal investment in the FIPS-201 infrastructure. The document also endorses the Federal Chief Information Officer's PIV-1 guidance to promote trust, facilitate interoperability for personnel deployed outside their home jurisdiction, and the ability to make informed decisions for access permissions. Additionally, HSPD-5 requires federal departments and agencies to make adoption of NIMS by state, local, and tribal governments a condition for federal preparedness assistance through grants, contracts, and other activities.
For more information on SETRAC, please visit: www.setrac.org/icam
For more information on a PIV-1 case study at the State, Local,and Regional Level, please visit: