SECTION

General Requirements
1.1
1.2

1.3
1.4
1.5
1.6
2

Functional Areas of usage for consideration

2.1
2.2
2.3
2.4
2.5

Physical Access Credential: Technical Requirements

2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18

Cashless Payments for use with XYZ ________________ : Technical Requirements

3.11
3.12
3.13
3.14
3.15
3.16
3.17

IT Systems Access (Logical Access): Technical Requirements

4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.21

eSSO
5.11
5.12
5.13
5.14
5.15
5.16
5.17

Policy and Compliance

7.11
7.12
7.13
7.14
7.15
7.16
7.17

Projected Outcomes
8.11
8.22
8.23
8.24
8.25
8.26

REQUIREMENT DETAIL

eral Requirements

Example: XYZ staff to use a single credential across multiple facilities

Example: XYZ facilities are building and updating their physical environment and in parallel w
to be more in line with recognized standards, specifically with PIV as much as reasonably pos
XYZ's basic use cases

Example: To become vendor agnostic and avoid vendor lock-in for freedom of choice for future initiati
Example: A solution concept that can be leveraged for other uses where credentials are required in o
having to implement a separate credential

Example: Single Sign-On to consolidate number of passwords users are required to use and simplify a
Example: Enable functional encryption for increased proof of identity for required applications

ctional Areas of usage for consideration

Example:
Example:
Example:
Example:
Example:

Physical Access Credential (mandatory, immediate)

Cashless Payment (needs more definition on function and priority
Logical Access (moderate)
eSSO (high)
Key Use Case examples to be supported

sical Access Credential: Technical Requirements

Example:
Example:
Example:
Example:
Example:
Example:

Solution must work with XYZ PACS selection

Use High Frequency and be compatible for low frequency
Readers and cards must be able to accommodate custom key
Readers and cards must support Mifare Classic and PLAID
Is there a separate parking facility that requires authentication of a card for entry a
Are there elevators in the building? Will a card need to be presented to use the elev

hless Payments for use with XYZ ________________ : Technical Requirements

ystems Access (Logical Access): Technical Requirements

Example: PC Login using smartcard/PKI: Likely phase 1 to tie in with eSSO (High)
Example: Full Disk Encryption: Likely in future
Example: Email signing (High)
Example Email Encryption (Moderate)
Example: SHA1 or SHA 2 certificates: Not yet determined
Example: Secure storage in HSM (both CA and GP Keys)
Example: Custom certificate profile: Not likely but not yet determined
Example: Support local user switching for shared workstations
Example: Support roaming profiles? Undetermined
Example: Must be able to support unique global platform key process

Example:
Example:
Example:
Example:
Example:
Example:
Example:

Ability to support ABC Brand and version PIV card

Recognize CCID readers
Ability to work with standard certificate profiles
Support identified core applications and versions
Support user self-service for master pw reset
Support local user switching
Ability to abstract users from domain username / pw and change thereafter.

cy and Compliance
Example: Need to change policy for users not to be able to use domain password
Example: Create process by which emergency access can occur if card is lost
Example: Create / approve policy for certificate escrow, replication and manually loaded to mobile de
Example: Create Tiered approval workflows and policies for secure credentrial issuance in queue
Example: Coordinate proposed changes with PCI QSA for sign off and approval

ected Outcomes
Example: TCO target $120 per user per year
Example: Significantly limit developers overseas to check out code without digitally signing and thwa
Example: In conjuntion with DLP stop IP Leaks of confidential communicatiuons and IP
Eample: Mandatory signing with create chain of custody for source and authenticity
Example: PACS credential will enable consoilidation of facilities without reinvestments of cards or read
Example: Increased PCI Compliance and avoidance of fines projected to be incurred in rest of 2013

IT
PACS
Compliance
Acceptance Acceptance Acceptance

COMMENTS (please add initials in *()*

Legend
1 Enter "1"
2 Enter "2"

3 Enter "3"

System
Timelines and Scale

Dates
# Users

Physical Access
Control System Software
Physical Readers
Controllers
Protocol (Reader to Controller)
Enrollment Software
Perso / Central Bureau
Perso / Local
Perso / External Service
IT Systems & Platforms (In Scope)
Windows XP
Windows Vista
Windows 7 / 32 bit
Windows 7 / 64 bit
Windows 8
Mac OS Snow Leopard
MAC OS Lion
Mac OS Mountain Lion
Linux
Solaris
Citrix
Virtual Desktop
Server Versions
Web Browser
VPN
Virtual Machine / Servers
Directory
Applications (In Scope)
VPN
PC Login
Full Disk Encryption
email signing
email encryption
Local User Switching
OTP
SSO
CA (Internal or Hosted)
Custom Cert Profile required?
CA Connection (OCSP or CRL)
Dedicated OCSP?
Compliance Mandates
Assurance Levels

Version

PoC
ASAP
3

Devices

# Laptops
# Laptops w/reader built-in
# Desktops
BYOD (Computers)
# Home user owned machines

PILOT
ETA 09/2013
10

Production 1 Production 2

ETA 2/2014
1,000

ETA 06/2014
5,000

Future

2015

IT Comments

Physical Comments
Legend
1 Enter "1"
2 Enter "2"
3 Enter "3"