FIPS-201 Failure

Author: Brian Rhodes, Published on May 28, 2012

The security market is hungry for money. With security budgets shrinking worldwide, any glimmer of untapped sales sends manufacturers and integrators scrambling. Nothing carries more impact that sweeping government regulations, and as a result, when FIPS-201 (PIV) demanded government entities reform their identity credential use, many providers jumped at the chance. Unfortunately, more than a decade later, the security industry is still waiting for race to begin.

In this update, we examine FIPS-201 intent, identify where it has gotten sidetracked, and discuss if it will ever be a significant source of security spending.

*******

****-*** **** ** *********** ******** *** ******* *********** **** * single ******:

  • ******* ** **** *.* ******* ******* ******* *** ***********
  • ******* ******** ******** ** ************ ******* ********
  • ** ** * ***** ** ********** ** ******** /***********

**** **********, *** ** ********** **** ******** * ***** ** comply. ***** **************** ***** *** ******, ******* *** *** **** *********** *******. **** **** *** ********: "**** **** *****?"

********

*** ********** ** ******* ******* ****-*** ******* ** *** *** to **** ** ********* ** *** ********** ******. ******, * host ** ***** ******** **** *********** ******** *******:

  • **** ********* ************* **** ****-*** *****:**** ****** *** ******* ** ** **** *** ** ** compliant.
  • ********** ********** ******** *** ******* **********:******* ******* ** ***** ** ********** ***** ** *****.
  • ******** ******** *********** **********:********* *********** *** ******* *** ** ** ******** *****.
  • ******** ********:******* **** ********** *********, ***** *** *** ******** ** **** changes.
  • ** *********** ****** *******:***** ******* *** ** *** ** ***-**********, **** ********* *** nonexistent.

Market ******

* ***** ********** ** ***-************ *** *** ******* ****** ** * ***** **** *** compliance ** *** ********** ********, *** ******* ******** ********* ** from ***** * **** ****** ******.

*** *******, * ********* '******' ******** ** ***** * '****** access *******' ****** ******* ** ****-*** ********* ** ******** *********** that **** ******** ************* *********. ** *** ******* ****, **** requires * **** ** **** **** ******** * '****' ***** under * ******. ** ********, ****-*** ********** ********** ******** * cryptographic '**** ****' ******* ******* ******-***. ** ******* ********** ******, **** ******** ***** ****** * full ****** ** ********** ********* ** '****' * **********.

***** ************ **** **** ********** ******** **** ******* *** ****** or **** ***** ********* ** ********* ********** ******* ********** ******* areas. ** ***** ** **** *******, **** ***** * **** percentage ** *** ********* **** ******* **** ** ********. **** does *** **** ******* *** **** ******** **** ********** ************ applicable ** *** ****** ******* ****** ******, ***** *** **** to ** ************* ******* ** ******** ******** ** ****** *********.

** ***** ** *** *** ******** ******, ****-*** ********** *** not ************ ******** ****** *********** ******* ** **** ********** ****** control *******. ** ** ********* ********* ** ***** *** ******* effectiveness ** ****-***. ***** *********'* ****** ** *****, *** **** can ** **** **** **** ************* *** ********* ***** ** the ******** ****** *** **** ******.

Future ****** ******?

*** ****** **: **, *** ** *** *** ** *** once ********. *** ****** ******* **** **** ** **** '*** cart ****** **** *** *****'. ** ****** *** ********* *** security ****** ** ** ********** ***** **********, ** ******* *** enforcement *** *** ************ **** ********* **** **** ** ********* into *** **** ** ********* ***********. ***** ******, ********** ******** will *** ****** ** ***** ***** ****** **** *** ****** to ** ***** * ******** ****** ** *** *******. *** many, ****-*** ********** ****** ******* ******* ***** *** ** *** '5-Year ********* ****' ** ** ********* ** * ***** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
Competing Against G4S on Aug 09, 2017
G4S Secure Solutions is a global company, operating in multiple countries and offering a suite of products and services from guards to their AMAG...
ONVIF Releases Profile A for Access on Aug 08, 2017
ONVIF has struggled so far in access control. In 2014, ONVIF released Profile C for access control, but in the 3 years since, only 2 companies...
Access Control Commissioning / Install Checklist on Aug 03, 2017
This 80+ point checklist helps end users, integrators and consultants verify that access control installation is complete. It covers the following...
Bosch G-Series Intrusion Tested on Jul 26, 2017
Bosch is one of the biggest names in intrusion, and the company's G-Series panels are their most advanced commercial and high-security panels. But...
Smartcard Copier Tested (13.56MHz) on Jul 05, 2017
Copying 125kHz cards is certainly easy, as our test results showed, but how about 13.56MHz smart cards? Are they more secure? IPVM focused on the...
Biometrics Pros and Cons For Electronic Access Control on Jun 26, 2017
Biometrics has been long sought as an alternative to the security risks of cards, pins and passwords. While biometrics has improved somewhat over...
Access Control Course Winter 2018 on Jun 11, 2017
The Winter 2018 IPVM Access Control Course is now open; save $50 on early registration. IPVM offers the most comprehensive access control course...
RMR Integrator Importance Statistics on Jun 08, 2017
How do integrators feel about offering RMR / recurring revenue services? For many, their business revolves around RMR, while others see no...
HID Edge EVO Tested on Jun 07, 2017
HID Edge controllers have been one of most common offerings in IP door controllers for years. The new generation is called Edge EVO. We tested...

Most Recent Industry Reports

FLIR Restructures Security Division on Aug 22, 2017
FLIR's goal was once to have a single end-to-end security solution. However, FLIR's Security business unit has been struggling, with several areas...
Honeywell Total Connect 2.0 Tested on Aug 22, 2017
Honeywell is one of the biggest brands in security, with Total Connect 2.0 being the company's remote security and smarthome platform. We bought...
IP Camera Cabling Testing Statistics on Aug 22, 2017
Test and certify, or crimp and pray? Some integrators certify every cable they run, while others only inspect cables that have video issues. 130...
Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact