FIPS-201 Failure

Author: Brian Rhodes, Published on May 28, 2012

The security market is hungry for money. With security budgets shrinking worldwide, any glimmer of untapped sales sends manufacturers and integrators scrambling. Nothing carries more impact that sweeping government regulations, and as a result, when FIPS-201 (PIV) demanded government entities reform their identity credential use, many providers jumped at the chance. Unfortunately, more than a decade later, the security industry is still waiting for race to begin.

In this update, we examine FIPS-201 intent, identify where it has gotten sidetracked, and discuss if it will ever be a significant source of security spending.

*******

****-*** **** ** *********** ******** *** ******* *********** **** * single ******:

  • ******* ** **** *.* ******* ******* ******* *** ***********
  • ******* ******** ******** ** ************ ******* ********
  • ** ** * ***** ** ********** ** ******** /***********

**** **********, *** ** ********** **** ******** * ***** ** comply. ***** **************** ***** *** ******, ******* *** *** **** *********** *******. **** **** *** ********: "**** **** *****?"

********

*** ********** ** ******* ******* ****-*** ******* ** *** *** to **** ** ********* ** *** ********** ******. ******, * host ** ***** ******** **** *********** ******** *******:

  • **** ********* ************* **** ****-*** *****:**** ****** *** ******* ** ** **** *** ** ** compliant.
  • ********** ********** ******** *** ******* **********:******* ******* ** ***** ** ********** ***** ** *****.
  • ******** ******** *********** **********:********* *********** *** ******* *** ** ** ******** *****.
  • ******** ********:******* **** ********** *********, ***** *** *** ******** ** **** changes.
  • ** *********** ****** *******:***** ******* *** ** *** ** ***-**********, **** ********* *** nonexistent.

Market ******

* ***** ********** ** ***-************ *** *** ******* ****** ** * ***** **** *** compliance ** *** ********** ********, *** ******* ******** ********* ** from ***** * **** ****** ******.

*** *******, * ********* '******' ******** ** ***** * '****** access *******' ****** ******* ** ****-*** ********* ** ******** *********** that **** ******** ************* *********. ** *** ******* ****, **** requires * **** ** **** **** ******** * '****' ***** under * ******. ** ********, ****-*** ********** ********** ******** * cryptographic '**** ****' ******* ******* ******-***. ** ******* ********** ******, **** ******** ***** ****** * full ****** ** ********** ********* ** '****' * **********.

***** ************ **** **** ********** ******** **** ******* *** ****** or **** ***** ********* ** ********* ********** ******* ********** ******* areas. ** ***** ** **** *******, **** ***** * **** percentage ** *** ********* **** ******* **** ** ********. **** does *** **** ******* *** **** ******** **** ********** ************ applicable ** *** ****** ******* ****** ******, ***** *** **** to ** ************* ******* ** ******** ******** ** ****** *********.

** ***** ** *** *** ******** ******, ****-*** ********** *** not ************ ******** ****** *********** ******* ** **** ********** ****** control *******. ** ** ********* ********* ** ***** *** ******* effectiveness ** ****-***. ***** *********'* ****** ** *****, *** **** can ** **** **** **** ************* *** ********* ***** ** the ******** ****** *** **** ******.

Future ****** ******?

*** ****** **: **, *** ** *** *** ** *** once ********. *** ****** ******* **** **** ** **** '*** cart ****** **** *** *****'. ** ****** *** ********* *** security ****** ** ** ********** ***** **********, ** ******* *** enforcement *** *** ************ **** ********* **** **** ** ********* into *** **** ** ********* ***********. ***** ******, ********** ******** will *** ****** ** ***** ***** ****** **** *** ****** to ** ***** * ******** ****** ** *** *******. *** many, ****-*** ********** ****** ******* ******* ***** *** ** *** '5-Year ********* ****' ** ** ********* ** * ***** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

HID Buys Mercury Security on Sep 19, 2017
One of the biggest access control deals in years. Mercury Security, the most widely used access hardware OEM, and partner to 20+ manufacturers,...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...
Master Keying Tutorial on Sep 14, 2017
Mechanical keys are the most fundamental, albeit unsophisticated, form of access control. Like access control, Master Keying allows large scale use...
Fail Safe vs. Fail Secure Tutorial on Sep 13, 2017
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these concepts...
Axis: Use QR Codes Instead of Access Cards on Sep 12, 2017
Innovation in access may be hard to find, but Axis recently suggested an idea for credentials few have considered. Rather than using plastic cards,...
Dahua and Hikvision Entering Access Control on Sep 05, 2017
Until now, Chinese video giants Hikvision and Dahua have held back releasing access internationally. Both companies have now pulled the trigger,...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
Competing Against G4S on Aug 09, 2017
G4S Secure Solutions is a global company, operating in multiple countries and offering a suite of products and services from guards to their AMAG...
ONVIF Releases Profile A for Access on Aug 08, 2017
ONVIF has struggled so far in access control. In 2014, ONVIF released Profile C for access control, but in the 3 years since, only 2 companies...
Access Control Commissioning / Install Checklist on Aug 03, 2017
This 80+ point checklist helps end users, integrators and consultants verify that access control installation is complete. It covers the following...

Most Recent Industry Reports

Avigilon Touting 'Made In America' on Sep 18, 2017
Canadian manufacturer Avigilon, who completed a US manufacturing facility in 2015, is now running a marketing campaign touting 'Made In America',...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...
Forgotten Password Problem Importance on Sep 15, 2017
Forgotten passwords has become a major industry topic. For example, Hikvision has been emailing admin passwords in plain text until IPVM's...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
Hikvision Launching Ezviz Pro on Sep 14, 2017
Hikvision is launching Ezviz Pro. In 2015, Hikvision expanded Ezviz, a direct to consumer offering, to North America. Now, Ezviz 'Pro' is...
Genetec Launches Community Connect Examined on Sep 14, 2017
Genetec has done best in large-scale, enterprise systems and relatively worse in smaller systems such as SMB. Now, Genetec is launching...
Master Keying Tutorial on Sep 14, 2017
Mechanical keys are the most fundamental, albeit unsophisticated, form of access control. Like access control, Master Keying allows large scale use...
Startup Turing Video Segway-Based Security Robot Profile on Sep 13, 2017
If security robots can not replace guards, perhaps the next best thing is a robot the guard can actually ride.  Turing Video has raised $5...
Fail Safe vs. Fail Secure Tutorial on Sep 13, 2017
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these concepts...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact