Northrop to issue IDs compatible with PIV cards

To address growing cyber threats effectively, federal contractors should deploy stronger identity management solutions that are interoperable or at least compatible with federal employee identification systems, a senior executive with Northrop Grumman Corp. advises.

Northrop Grumman is preparing to issue its new OneBadge identification cards to thousands of its aerospace and defense employees. Its design is compatible with the federal standards for Personal Identity Verification cards.

The company expects to be one of the first federal contractors to use a centralized public-key infrastructure as part of its identity management program, according to Keith Ward, director of enterprise security and identity management at Northrop Grumman.

The company's entire federated identity management solution is aligned with Defense Department and with federal identity management policies, Ward said.

Northrop Grumman is "strengthening authentication across the enterprise with smart cards," Ward told the Smart Card Alliance conference Oct. 23.

Northrop is participating in Certipath LLC, an entity created by several defense contracting firms that is cross-certified by the Federal Bridge Certification Authority. Certipath became eligible this summer to participate in DOD's identity assurance, after DOD officials announced a policy change to begin accepting digital certificates from external organizations. Certipath is expected to be the first external organization accepted by the department under that memo.

Defense contractors must address new concerns about cyber threats that may affect their global supply chain.

At any given time, in the aerospace and defense global supply chain, approximately 300,000 supplier companies are working on U.S. government contracts around the world, representing roughly 3 million to 4 million individuals, Ward said.

"Aerospace and defense companies are responsible for vetting and supplying them with strong and secure credentials for access of intellectual property within the commercial space," Ward said.

"Aerospace and defense companies must balance the need to protect intellectual property while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information," he said.