Jim Robell, President & CEO
Taking a quick look into the past, military and federal personnel were required to have different photo IDs and credentials for each government facility they went to. For example, for entry to the Navy Yard, the individual would need a badge for the Yard, and for the Pentagon they would need another card. The difficulties created by these varied forms of credentials prompted the creation of Homeland Security Presidential Directive 12 (HSPD-12). Aimed at a common identification standard for federal employees and contractors, the directive mandates a federal standard for secure and reliable forms of identification. It outlines three key requirements, governing physical access control, logical access control, and visual security verification—all facilitated via a single, multifunctional credential. The credential would enable authorized staff from any department to move around any U.S. Federal government premises. This paved the way for Personal Identity Verification (PIV) and Personal Identity Verification- Interoperable (PIV-I) credentials.
Today, the U.S. Department of Homeland Security's National Protection and Programs Directorate endorses PIV/ PIV-I multifactor authentication as the number one measure that every organization should implement to secure their facilities. Regardless of its application—be it in cybersecurity or physical security—comprehensive PIV/PIV-I-based solutions facilitate an effective, simple, and secure approach to identity management. As one of the most experienced PIV-I issuers in the world, Fortior Solutions has been at the forefront of these developments, delivering multifunctional “smart card” IDs to the likes of the U.S. Department of Defense, U.S. Department of Homeland Security, and private/ commercial facilities.
Established in 2001, Fortior Solutions was quick to evolve from its initial focus on providing security for retail stores to landing its first U.S. military facility contract. Soon, the company extended its services to support the U.S. Department of Defense and the U.S. Department of Homeland Security. Today, Fortior Solutions is one of the largest and the most effective security and identity and access management solution providers in the U.S. The company provides a wide range of identity management and credentialing solutions, which include their PIV-I support suite provided through the company’s RAPIDGate® program—consisting of RAPIDGate and RAPIDGate- Premier—along with the RAPID-RCx® program for multi-credential support, and through the company’s Fortior PIV-I™ program.
"We have created hundreds of thousands of credentials for the U.S. military. We have leveraged that experience to help commercial enterprises improve their security as well," states Jim Robell, President and CEO of Fortior Solutions.
End-to-End Identity Management
Fortior's RAPIDGate-Premier is a true end to end solution for granting authorized vendors, contractors, suppliers, and service providers access to secured locations such as critical infrastructure, military and Government facilities. It follows a very robust system for approving people or sponsoring users to participate in a program. Users electronically self-enroll via submission of their biographic and biometric information. The company then processes a comprehensive background screening of the individual.
If the individual passes, the company creates a PIV-I credential, which is then shipped out to the facility, where a trusted agent issues it to the individual. RAPIDGate-Premier also offers handheld reader capabilities, so that even when a person arrives at the farthest perimeter access control point, the system can scan the credential and provide a response in less than three seconds, verifying whether that person is authorized to enter at that access control point at that time. The program also keeps the records and provides the report of access at the gates or network terminals.
The system is equally effective in ensuring the fidelity of cybersecurity applications as well. "We do security in layers, and we have enlisted some very respectable cyber experts to conduct penetration testing, and we have done well. We attribute this to the fact that we not only sell PIV-I but also use PIV-I ourselves. This has made us secure at every level," explains Robell.
Dynamic Screening for Optimum Security
Fortior facilitates background screening for commercial applications—schools, banks, or other high-risk civilian sites— if a facility demands it. The company carries out the same for the military and other critical infrastructure components. Fortior provides a wide range of thorough vetting to meet the rigorous needs of its clients. The vetting is designed to be applicable across agencies and departments.
The process is done in three modes:
1. Initial Vetting: All individuals are required to undergo vetting to determine eligibility to participate in the program. Vetting criteria and requirements are set by the client based on security needs. In addition to processing commercial background screenings, Fortior is certified by the Federal Government to process NCIC/III checks on behalf of authorized recipients.
2. Ongoing Vetting: Throughout an individual’s (contractor, vendor, supplier and/or service provider) participation in the program, Fortior continues to monitor their background. Should something change in their criminal history, the instance will get flagged, and the system will suspend their access or program participation. Individuals may dispute adverse vetting results through a redress process. User privileges will be turned back on only if their redress is successful. If not, the users will be notified, and the facility can turn off their access privileges for good.
3. Credentials have expired/no longer an employee: In such cases, Fortior can turn off a person's access rights— before retrieving the credential and physical control of the credential—at any facility within minutes.
In military installations, identity and access management is critical, and yet they need a fair balance between optimal security and convenience. For example, at one major Pacific Northwest military installation, the personnel in charge of security were concerned about their outdated identity and access management system. The IDs issued were simply handwritten or typed paper passes that authorized individuals from external contractor companies to have access to the base throughout the length of their contract. This presented a significant vulnerability at multiple levels. For instance, contractor personnel might access a facility after their employment was terminated. If they retained their pass, there was no operational manner for guards to determine who was still employed and whether they should have access to the facility. The user could present the paper pass to the guards, with no way to confirm or deny, especially during high traffic times.
It is significantly easier to make security a part of the culture before an attack than it is to recover from one
Fortior created a program with the features required by the client using a PIV-I system that clearly defines the type of access that each user possesses. The status of the access privileges remains up to date in the system, and the system facilitates clear communication between gates and facility administration. "Since the inception of the program in 2004, we have accurately detected more than 50,000 people who do not meet the eligibility requirements for access to U.S. military facilities. We provided this military base with a much more efficient and expedited access control system, much like TSA PreCheck at the airport," adds Robell. The program was so successful that more than 150 military bases soon started using the RAPIDGate system.
A Legacy of Innovation and Accountability
From defense clients to commercial enterprises, Fortior has lead the way with the most robust physical and logical access solutions. For enterprises that don't have an integrated vendor management solution, Fortior provides a military-strength turnkey vendor management solution. The company takes tremendous pride in the fact that it has made a large number of military bases much safer and more secure. As Robell says, "No matter if you are the military, critical infrastructure, commercial or private sector organization if you want a system to know who is coming into your facility and who's not, Fortior Solutions has the answer." Fortior has processed more than 5 million screenings, been used over a half a billion times to secure U.S. military locations, and has identified more than 4 million attempted entry anomalies. More than 1.2 million vendor participants have signed up for Fortior Solutions programs, and with their seven IT “operating authorities” that they have received, they have proven their commitment to protecting participants' data. Fortior has helped all of its clients evolve far beyond the paper pass systems that harken back to the 1990s and embrace a new, all integrated, highly secure enterprise-wide solution.
For 2020, Fortior predicts that the U.S. Government will stop giving extensions to the Real ID Act and stop exempting compliance with NIST SP 800-171, which carries considerable vulnerabilities in and of itself. Fortior wants the agencies to be proactive and emphasize security in their budgets to protect themselves against cyber infiltration. "It is significantly easier to make security a part of the culture before an attack than it is to recover from one," says Robell. With technologies such as the cloud having more impact on the security landscape, Fortior intends to broaden its reach into new vertical markets, and deliver even better value solutions at a lower cost of service. The company also plans to expand its services to other countries, providing organizations throughout the world with the same robust solutions that have made Fortior Solutions a recognized leader in high-assurance identity management and vetting solutions in the U.S.