Transportation Worker Identity Credential (TWIC) Biometric Reader Specification and TWIC Contactless Smart Card Application, 12626-12627 [07-1305]

Download as PDF 12626 Federal Register / Vol. 72, No. 51 / Friday, March 16, 2007 / Notices Please consult the NIAC Web site, http://www.dhs.gov/niac, for the most current agenda. Information on Services for Individuals with Disabilities: For information on facilities or services for individuals with disabilities, or to activities in which the Council is currently engaged. This meeting is open to the public on a first-come, first-served basis. Please note that the meeting may close early if all business is finished. A tentative agenda for the meeting is set forth below, but may be updated. requet special assistance at the meeting, telephone the Designated Federal Officer as soon as possible. Dated: March 8, 2007. Jenny Menna, Designated Federal Officer for the NIAC. DRAFT AGENDA OF APRIL 10, 2007 MEETING I. Opening of Meeting ............................................................................... II. Roll Call of Members ............................................................................ III. Opening Remarks and Introductions .................................................. IV. Approval of April Minutes .................................................................... V. Working Group Status Updates ........................................................... A. Chemical, Biological, and Radiological Events and Critical Infrastructure Workers. B. The Insider Threat to Critical Infrastructure Control Systems ...... VI. New Business ..................................................................................... VII. Adjournment ....................................................................................... [FR Doc. 07–1235 Filed 3–12–07; 4:35 pm] BILLING CODE 4410–10–M DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG–2007–27415] Transportation Worker Identity Credential (TWIC) Biometric Reader Specification and TWIC Contactless Smart Card Application Coast Guard, DHS. Notice of availability and request for comments. AGENCY: sroberts on PROD1PC70 with NOTICES ACTION: SUMMARY: The Coast Guard announces the availability of a draft Transportation Worker Identification Credential (TWIC) biometric reader specification and a draft TWIC contactless smart card application. These draft documents have been recommended to the Coast Guard by the National Maritime Security Advisory Committee. We request your comments on these draft recommended specifications, and on specific questions found at the end of this notice. DATES: Comments and related material must reach the Docket Management Facility on or before March 30, 2007. ADDRESSES: You may submit comments identified by Coast Guard docket number USCG–2007–27415 to the VerDate Aug<31>2005 15:24 Mar 15, 2007 Jkt 211001 Jenny Menna, Designated Federal Officer, NIAC, Department of Homeland Security (DHS). Jenny Menna. NIAC Chairman, Erle A. Nye, Chairman Emritus, TXU Corp. Michael Chertoff, Secretary, DHS (Invited). Frances Fragos Townsend, Assistant to the President for Homeland Security and Counterterrorism (Invited). NIAC Chairman, Erle A. Nye. NIAC Chairman, Erle A. Nye Presiding. Chief Rebecca F. Denlinger, Fire Chief, Cobb County, Georgia Fire and Emergency Services, NIAC Member, Martha H. Marsh, President and CEO, Stanford Hospital and Clinics, NIAC Member and Bruce Rohde, Chairman and CEO Emeritus, ConAgra Foods, Inc., NIAC Member. Edmund Archuleta, General Manager, El Paso Water Utilities, NIAC Member, and Thomas Noonan, General Manager, IBM Internet Security Systems, NIAC Member. NIAC Chairman, Erle A. Nye, NIAC Members. NIAC Chairman, Erle A. Nye. Docket Management Facility at the U.S. Department of Transportation. To avoid duplication, please use only one of the following methods: (1) Web site: http://dms.dot.gov. (2) Mail: Docket Management Facility, U.S. Department of Transportation, 400 Seventh Street SW., Washington, DC 20590–0001. (3) Fax: 202–493–2251. (4) Delivery: Room PL–401 on the Plaza level of the Nassif Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202–366– 9329. FOR FURTHER INFORMATION CONTACT: If you have questions on this notice, or the recommendations referenced in it, please contact Lieutenant Danielle Fennelly, U.S. Coast Guard, at 202–372– 1136. If you have questions on viewing or submitting material to the docket, call Renee V. Wright, Program Manager, Docket Operations, telephone 202–493– 0402. SUPPLEMENTARY INFORMATION: Public Participation and Request for Comments We encourage you to submit comments and related material on the recommended specification and application. All comments received will be posted, without change, to http:// dms.dot.gov and will include any personal information you have PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 provided. We have an agreement with the Department of Transportation (DOT) to use the Docket Management Facility. Please see DOT’s ‘‘Privacy Act’’ paragraph below. Submitting comments: If you submit a comment, please include your name and address, identify the docket number for this notice (USCG–2007–27415), and give the reason for each comment. You may submit your comments and material by electronic means, mail, fax, or delivery to the Docket Management Facility at the address under ADDRESSES; but please submit your comments and material by only one means. If you submit them by mail or delivery, submit them in an unbound format, no larger than 81⁄2 by 11 inches, suitable for copying and electronic filing. If you submit them by mail and would like to know that they reached the Facility, please enclose a stamped, self-addressed postcard or envelope. We will consider all comments and material received during the comment period. Viewing the comments and specifications: To view the comments and recommended specification and application, go to http://dms.dot.gov at any time, click on ‘‘Simple Search,’’ enter the last five digits of the docket number for this notice, and click on ‘‘Search.’’ You may also visit the Docket Management Facility in room PL–401 on the Plaza level of the Nassif Building, 400 Seventh Street SW., Washington, E:\FR\FM\16MRN1.SGM 16MRN1 Federal Register / Vol. 72, No. 51 / Friday, March 16, 2007 / Notices sroberts on PROD1PC70 with NOTICES DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. Privacy Act: Anyone can search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review the Department of Transportation’s Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov. Background and Questions for Comment The National Maritime Security Advisory Council (NMSAC) was created pursuant to the Federal Advisory Committee Act, 5 U.S.C., App. 2 (FACA) in 2003. The membership of NMSAC, which includes 21 voting members, was selected to represent all viewpoints regarding maritime security challenges and to inform the Coast Guard of relevant maritime security issues. At the regular NMSAC meeting of November 14, 2006, the Coast Guard and the Transportation Security Administration (TSA) asked NMSAC to develop a contactless biometric specification for TWIC by February 28, 2007, applying expertise from the biometric credentialing industry and maritime industry TWIC stakeholders. The specification was required to: a. Be non-proprietary; b. Incorporate appropriate security and privacy controls; c. Be consistent with FIPS 201–1 credential specifications; d. Be capable of serving as a platform for future capabilities; e. Be capable of supporting maritime operations; and f. Be easily manufactured. TSA and Coast Guard recommended that the task be addressed by dividing responsibilities to construct operational maritime requirements and technology specifications. We recommended that operational maritime requirements be developed by members of maritime industry and that they address credential authentication (e.g. authentication time and process, and alternate authentication procedures); durability requirements; and credential management procedures, including key management. We recommended that the technology specifications be developed with the technical expertise of biometric credentialing experts and address smart card, reader, and keying specification. The formal request from the TWIC program to NMSAC is available at the following URL: http:// homeport.uscg.mil under Missions > VerDate Aug<31>2005 16:13 Mar 15, 2007 Jkt 211001 Maritime Security > Maritime Transportation Security Act (MTSA) > National Maritime Security Advisory Committee (NMSAC) > TWIC Contactless Specification Development Working Group, and in the docket for this notice. On March 1, 2007, the Coast Guard received NMSAC’s report, entitled ‘‘Recommendations on Developing a Contactless Biometric Specification for the TWIC.’’ The report includes two recommended specifications. NMSAC expressed a strong preference for the first recommended specification, which does not require encryption of the cardholder’s fingerprint template; this would permit the template to be read by a reader when the card is energized by a contactless reader. The second recommended specification provides for encryption of the fingerprint template, which protects the template from being read contactlessly unless information on the card’s magnetic stripe is read by the reader and authorizes the release of the template. Encryption protects the template from being read covertly. However, if a TWIC is stolen or is in the hands of an unauthorized holder, encryption does not prevent the transfer of the template to a TWIC reader. Both sets of recommended specifications are available at the following URL: http:// homeport.uscg.mil under Missions > Maritime Security > Maritime Transportation Security Act (MTSA) > National Maritime Security Advisory Committee (NMSAC) > TWIC Contactless Specification Development Working Group. They are also available in the docket for this notice. We invite comment on all aspects of the NMSAC recommended specifications, and in particular those that address the following questions: 1. Should additional security measures be included in the specifications, such as the use of a PIN, to further minimize the chance that a fingerprint template from a lost or stolen credential could be obtained by an unauthorized individual? If so, would the addition of a PIN or other security measure adversely impact operations? Does the length of the PIN affect adverse impacts in any measurable way? 2. What, if any, privacy concerns exist if the fingerprint template is obtained by an unauthorized individual? 3. How would the recommended specifications impact facility and vessel security and operations? 4. How would the recommended specifications impact existing physical access control systems? 5. Are there alternative designs we should consider, and if so, what are the PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 12627 advantages and disadvantages of the alternative designs? 6. How would the recommended specifications impact product, system, and operational costs? 7. How quickly could the recommended specifications be incorporated into the design and manufacture of access control equipment? 8. Should there be a process for identifying a Qualified Products List (QPL) or other equivalent regime? If so, what is the most efficient and effective way of creating a QPL? The Coast Guard and TSA will examine all comments received concerning NMSAC’s recommended specifications and the questions above. We will issue a Notice in the Federal Register to explain and announce the selected technology specification as we proceed with the TWIC program, in particular, the upcoming pilot programs in which we will field test the use of TWIC in biometric readers in the maritime environment. Dated: March 13, 2007. J.G. Lantz, Director of National and International Standards, Assistant Commandant for Prevention. [FR Doc. 07–1305 Filed 3–13–07; 3:40 pm] BILLING CODE 4910–15–P DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR–5125–N–11] Federal Property Suitable as Facilities To Assist the Homeless Office of the Assistant Secretary for Community Planning and Development, HUD. ACTION: Notice. AGENCY: SUMMARY: This Notice identifies unutilized, underutilized, excess, and surplus Federal property reviewed by HUD for suitability for possible use to assist the homeless. EFFECTIVE DATE: March 16, 2007. FOR FURTHER INFORMATION CONTACT: Kathy Ezzell, Department of Housing and Urban Development, Room 7262, 451 Seventh Street SW., Washington, DC 20410; telephone (202) 708–1234; TTY number for the hearing- and speech-impaired (202) 708-2565, (these telephone numbers are not toll-free), or call the toll-free Title V information line at 1–800–927–7588. SUPPLEMENTARY INFORMATION: In accordance with the December 12, 1988 court order in National Coalition for the Homeless v. Veterans Administration, E:\FR\FM\16MRN1.SGM 16MRN1

Agencies

[Federal Register Volume 72, Number 51 (Friday, March 16, 2007)]
[Notices]
[Pages 12626-12627]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-1305]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

[USCG-2007-27415]


Transportation Worker Identity Credential (TWIC) Biometric Reader 
Specification and TWIC Contactless Smart Card Application

AGENCY: Coast Guard, DHS.

ACTION: Notice of availability and request for comments.

-----------------------------------------------------------------------

SUMMARY: The Coast Guard announces the availability of a draft 
Transportation Worker Identification Credential (TWIC) biometric reader 
specification and a draft TWIC contactless smart card application. 
These draft documents have been recommended to the Coast Guard by the 
National Maritime Security Advisory Committee. We request your comments 
on these draft recommended specifications, and on specific questions 
found at the end of this notice.

DATES: Comments and related material must reach the Docket Management 
Facility on or before March 30, 2007.

ADDRESSES: You may submit comments identified by Coast Guard docket 
number USCG-2007-27415 to the Docket Management Facility at the U.S. 
Department of Transportation. To avoid duplication, please use only one 
of the following methods:
    (1) Web site: http://dms.dot.gov.
    (2) Mail: Docket Management Facility, U.S. Department of 
Transportation, 400 Seventh Street SW., Washington, DC 20590-0001.
    (3) Fax: 202-493-2251.
    (4) Delivery: Room PL-401 on the Plaza level of the Nassif 
Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 
p.m., Monday through Friday, except Federal holidays. The telephone 
number is 202-366-9329.

FOR FURTHER INFORMATION CONTACT: If you have questions on this notice, 
or the recommendations referenced in it, please contact Lieutenant 
Danielle Fennelly, U.S. Coast Guard, at 202-372-1136. If you have 
questions on viewing or submitting material to the docket, call Renee 
V. Wright, Program Manager, Docket Operations, telephone 202-493-0402.

SUPPLEMENTARY INFORMATION:

Public Participation and Request for Comments

    We encourage you to submit comments and related material on the 
recommended specification and application. All comments received will 
be posted, without change, to http://dms.dot.gov and will include any 
personal information you have provided. We have an agreement with the 
Department of Transportation (DOT) to use the Docket Management 
Facility. Please see DOT's ``Privacy Act'' paragraph below.
    Submitting comments: If you submit a comment, please include your 
name and address, identify the docket number for this notice (USCG-
2007-27415), and give the reason for each comment. You may submit your 
comments and material by electronic means, mail, fax, or delivery to 
the Docket Management Facility at the address under ADDRESSES; but 
please submit your comments and material by only one means. If you 
submit them by mail or delivery, submit them in an unbound format, no 
larger than 8\1/2\ by 11 inches, suitable for copying and electronic 
filing. If you submit them by mail and would like to know that they 
reached the Facility, please enclose a stamped, self-addressed postcard 
or envelope. We will consider all comments and material received during 
the comment period.
    Viewing the comments and specifications: To view the comments and 
recommended specification and application, go to http://dms.dot.gov at 
any time, click on ``Simple Search,'' enter the last five digits of the 
docket number for this notice, and click on ``Search.'' You may also 
visit the Docket Management Facility in room PL-401 on the Plaza level 
of the Nassif Building, 400 Seventh Street SW., Washington,

[[Page 12627]]

DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal 
holidays.
    Privacy Act: Anyone can search the electronic form of all comments 
received into any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review the 
Department of Transportation's Privacy Act Statement in the Federal 
Register published on April 11, 2000 (65 FR 19477), or you may visit 
http://dms.dot.gov.

Background and Questions for Comment

    The National Maritime Security Advisory Council (NMSAC) was created 
pursuant to the Federal Advisory Committee Act, 5 U.S.C., App. 2 (FACA) 
in 2003. The membership of NMSAC, which includes 21 voting members, was 
selected to represent all viewpoints regarding maritime security 
challenges and to inform the Coast Guard of relevant maritime security 
issues. At the regular NMSAC meeting of November 14, 2006, the Coast 
Guard and the Transportation Security Administration (TSA) asked NMSAC 
to develop a contactless biometric specification for TWIC by February 
28, 2007, applying expertise from the biometric credentialing industry 
and maritime industry TWIC stakeholders. The specification was required 
to:
    a. Be non-proprietary;
    b. Incorporate appropriate security and privacy controls;
    c. Be consistent with FIPS 201-1 credential specifications;
    d. Be capable of serving as a platform for future capabilities;
    e. Be capable of supporting maritime operations; and
    f. Be easily manufactured.
    TSA and Coast Guard recommended that the task be addressed by 
dividing responsibilities to construct operational maritime 
requirements and technology specifications. We recommended that 
operational maritime requirements be developed by members of maritime 
industry and that they address credential authentication (e.g. 
authentication time and process, and alternate authentication 
procedures); durability requirements; and credential management 
procedures, including key management. We recommended that the 
technology specifications be developed with the technical expertise of 
biometric credentialing experts and address smart card, reader, and 
keying specification. The formal request from the TWIC program to NMSAC 
is available at the following URL: http://homeport.uscg.mil under 
Missions > Maritime Security > Maritime Transportation Security Act 
(MTSA) > National Maritime Security Advisory Committee (NMSAC) > TWIC 
Contactless Specification Development Working Group, and in the docket 
for this notice.
    On March 1, 2007, the Coast Guard received NMSAC's report, entitled 
``Recommendations on Developing a Contactless Biometric Specification 
for the TWIC.'' The report includes two recommended specifications. 
NMSAC expressed a strong preference for the first recommended 
specification, which does not require encryption of the cardholder's 
fingerprint template; this would permit the template to be read by a 
reader when the card is energized by a contactless reader. The second 
recommended specification provides for encryption of the fingerprint 
template, which protects the template from being read contactlessly 
unless information on the card's magnetic stripe is read by the reader 
and authorizes the release of the template. Encryption protects the 
template from being read covertly. However, if a TWIC is stolen or is 
in the hands of an unauthorized holder, encryption does not prevent the 
transfer of the template to a TWIC reader.
    Both sets of recommended specifications are available at the 
following URL: http://homeport.uscg.mil under Missions > Maritime 
Security > Maritime Transportation Security Act (MTSA) > National 
Maritime Security Advisory Committee (NMSAC) > TWIC Contactless 
Specification Development Working Group. They are also available in the 
docket for this notice.
    We invite comment on all aspects of the NMSAC recommended 
specifications, and in particular those that address the following 
questions:
    1. Should additional security measures be included in the 
specifications, such as the use of a PIN, to further minimize the 
chance that a fingerprint template from a lost or stolen credential 
could be obtained by an unauthorized individual? If so, would the 
addition of a PIN or other security measure adversely impact 
operations? Does the length of the PIN affect adverse impacts in any 
measurable way?
    2. What, if any, privacy concerns exist if the fingerprint template 
is obtained by an unauthorized individual?
    3. How would the recommended specifications impact facility and 
vessel security and operations?
    4. How would the recommended specifications impact existing 
physical access control systems?
    5. Are there alternative designs we should consider, and if so, 
what are the advantages and disadvantages of the alternative designs?
    6. How would the recommended specifications impact product, system, 
and operational costs?
    7. How quickly could the recommended specifications be incorporated 
into the design and manufacture of access control equipment?
    8. Should there be a process for identifying a Qualified Products 
List (QPL) or other equivalent regime? If so, what is the most 
efficient and effective way of creating a QPL?
    The Coast Guard and TSA will examine all comments received 
concerning NMSAC's recommended specifications and the questions above. 
We will issue a Notice in the Federal Register to explain and announce 
the selected technology specification as we proceed with the TWIC 
program, in particular, the upcoming pilot programs in which we will 
field test the use of TWIC in biometric readers in the maritime 
environment.

    Dated: March 13, 2007.
J.G. Lantz,
Director of National and International Standards, Assistant Commandant 
for Prevention.
[FR Doc. 07-1305 Filed 3-13-07; 3:40 pm]
BILLING CODE 4910-15-P