Emergency Services Credentialing: FEMA Leads the Way

The National Capital Region (NCR) Coordination Office of the Federal Emergency Management Agency (FEMA) has completed a major initiative to develop a “smart”entity-card system for emergency responders that gives first responders from agencies and organizations throughout the region the ability to quickly and easily gain access government buildings and other federal properties in times of disaster. The initiative also is designed to remedy access problems such as those encountered by state and local emergency officials responding to the 11 September 2001 attack on the Pentagon.

FEMA not only played the key role in developing the system but also was quick off the mark in using it to meet its own credentialing requirements. The agency is working hard in providing professional credentialing not only for its own response employees but also for its Disaster Reserve Workforce employees. The latter has 23 major cadres for deployment during disasters officially declared by the President.

A Vivid WFID Multi-Agency Demonstration In February 2006, NCR coordinated a multi-agency demonstration to test the interoperability and usability of its credentialing model through simulated emergency incidents at federal, state, and local facilities – including the Pentagon, a Virginia state facility, a port controlled by the State of Maryland, and a checkpoint in a Maryland county.

What was called the Winter Fox Interoperability Demonstration was conducted by NCR officials and hosted by the Pentagon Force Protection Agency, the State of Maryland, and the Commonwealth of Virginia.

Approximately 500 First Responder Authentication Credential (FRACs) cards were issued to senior federal, state, and county public-safety officials for the demonstration. The smartentity cards, which were FIPS-compliant – i.e., they met the standards postulated in Federal Information Processing Standard 201 – enabled the users to electronically validate theirentities so that security personnel could make informed decisions for granting or denying access. Standardized electronic-identity verification was required for various levels of perimeter security at all demonstration sites regardless of agency affiliation.

WFID also validated the ability of participating agencies to use the FIPS 201 architecture to electronically validate NIMS (National Incident Management System) and/or NIPP (National Infrastructure Protection Plan) personnel qualification information, which was needed to facilitate the incident-management capabilities of human resource assets. For example, incident commanders requiring a certain emergency support function, or sector qualification, could readily determine if anyone at the scene met the requirements needed.

FRACs also assist incident commanders in preparing after-action reports and assessments by enabling them to electronically reconstruct the time and attendance of each individual within the incident area upon both entry and departure. These reports are electronically transmitted, in real time, via satellite communications to national, state, and local emergency operations centers – including the Northern Command Headquarters (NORTHCOM) in Colorado, the Pentagon’s Emergency Operations Center, the NORTHCOM/NCR Joint Operations Center, and the Maryland Emergency Management Agency.

The FRACs are now a performance measure in NCR exercises, which require full implementation and integration by emergency officials throughout the National Capital Region toentify those responding to incidents at a large number of previously designated federal, state, local, and private-sector facilities.

Major Roles Played by ANSI & Virginia Commonwealth The Governor’s Office of Commonwealth Preparedness in Virginia, the first statewide effort, is moving smartly forward throughout the commonwealth on its own credentialing project. Mike McAlister, the director of that project, is becoming known nationally for his knowledge and expertise in this arena, which is a key element in Virginia’s vigorous efforts to plan ahead to ensure the safety and security of over a thousand critical infrastructures.

Colorado is another state in which the initial credentialing efforts are moving forward expeditiously. Its program, known for a few days as CRAC (the “C” standing for Colorado, of course), brought too many smiles along the emergency-services grapevine so the acronym was changed to COFRAC and under that name enables interoperable credential-validation technology to support the rollout of the Colorado First Responder Authentication Credential (COFRAC) Bridge.

The COFRAC standard was created by the State of Colorado as a quick and effective way to validate theentity and personal/professional attributes of those who are required or volunteer to respond to any hazard. Through the COFRAC Bridge, all of the state’s first responders’ personal attributes, qualifications, and access privileges will now be aggregated, allowing for full interoperability of the credentialing project throughout the state.

Previously, according to Colorado’s Office of Information Technology, the state had several disparate systems in place for validating first responders’entities, but no fully established and promulgated credentialing standards or policies. The new system enables first responders to move seamlessly throughout Colorado and gives incident commanders the ability to know exactly who they have on the scene and what skill sets they possess.

The American National Standards Institute (ANSI) also is working at the national level to incorporate the private sector into an effective credentialing process by using systems similar to the interoperable FIPS-201 credential-validation technology to give public-sector organizations the ability to control access to future disaster sites. In short, at all levels of government, the new credentialing capabilities will be critical to mounting an effective response to and recovery from emergencies of any type that require the support not only of various federal, state, and local agencies but also from a number of private-sector organizations as well.