Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 17
17
and secure network connections). The number of credentials Requirements-to-Obtain Elements
developed since 2002 is, to some extent, the result of the flurry
of legislation resulting from the terrorist attacks of September During the application process, the issuing agencies require
11, 2001. Security credentials became the regulatory method of those seeking to obtain a security credential to submit various
effecting access control. types of information (e.g., name, address, Social Security Num-
ber). These requirements to obtain were gathered through the
individual applications and organized into several matrices to
Credential Categorization illustrate overlap or uniqueness among the various security
credentials. These matrices were grouped by transportation
Credentials were then categorized based on their primary mode to aid in identifying common requirements. Due to the
purpose of security (i.e., confirms that a person does not pose number of identified requirements to obtain, the results were
a security threat, establishes that a person possesses lawful sta- split into two matrices. Table 3-2 illustrates all requirements to
tus in the United States, and verifies identity) or safety (i.e., ver- obtain that apply to more than one credential. There are 34
ifies a person's "skill" qualifications). Figure 3-2 illustrates this singularly applicable requirements to obtain (that is, applica-
segregation of the credentials into the categories of security ble to only one credential) that are tabulated in Appendix B.
or safety. Of these credentials, 13 were designed primarily to There are 30 requirements to obtain that apply to more than
function as a security authentication for the credential- one credential. An applicant must submit his or her full name,
holder, 4 were designed primarily to certify the skill qual- date of birth, citizenship information, address, and undergo a
ifications of the credential-holder (i.e., the MML, STCW, security threat assessment for all of the identified security cre-
Pilot's License, and Engineer's License), and 2 function as dentials. Additionally, two of the requirements are applicable
both a means of security and safety (i.e., the CDL-HME and to 91% of the identified credentials: place of birth (not appli-
MMC). The HazMat endorsement for the CDL requires a cable to the CDL-HME) and fingerprinting (not applicable to
threat assessment (14), thus vetting the credential-holder from the passport). In total, 16 requirements apply to the majority
a security perspective. The MMC is a consolidation of the (>50%) of the identified credentials, including the 9 require-
MMD, MML, and STCW.(12) It requires both a demonstra- ments previously listed: sex (82% applicable), Social Security
tion of the abilities of the credential-holder (MML and STCW) Number (73% applicable), phone number (64% applicable),
and a determination of the perceived security risk (MMD) of aliases (64% applicable), height (55% applicable), eye color
the credential-holder. (55% applicable), hair color (55% applicable), employer name
This research effort was tasked with evaluating security (55% applicable), and e-mail address (55% applicable). In
credentials for persons who transport hazardous materials. total, there are 64 different requirements of an applicant to
As such, those credentials without a primary purpose of vet- obtain each of the 11 identified security credentials. Only 25%
ting the credential-holder and communicating the informa- of the requirements apply to the majority (>50%) of creden-
tion necessary to determine the credential-holder's validity tials, and only 8% of the requirements are universally applica-
were dropped from the remaining analysis efforts. These safety ble across all 11 identified credentials.
credentials were simply outside the scope of this project. Table 3-3 groups all background-check processes into the
security threat assessment category. This was done to simplify
the table for comparison purposes. However, this is an impor-
tant aspect of the security credentials, especially with regard
to duplication of effort and redundant costs (refer to the cost
analysis section). Table 3-3 specifies the background check
processes for each credential.
The fingerprint-based criminal records check refers to the
background check performed by the Federal Bureau of Inves-
tigation (FBI) using the National Crime Information Center
(NCIC). Regardless of the issuing agency, the FBI performs
this portion of the investigation and then provides the relevant
data to the issuing agency (or adjudicating organization). A
name-based investigation of relevant databases includes non-
fingerprint criminal history record checks (e.g., U.S. passport),
and a review of the Terror Watch List (e.g., TWIC, MMC, and
HME) maintained by DHS. This could also include other data-
Figure 3-2. Credential bases as the issuing agency may deem fit for a given circum-
categorization. stance. The MMD requires a drug test as part of the application
