Feds scramble to meet smart-card program deadline

Computerworld - The U.S. government is studying the viability of a shared technology and services infrastructure to help agencies issue new Personal Identity Verification (PIV) smart cards to all employees and contractors beginning in October.

The goal of setting up such a common infrastructure is to make it easier and cheaper for agencies to enroll and register individuals in the PIV program, said David Temoshok, director for identity policy and management at the U.S. General Services Administration (GSA). Federal agencies are looking to implement a 2004 presidential directive requiring the smart cards.

“I would argue that if we can put a common infrastructure in place for agencies to start enrolling and registering individuals, it would be a huge and important step” in speeding adoption of the smart cards, Temoshok said. Such an infrastructure would include common services for capturing identity and biometric information and the systems needed to record that information, he said.

According to Temoshok, an executive steering committee is currently looking into funding and governance issues and is also trying to figure out which agencies would be in charge of such a shared infrastructure, he said. “We are looking at doing something that ought to be efficient and will also save agencies time and money,” he said.

Homeland Security Presidential Directive-12 (HSPD-12) is an unfunded mandate that calls for a governmentwide standard for identifying federal employees and contractors. It also mandates the use of a common identification credential (the PIV smart cards) for both logical and physical access to government computer systems and facilities. The cards must be interoperable across government, meaning a PIV card issued by one agency must be able to be read and verified by another agency’s authentication systems. The interoperability requirement has meant that agencies such as the departments of Defense and the Interior -- which have already rolled out millions of smart cards based on different standards over the past few years -- now must put in place a migration path to PIV cards.

Under HSPD-12, federal agencies had until last October to put in place a way to verify the identities and backgrounds of all federal employees and contractors. By the end of this October, they are required to start issuing PIV cards, though they are not required to issue them to all employees by then.

The government’s exploration of a shared infrastructure comes as federal agencies are scrambling to implement the needed infrastructure -- such as PIV-compliant card readers and biometric readers and physical access control devices -- by the October deadline. With just six months left to go, agencies don’t have a much time left, especially considering the fact that few PIV-compliant products are available, said David Troy, practice manager at Plano, Texas-based Electronic Data Systems Corp.