New ID standard is just the first of two-part plan
The debate over specifications for federal and contractor employee identification cards did not end with the Commerce Department’s release of the Personal Identity Verification standard late last month. Locked in a small room somewhere are federal and industry experts discussing technical details for biometrics, card interfaces and encryption requirements.
And it is these details that agencies, manufacturers of cards and card readers, and systems integrators are fretting over.
“The devil will be in the details, and there are a few different details that need to be clarified for what will work and what will not,” said Jeremy Grant, enterprise solutions vice president at Maximus Inc., a card manufacturer in Reston, Va. “The proposed changes worried a lot of people because it would necessitate new cards and new certification processes.”
Maximus is one of four contractors for the General Services Administration’s Smart Access Common ID program. GSA awarded the smart-card pacts in 2000.
President Bush issued Homeland Security Presidential Directive 12 Aug. 27, ordering the National Institute of Standards and Technology to produce within six months a federal standard for secure and reliable IDs for federal employees and contractors.
NIST will issue separate publications for biometric, card encryption and card interface technical specifications. NIST considered including them in the Federal Information Processing Standard 201 but needed more time, said Ed Roback, chief of NIST’s Computer Security Division.
More to come
FIPS-201 spells out the common ID and security requirements for applications that will use the new cards. Agencies must implement it by Oct. 25.
The second section of the standard discusses the technical specifications of the card and components required for interoperability across all agencies.
The Office of Management and Budget has not set the deadline for implementing the second part of the document. Many industry experts said the administration likely will choose October of next year as the deadline.
Agencies have until June 25 to submit a program to OMB for compliance with the standard. Within another four months, agencies must be in initial compliance.
“We tried to make sure we came out with something that was a consistent whole,” Roback said. “We were quite pleased we were able to get something out in the time the president required. There is a lot more work ahead for NIST, the agencies and industry.”
Digg
De.licio.us
Slashdot
Technorati
