U.S. Agencies Face Smart-Card Deadlines - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

U.S. Agencies Face Smart-Card Deadlines

Businesses will learn from government's mandate for electronic employee ID cards

As the business world struggles with data-security lapses and intrusions, federal agencies are preparing for strict new standards to protect their facilities and information systems.

This week marks the deadline for every agency to submit to the White House Office of Management and Budget plans for making electronic identity cards available to all employees and contractors, under the Homeland Security Presidential Directive 12 signed in August. The federal government's push for extensive implementation of smart cards containing cryptographic keys and biometric data will help bring such technologies closer to the mainstream.

The level of implementation differs widely among federal agencies. Some already use smart cards for building access, but many haven't yet extended that capability to computer-network access. To help agencies comply, OMB recommended that the CIO and heads of physical security and human resources at each agency develop a plan. All federal employees are expected to have electronic identity cards for facilities and network access by Oct. 27, 2006.

Smart cards are required to be machine readable and hard to duplicate, and must have a photo and biometric data.

Smart cards are required to be machine readable and hard to duplicate, and must have a photo and biometric data.
Consistency is key. The White House wants a common definition of how the cards will work and has tapped the secretary of commerce to work with the State, Defense, and Homeland Security departments and the National Institute of Standards and Technology to meet that challenge. A standard delivered in February, called the Federal Information Processing Standard 201, stipulates that the electronic IDs must be designed to verify a person's identity while being difficult to illegally duplicate; they also have to be machine-readable and issued only through an official accreditation process. The standard also specifies that smart cards contain a photograph, cryptographic keys, and biometric data so that a cardholder's identity can be verified either by security personnel or an automated card reader.

Compliance with the directive will be a significant test as to how well smart-card systems scale, and the measure of its success will be important to both the public sector and the business world, says Bob Wilberger, senior executive for Northrop Grumman Corp.'s identity-management solutions business and a board member of the Smart Card Alliance, a not-for-profit group of tech vendors that promotes smart-card technology.

While smart cards aren't new to the federal government, this is the first time all agencies have been told to develop consistent technologies and processes. Since 2001 the Defense Department has issued more than 6 million smart cards as part of its Common Access Card program for facilities and computers, says Neville Pattinson, director of technology and government affairs for Axalto Inc., a maker of microprocessor-embedded smart cards that has helped with the implementation.

But smart cards won't eliminate security challenges. The weakest link in the smart-card security chain may very well be in issuing them. Birth certificates, driver's licenses, and other key documents used to verify a person's identity differ from state to state, and that lack of consistency creates opportunities for tampering.

The infrastructure needed to support issuing and reading smart cards also must be put in place, Wilberger adds. This includes systems that validate identifying documents, scan fingerprints, perform criminal background checks, take digital photos, manage card distribution, and read the cards.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Six Inevitable Technologies and the Milestones They Unlock
Guest Commentary, Guest Commentary,  10/3/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll