A number of federally mandated identification card requirements are now in various stages of rulemaking or initial implementation. Each contains security requirements, often including some smart card technology, and each is targeted toward a specific user group, such as government workers and contractors, transportation workers, and the general public.
One such directive is HSPD-12. The directive requires the government to issue a common, smart-card-based identification credential to all federal employees and contractors, and it is forcing the government and industry to address many of the barriers to large-scale smart card deployment. The card must be able to allow physical access to federally controlled facilities and logical access to information systems.
Agencies and industry partners worked feverishly for two years to align the programs, funding, and technology to begin issuing the cards last October. The transition, however, has been far from smooth. Some agencies did not meet the deadline at all. Of those that did, some issued only a handful of cards. And when compliance testing was conducted, many cards failed to meet the required standards. Those that failed did so for a variety of reasons, major and minor. One example of a serious problem was that card information was encoded in the wrong order, making interoperability impossible.
In January, additional testing found lingering problems. Agencies now have until October 2008 to issue compliant cards to their entire employee and contractor base. Those that still have problems face the greatest challenges, but even agencies that passed the first test by issuing a small number of compliant cards face new hurdles, such as the logistical issues arising with a nationwide rollout and the difficulties of integrating legacy systems.
Shelly Hartsook is a consultant with the security and identity management solutions practice at BearingPoint, Inc., in McLean, Virginia. Gordon Hannah is managing director and solution leader of the security and identity management solutions practice with BearingPoint.