NIST readies smart card testing

The National Institute of Standards and Technology is developing an interim

testing program to help agencies determine if the smart cards and readers

they buy off a governmentwide contract will work together.

When the General Services Administration awarded its estimated $1.5

billion Smart Access Common ID Card contract

to five prime vendors, it required that all the smart cards interoperate

so agencies could use the cards for more than one application.

To ensure interoperability, the vendors and GSA worked for months to

develop a neutral specification that all can support. Now it's time to test

the specification.

At the request of GSA, NIST is establishing a formal testing program

with commercial testing labs. But until that happens — sometime in fiscal

2002 — GSA plans to launch a temporary in-house program so that agencies

have at least some level of assurance that the smart cards they buy off

the GSA contract will work together, said Jim Dray, senior scientist at

NIST's Information Technology Laboratory, speaking at the Defending Cyberspace

2000 conference in Washington, D.C., Monday.

NIST plans to finalize the test criteria and begin testing by the end

of this month, he said. An informal certification process will be in place

at NIST by the end of March.

NIST will test interoperability between various smart cards and readers,

between the software on the host computer with the smart cards, and the

basic services interface, which is defined in the interoperability specification.

In the meantime, business on the Smart Access contract is picking up.

The Department of Veterans Affairs this week announced a $3.6 million smart

card buy and the Defense Department is on the verge of awarding a similar

task order.