Changing with the times

GSA's smart card contract zeros in on post-Sept. 11 priorities

More than three years after the General Services Administration awarded its smart card contract, the agency is maneuvering to boost the popularity of that contract among agencies by creating a standard set of federal credentials to support interoperability while also examining the possibility of opening the procurement vehicle to more contractors.

GSA's Smart Access Common ID contract has attacted significant attention from agencies — especially for physical access applications — since the terrorist attacks of Sept. 11, 2001, but the contract still needs some tweaking to fully capitalize on this newfound interest, according to industry observers.

The indefinite-delivery, indefinite-quantity contract is now at a critical turning point. Agencies need a set of standardized identity requirements to ensure cross-agency interoperability. In addition, officials are clamoring for more advanced technologies, such as contactless cards and biometric tools, as they work to secure buildings and computer systems.

"This contract is really just starting to take off right now," said Jeremy Grant, director of strategy and business development for Maximus, one of four vendors on the contract. "A lot of the business case before Sept. 11 was in terms of efficiency of government. Once Sept. 11 happened, the brand-new focus was on security. There was not a lot of interest in biometrics before Sept. 11. We're now seeing a much greater integration of biometrics."

To date, buying on the contract has flowed from three main sources: commodity card buys from the Defense Department, a handful of DOD demonstration projects that are testing the use of biometrics on the cards, and competitive task orders from various agencies, Grant said.

For example, Maximus has won task orders from the Department of Veterans Affairs for its next-generation ID card, the Treasury Department for physical and logical access, GSA's New York office for physical access with biometrics, GSA's headquarters for physical access and the Transportation Security Administration's new pilot project for employee credentialing.

The VA Express Card program was designed to provide veterans with a portable data carrier so that health information could be transferred into an internationally readable format at any facility that a veteran enters for care, Grant said. For the Navy, Maximus is developing a card that functions like a debit card for financial transactions on a "cashless ship."

New OMB Push

For its part, GSA is working with the Office of Management and Budget to come up with a common set of information to identify individual federal employees that could be incorporated into an identity credential. The policy would not mandate what individual agencies' cards should support, but would call for a basic means of identifying and authenticating cardholders that could work across agencies.

"Once this happens and a policy is established, I can see a more widespread use of the contract," said Mickey Femino, director of GSA's Center for Innovative Business Solutions. "Our intent going back to 1996 was to have one interoperability [specification] to allow all federal employees to be recognized and authenticated and verified as federal employees. It would allow us to have one card that could be recognized by all federal employees, and we could standardize some of the basic features on it. Until a spec and policy are out, agencies still may go in many different directions."

This type of policy — combined with OMB's enterprise architecture blueprint — may help eliminate some of the "fits and starts" that have plagued other government smart card efforts such as GSA's, said Ray Bjorklund, vice president of market intelligence and chief knowledge officer for Federal Sources Inc.

"When an agency like OMB has established an enterprise architecture, there are many different layers...that should provide the real framework for these many disparate smart card programs," he said.

Seamless interoperability between smart card programs could facilitate the governmentwide information sharing that has become crucial in the post-Sept. 11 world, he added.

"The agencies that are using smart card technology are implementing them more as unique tools for their own agencies rather than talking about the total government need for sharing information," Bjorklund said. "There is some duplication right now. You can't share information if you have multiple log-in requirements and Joe has one kind of card and Sally has another kind of card."

Open to New Ideas

GSA officials also are considering an "open season" for the smart card contract, which would give more vendors a chance to join the market, Femino said. Some industry observers say this market is ripe for additional players that can offer new technologies.

Widening the field might also boost the popularity of the contract among agencies. Some are forging ahead with their smart card projects, because the smart card technology — and their in-house expertise in deploying it — have matured, said Greg Dicks, vice president of global solutions for ActivCard, a subcontractor on the GSA contract.

"Not everybody is using the GSA contract," Dicks said. "They might say, 'I have enough expertise in [information technology] and have supportive contractors so that I don't need the tech services from GSA. We can do this.' They are doing their own integration."

In addition, ActivCard is working through Maximus to supply applet technology to Treasury to enable its card to be used for secure sign-on with biometrics. Applets are small pieces of code that smart cards use to manage data and flow information between applications and the card.

Treasury employees use "the same card to get into the building and to get into the network," Dicks said. "That's the next step in sophistication in use of smart cards."

ActivCard attributes much of its success in the smart card middleware market to its ability to automatically send its software to a network server to automatically load onto users' computers.

As the contract moves forward, vendors most likely will add components such as contactless readers for physical access and biometrics-compatible technology, said Randy Vanderhoof, executive director of the nonprofit Smart Card Alliance Inc.

"As the government is starting to look at additional, expanded functionality on the smart card, you are likely to see other services, software and middleware be added," he said.

Havenstein is a freelance writer based in Cary, N.C.

***

At a glance

GSA's Smart Access Common ID contract

The contract was awarded in May 2000.

Vendors are EDS, BearingPoint Inc., Maximus and Northrop Grumman Corp.

The indefinite-delivery, indefinite- quantity contract is designed to provide agencies with common, interoperable, multiapplication smart card systems for identification, physical access, biometrics and cryptography.

Task orders are competed among the vendors to keep competition high and prices low.

Technologies available under the contract include integrated circuit chips, bar codes and magnetic strips. Multiapplication technologies allow agencies to maintain existing systems while deploying smart card technologies.

The contract supports applications such as property control, "electronic purse" transactions, electronic forms, medical information and financial applications.

NEXT STORY: Fla. firefighters test geolocation