More smart card standards, please
That's what officials at the National Institute of Standards and Technology say.
NIST report on smart-card standards
Although many smart card standards exist, more are needed to make the best use of the cards, according to a government report issued this week.
A National Institute of Standards and Technology study found a need for additional technical and policy standards as agency officials discover more uses for smart cards spanning organizations. Smart cards are increasingly being used both for controlling physical access to government facilities and authenticating federal users' identities online.
The study found a need for better coordination among agency officials in setting policies on the types of personal information that can be stored on smart cards. A report on the study also states that consistent, governmentwide policies are needed for who can enter and update personal information on the cards and how that should be done. The lack of consistent policies poses a barrier to interoperability.
The Defense Department, currently the largest federal user of smart cards, needs more consistent public-key infrastructure (PKI) policies so that users do not have to present unique PKI credentials at each of the facilities to which they need to gain access, the report states. DOD has issued 4 million smart cards so far.
Officials at the State Department, another potentially large user of smart card technology, also need to settle on a single technical standard that they can use for the agency's various government travel documents. Department officials currently favor so-called contactless smart card technology as the standard that can best accommodate State's needs, the study found. Contactless smart cards function at different ranges and frequencies and require no direct contact with readers.
The report concludes with recommendations that smart card policy or technical standards be developed for:
Biometrics, card-to-reader authentication, physical access and PKI interoperability.
Best practices and reference models.
Government Smart Card Interoperability Specification options.
Cross-agency credentialing.
Migrating to newer technologies such as contactless cards.
Integrating applications on a card.
NEXT STORY: Texas center encrypts with NeoScale