DOD to pilot facility access card

The Defense Department is close to launching a pilot program that would arm DOD employees and contractors with a single access card for entering any DOD facility.

The pilot program is part of the department's Defense Cross-credentialing Identification System, which will consist of a collection of shared government and contractor databases of personnel information. The shared information will make it easier for the department to manage who has access to their facilities.

The pilot program is set to begin in August and will be what several in DOD hope the start of a governmentwide trend.

"Basically, a person can visit any camp, post or station in the world and will be authenticated across DOD," said Rob Brandewie, deputy director of the Defense Manpower Data Center, which manages DOD's identity databases. "They can be accredited for a certain number of days or allowed access to certain areas based on the knowledge of who they are."

The problem today, Brandewie said, speaking at the E-Gov 2003 conference, is that 10 million to 11 million people work for DOD, and most agencies, departments and services within the department have their own personnel databases, their own access policies and issue their own credentials.

That becomes wasteful, redundant and insecure, he said. People often have to carry several identification cards with them, depending on which facility they are visiting on a given day, which could easily lead to cards being lost.

Mary Dixon, program manager for DOD's access card office, said her hope is to eventually have a governmentwide system in place. But she recognizes that overcoming the culture of agencies protecting their own data will be a monumental hurdle.

"We want to say to Interior or State, 'Send us all of your personnel data and we'll store it in our system, and we'll do the same with ours,' " Dixon said. "We must find a way to trust each other's credentials, or at least find out if we should trust each other's credentials."

Dixon said different government agencies will have to adopt methods of common security procedures, such as identity management, for tracking changes to users' access rights, and the enrollment process.

The pilot program at the end of the summer will test the system by creating cross-credentialing between DOD and select industry companies. Defense employees participating in the pilot project will continue to use their Common Access Cards, which are becoming the standard DOD identification, and contractors will continue to use their company-issued ID cards, but with some modifications — for example, biometrics and "pointers" to relevant data will be added.