Feds dread ID deadline

"FIPS Publication 201 (draft): Personal Identity Verification for Federal Employees and Contractors"

Federal agency officials say they will be hard pressed to meet deadlines for issuing interoperable identification cards to comply with Homeland Security Presidential Directive (HSPD) 12.

Speaking today in Bethesda, Md., at a breakfast meeting sponsored by AFCEA International, officials at the National Institute of Standards and Technology said they face substantial requests for revisions to the draft standard they issued Nov. 8 as a first step in complying with the presidential order.

HSPD 12 calls for all federal employees and contractors to use a standard smart card to verify their identity for secure access to federal buildings and information systems. The directive set October 2005 as the deadline for complying with the order.

The draft standard, known as Federal Information Processing Standard (FIPS) 201, has elicited many requests for revisions by agency officials and contractors who say its interoperability specifications may be too costly for some federal agencies and vendors to meet by the deadlines set in the directive.

To ease the burden on agency officials and contractors, NIST officials have worked out an agreement with Office and Management and Budget Officials to make October 2005 the deadline for agencies to partially meet the standard by aligning their identity proofing processes with those in the new standard. Agency officials must submit their plans to OMB by June 27, Judith Spencer, chairwoman of the General Services Administration's Federal Identity Credentialing Committee, said at the meeting.

Agency officials will have some additional time to procure and issue interoperable smart cards to their employees and selected contractors. OMB officials plan to issue further implementation guidelines immediately after the Commerce Secretary signs the FIPS 201 document, officials said. The directive requires that the document be signed by Feb. 23, 2005.

Defense Department officials, who have issued more than 6 million personal identity verification cards to DOD employees and contractors, have the most to lose from new specifications that veer too far from those they adopted for their Common Access Card.

DOD officials also are well-acquainted with the problems that arise in issuing smart cards that are legibly printed and that employees will use, said Mike Butler, director of DOD's Access Card Office . He said DOD officials are seeking a new source of printers to correct printer problems that have caused about 10 percent of CAC cards to be unusable at the time they were issued.

Agency officials involved in smart card projects also reported unexpected problems in working with building security officers on issuing personal identity cards that can be used both for access to federal buildings and to federal computer systems.

"We're learning about physical security things we didn't know about," Spencer said.