OMB to pick smart card biometric standard
The standard will help carry out the Bush administration's directive for computer-readable identity credentials that can be used governmentwide.
Office of Management and Budget officials will choose a biometric standard for government identity credentials, soon ending the suspense that has kept vendors from making smart cards to comply with a new federal standard, OMB officials said today.
Establishing a standard for biometrics on smart card credentials is one of the largest unresolved issues in implementing Homeland Security Presidential Directive (HSPD) 12, said Jeanette Thornton, a senior policy analyst at OMB. HSPD 12 is a program to create and issue standard computer-readable identity credentials that can be used governmentwide.
Thornton spoke at an identity management conference sponsored by the Information Technology Association of America in Arlington, Va.
OMB officials will decide among three standards, Thornton said. The first is an image of the card holder’s fingerprints. The second is a “minutiae,” or sampling, of information contained in the fingerprint image. The third is a hybrid of the two.
HSPD 12 will change how employees and contractors enter federal buildings and log on to federal computers. Based on computer-readable smart cards and a governmentwide public-key infrastructure, the directive is the guiding force behind Federal Information Processing Standard (FIPS) 201, which specifies standards for federal identity credentials.
The General Services Administration has delayed issuing requests for proposals to give companies time to create card products that can be certified as interoperable, Thornton said.
OMB officials expect the first FIPS 201 certifications will be issued in January 2006. Requests for proposals will follow soon after, said Karen Evans, OMB’s administrator for e-government and IT.
A related interoperability issue centers on the use of standards for managing passwords and digital certificates. Eleven products are now approved as compatible with the Security Assertion Markup Language 1.0 standard, adopted by the federal government, and several more are in the pipeline, Evans said.
NEXT STORY: Microsoft, Motorola team on public safety system