Skip Links

Federal agencies scramble to meet security deadline

By , Network World
September 15, 2006 05:26 PM ET

Network World - Two years ago President George Bush ordered the federal government to be ready by this Oct. 27 to issue a standards-based identity card that federal employees and government contractors would use for computer and building access.

The intention of the order, known as the Homeland Security Presidential Directive 12 (HSPD-12), was to usher in a new generation of encryption-based smart cards with biometrics and photos to be used government-wide for physical and logical access. The Personal Identity Verification (PIV) program, as it's come to be called, has federal agencies scrambling to issue PIV identity cards by the deadline, but it is unclear if they will be able to meet that goal.

For one, the $104 million HSPD-12 services contract, awarded last month by the General Services Administration (GSA) to systems integrator BearingPoint to provide PIV enrollment services and identity cards, is up in the air. Competitors Lockheed Martin, Xtec and Electronic Data Systems filed legal protests two weeks ago. When a contract is protested - a common occurrence in the world of government - the work usually stops. But not this time.

To meet the Oct. 27 deadline, the GSA - designated by the White House Office of Management & Budget (OMB) last year as the executive agent for government-wide acquisitions of HSPD-12-related IT- is plowing on.

The GSA says BearingPoint has been instructed to go ahead as planned and open PIV enrollment centers in Washington, D.C., New York, Atlanta and Seattle.

"The whole intent is to improve the security of the U.S.," says Michel Kareis, PIV program manager at the GSA. "The GSA is setting these centers up as a shared services solution so agencies don't have to set them up on their own."

Kareis says she expects about 400,000 government employees to get their PIV cards from these services by appearing in person with proof of identity, and have their photo and fingerprints taken.

The GSA, which hopes to see the government resolve the protests against BearingPoint by the end of the month, intends to add 100 service centers in the United States, probably at government-owned facilities that it runs.

Under the OMB guidelines, federal agencies have to acquire the PIV products and services from GSA-approved lists, and high-tech contractors have been lining up seeking approval.

That process requires vendors to have products tested in government labs to see if they meet technical requirements, says Scott Price, group senior vice president in General Dynamics' IT group. General Dynamics was approved in July as an HSPD-12 system provider.

Defining the PIV technology has been no small matter. Two years is scant time to establish government standards and conformance testing of products, including smart cards, readers, biometrics, middleware and public-key encryption.

But the National Institute of Standards and Technology (NIST) has issued the necessary standard, known as the Federal Information Processing Standard 201, and lined up about a dozen labs to test FIPS 201 conformance for vendor PIV products.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News