News & Resources

Federal government agencies scramble to meet identification compliance deadline

Apr 03, 2011 Brian Bradley

Employees of the federal government and those who have government contracts must soon begin using Personal Identity Cards as the result of a process that started some seven years ago. According to a directive from the Office of Management and Budget, all public agencies must come up with a plan to implement the PIV credentials by March 31, 2011 as part of Homeland Security Presidential Directive 12. Many with knowledge of how government requirements work said that agencies had a long time to plan and that they had no excuse to be taken off guard. "It's not really new," said Judith Spencer, a former co-chair of the Federal CIO Council's Identity Credential and Access Management Subcommittee, in an interview with Federal Computer Week,. "OMB has been telling agencies they need to use these cards. All the memo says is, 'do it'" ... The technology is absolutely at a place where we can do this. This is not rocket science." According to the source, the difficulty for some government institutions has arisen because identity verification was previously performed by a set of separate parts of agencies. The man heading up the program for NASA is Tim Baldrige, the space agency's identity, credential and access management architect. "We've made a lot of progress," Baldridge told the source. "Today we have a consistently deployed card that is interoperable across all enterprises." At NASA, "we have a very mature access control methodology around IT systems, and we are using that same methodology on physical access." He said that NASA started working on creating smart card identification programs in 2002 and merged two independent programs after Homeland Security Presidential Directive 12 was laid out. A provision of Homeland Security Presidential Directive 12 states that "secure and reliable forms of identification" must be given to all employees based on "sound criteria." The IDs must be secure against potential fraud and counterfeiting, be authenticated electronically and must be issued by accredited firms.