Vendors bank on HSPD-12 mandate

Secure federal identity credentials bring new opportunities and risks

Federal Identity Management Handbook

Smart card manufacturers and information security companies say they hope to see their businesses grow in 2006 as federal agencies prepare to issue secure identity credentials to employees and contractors.

The deadline is approaching fast. By Oct. 27, 2006, agencies must begin using new identification badges that are resistant to fraud, tampering, counterfeiting and terrorist exploitation.

The new requirement derives from an executive policy known as Homeland Security Presidential Directive (HSPD) 12, which President Bush signed in August 2004. "It is a sea change in public policy that is having a huge effect on technology," said Daniel Burton, vice president of government affairs at Entrust.

The governmentwide mandate and deadline have sped advances in the smart card and biometric industries and created new business opportunities for information security companies, Burton said. Entrust is one of a growing number of vendors that say they will focus on HSPD-12 in 2006.

Others include SafeNet and ActivIdentity. Each major division in SafeNet, which sells network security products, has an executive-sponsored working group committed to HSPD-12.

"It's front of mind right now in terms of how we engage with the government," said Andy Solterbeck, SafeNet's vice president of products and marketing.

HSPD-12 standards are a welcome example of the U.S. government offering technical leadership to the rest of the world, Solterbeck said. "The applicability of these standards is broader than the North American government or we wouldn't be making these investments," he added.

Complying with HSPD-12 is the No. 1 engineering concern at ActivIdentity, said Craig Reichenbach, vice president of the company's government division, which recently changed its name from ActivCard.

Other big-name companies, including Adobe Systems, Hewlett-Packard and RSA Security, have announced plans to pursue HSPD-12 contracts.

The General Services Administration will set the terms by which companies will compete to provide HSPD-12 products and services. As the executive agent for HSPD-12 acquisition activities, GSA is authorized to develop lists of approved products, which will be based on compliance and interoperability tests.

Some companies that plan to offer products and services that comply with HSPD-12 say the October 2006 deadline has forced them to focus simultaneously on sales and certification issues. "Sales and [product] development are hand in hand here," Burton said.

Before smart card manufacturer Axalto can compete, the company must submit its cards for independent testing against two federal information processing standards: the FIPS 140-2 cryptographic standard and the FIPS 201 personal identity verification standard.

Axalto will base its sales strategy on its track record of supplying smart cards for the Defense Department's successful Common Access Card program, said Neville Pattinson, Axalto's director of technology and government affairs. Under HSPD-12, Axalto will offer smart cards, middleware and applets.

ActivIdentity will submit middleware and applets for certification when GSA-approved labs begin independent testing in the next month or two, Reichenbach said. "It's been more of an educational process than a sales process," he added.

That educational process has included meetings with Karen Evans, administrator of e-government and IT at the Office of Management and Budget, to discuss whether federal agencies have sufficient money in their budgets to pay for complying with HSPD-12. "She believes the budgets are out there in most of the agencies," Reichenbach said. But he and other company officials say they are concerned that agencies will lack adequate funding and they are developing their business strategies with that in mind.

Adobe, ActivIdentity, Entrust and SafeNet say they have agreed on a strategy to pre-integrate their products as a way of lowering agencies' costs. Pre-integration will also help agencies meet deadlines, said Jacques Francoeur, an e-business assurance official at Adobe.

Process automation will play a big part in what Francoeur said must be a low-cost, reliable infrastructure for managing the life cycle of HSPD-12 cards, from their issuance to their revocation or renewal. "There must be checks and approvals and verifications of authenticity along every step of the way," he said.

With HSPD-12, the federal government has created a new marketplace with high barriers to entry, Solterbeck said. "The hurdles you have to jump to be a viable player are significant," he added.

GSA sets guidelines for HSPD-12 buys

General Services Administration officials have announced that they will conduct aggregated buys of products that comply with Homeland Security Presidential Directive (HSPD) 12 to get the best possible prices. Federal agencies will be required to buy such products and services through blanket purchase agreements (BPAs) awarded to businesses that hold GSA Schedule 70 information technology contracts.

HSPD-12 mandates that agencies provide employees and contractors with secure identity badges by October 2006. GSA has created a special item number -- SIN 132-60 -- for HSPD-12 authentication services. Schedule 70 holders can apply for BPAs after their products or services are certified as meeting the technical and interoperability requirements of HSPD-12.

In its implementation guidelines to agencies, GSA said it would like to standardize the infrastructure components that agencies will need for issuing and managing the new identity cards. Several agencies have formed an HSPD-12 working group with the aim of reducing the overall cost of issuing digital credentials and sharing the cost of operating an interagency identity management system.

-- Florence Olsen

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group