Feds face new HSPD-12 hurdles

Challenges include upgrading building access controls and issuing cards to contractors

Federation for Identity and Cross-Credentialing Systems

Most federal agencies have set up procedures for issuing secure identity credentials to the more than 1.8 million federal employees, the first big hurdle in the mandatory smart-card program known as Homeland Security Presidential Directive 12.

Now Bush administration officials have turned their attention to ensuring that physical access-control systems at federal facilities meet HSPD-12 standards and that contractors can access the buildings without too much hassle. Estimates of the number of federal contractors who work in federal facilities range from 4 million to 10 million.

The Physical Security Working Group has begun developing guidelines that will help agencies upgrade the systems that control entry into federal facilities. A government official who asked not to be named said most agencies will require three to five years to upgrade their access-control systems.

“Agencies need to perform an analysis to determine whether they need to upgrade card readers and other back-end systems such as controllers,” the official said. “Some agencies may want to implement more than one reader to use legacy credentials and systems while they are migrating.”

Meanwhile, another group — the Federal Identity Credentialing Committee (FICC) — is focused on the procedures for issuing HSPD-12 cards to contractors. The committee will recommend ways to ensure that contractors don’t have to wait for new cards or pay for new credentials each time they take on a project at a new agency.

FICC’s objective is to “ensure contractors don’t walk around with a necklace of HSPD-12 cards,” said Judy Spencer, the committee’s chairwoman. In the next few months, an FICC subcommittee will submit its recommendations to the HSPD-12 Executive Steering Committee on how to handle the reciprocity of contractor credentials.

In the next year, Spencer said, FICC will also draft documents and recommendations for the steering committee on other challenges, including defining what trust means for the HSPD-12 program, ensuring interoperability and compatibility with state and local government and nongovernmental entities that adopt the HSPD-12 card standard, and defining rules for agencies to follow when they exchange employee information.

Credentialing contractors add a challenging layer of complexity, which is one of the reasons the committee made it a priority, Spencer said. 

“Contractors are a bit nomadic, moving from project to project and company to company,” she said. “When a badge is revoked or destroyed, we don’t want the contractor to go through the same process to get a new badge again. We still are early in the analysis, but we hope to find ways to be more efficient and save money.”

The Agriculture Department is already working on that challenge, said Chris Niedermayer, USDA’s associate chief information officer. “We will record as a part of their contract the names of contractors into our human resources system,” Niedermayer said at a recent HSPD-12 event in Washington. “We will collect only enough information to ensure they pass a background check.”

USDA’s system could eventually connect to a larger federated, governmentwide system for validating contractors, he added. 
DOD has a fix on the card challengeAgencies must find ways for federal contractors to change projects without having to get a new identity credential from each agency in which they work. It’s one of the challenges for agencies under the secure credentialing program mandated by Homeland Security Presidential Directive 12 but one that the Defense Department may have already solved.

Industry and DOD launched the Federation for Identity and Cross-Credentialing Systems (FiXs) in 2004 and conducted several successful test programs with companies, including Northrop Grumman, SRA International and EDS.

FiXs verifies and authenticates the identity of contractors seeking to enter U.S. military installations, government-controlled areas and commercial sites linked to DOD networks, said Bob Martin, FiXs secretary.

“If industry follows certain standards and protocols, they can pass credentials across the DOD network,” Martin said, and the way it works is simple. “The sponsoring company captures and holds the employees’ data, and the DOD router at a facility validates the information against that database when an employee tries to enter.”
— Jason Miller

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group