DOD tests contractors’ ID cards

The Army is testing a program that allows contractors to use an identification card approved by the Defense Department to gain access to the service’s facilities and computers.

The Army’s Materiel Command is running the Synchronized Pre-deployment and Operational Tracker program, known as SPOT, as a pilot project at Fort Belvoir, Va., in coordination with the nonprofit Federation for Identity and Cross-Credentialing Systems group — or FIXs — a vendor certified by that group, and others.

“The ultimate goal is to give us visibility to the contractors in the battlefield,” said Col. Archie Davis, a spokesman at the Army command. “This goes a long way to solving that problem.”

The project, which has been planned for several years, is one of the first in which DOD is participating in a federated identity management system with a private entity to verify identities for nongovernment personnel. The contractor ID cards are modeled after the federal employee identity cards developed under Homeland Security Presidential Directive 12.

Federated identity systems enable portability of identity information across domains. Participants trust one another to properly verify identities and maintain various standards. In the Army pilot project, the trust is based on a 2006 memorandum of understanding between DOD and FIXs.

The memorandum is rare because it allows a private entity to issue credentials for accessing federal facilities, said Raj Nanavati, partner at the International Biometric Group consulting firm in New York.

But the Army’s motive is to create a scalable Web-based system to improve efficiency and save money in managing access for large numbers of contractors, who are difficult to track because they frequently change jobs and roles.

If successful, the pilot project could spawn other credentialing projects at DOD and other federal, state and local government agencies, Nanavati said.

Eventually, the SPOT program would be expanded to Afghanistan, Iraq and other military locations, Davis said. Initially, it is providing FIXs-certified credentials to about 3,000 contractors, according to the Army.

Lingering questions
Even if the pilot program succeeds, the prospects of its expansion remain murky because of lingering policy issues. Michael Mestrovich, president of FIXs, said one key unanswered question is whether DOD will accept a Level 3 card for which a FIXs-certified vendor performs the commercial background check. Level 3 is a lower level of access. For high-level credentials, the government performs the background check.

“We are plowing new ground,” Mestrovich said. “For Level 3 credentials, the question is, ‘Can I trust your background check?’ I believe the government agencies are beginning to look at these federated solutions and whether they can accept them.”

Other experts agree this is a key policy issue. “That is an important issue —whether the Army will accept a Level 3 credential” awarded by a private operation, said Bob Blakley, vice president of Burton Group’s Identity and Privacy Strategies Service.

It also remains unclear whether the DOD/FIXs federated trust model can be converged with other federal credentialing programs, such as those sponsored by the General Services Administration, the E-Authentication program and the Federal Bridge Certification Authority.

“Eventually, there will need to be convergence,” Mestrovich said. “We had hoped that the government would be further along in accepting the federated trust model.”

Under the SPOT program, contractors may obtain a FIXs-certified credential from vendors that have been certified by the federation as having met all the requirements to operate one or more applications in federated identity management. That includes features such as biometric enrollment, card production, and data storage and security.

FIXs, through a 2006 agreement with the Defense Manpower Data Center, is the conduit to the Pentagon’s credentialing networks.  When a contractor presents a FIXs-certified credential to a card reader at a gate, the information is processed through the federation’s computer network.

The FIXs identity credentialing network, founded in 2004, developed an identity trust model that is similar to the one that financial institutions use for automated teller machines. It is the only network certified to interoperate with the Defense Cross-Credentialing Identification System infrastructure, DOD’s credentialing network.

The goal of FIXs is to improve efficiency in access control, said Kent Schneider, president of AFCEA International and a board member of FIXs. As a retired military officer, he has had many personal experiences with access control at the Pentagon headquarters in Arlington, Va., and other facilities.
Since the 2001 terrorist attacks, outside contractors coming to work at many DOD installations are required to have escorts, which can be a laborious process, he said.

“The Common Access Card is for government people and full-time contractors,” Schneider said. “The question is, what about the hundreds of thousands of people who are defense contractors? [FIXs] is a way to extend identification into the contractor community.”

The federated identity model is “just beginning to get traction,” Schneider added. Although FIXs is the first group to take part in such an effort, he said he believes others are likely to be formed
In February 2008, FIXs certified its first vendor, WidePoint of Fairfax, Va., which is currently the only vendor authorized to issue FIXs-certified credentials. WidePoint is participating in the SPOT project through its subsidiary Operational Research Consultants.

The FIXs network is processing several hundred SPOT credentials per month and hopes to work to several thousand monthly by January, Mestrovich said. He said two other vendors have applied to become certified as distributors of the credential.

The SPOT pilot project has been achieving its goals, Davis said.

“It is working well so far,” he said. “It is streamlining access to the installation and facilitating what contractors can do online.” 

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group