GAO flags smart card challenges

Progress in Promoting Adoption of Smart Card Technology

Although 18 agencies have launched projects using smart cards to identify people or control access to buildings and systems, the technology remains difficult to implement and is gaining traction slowly, according to a General Accounting Office report.

The credit card-size smart cards use computer chips to store and process data, enabling them to interact with computers.

Prepared for Rep. Tom Davis (R-Va.) chairman of the Government Reform Committee, the report said that the 18 agencies have initiated 62 smart card projects among them. Most of them were small-scale demonstrations until the past two years. Since then, some agencies — notably the Defense Department — have launched much larger implementations.

"While the technology offers benefits, launching smart card projects — whether large or small — has proved challenging to federal agencies," the report states.

The major challenges include:

* Sustaining executive level commitment. DOD's Common Access Card project has succeeded because the department has a mandate to implement it, the report said. Other agencies have encountered executive-level resistance and cost concerns that lead to programs being delayed or canceled.

* Recognizing resource requirements. Some projects have faltered because agencies didn't grasp the costs involved, which can include information technology infrastructure upgrades to install card readers, for example, the report said.

* Integrating physical and logical security practices across organizations. Because smart cards can address physical and data security needs of an organization, people involved in each area need to cooperate more extensively than they may be used to, the report said.

* Achieving interoperability among smart card systems. The report recommends developing standards to make sure that smart cards, card readers and related technologies deployed by each agency are compatible with one another.

* Maintaining the security of smart card systems and privacy of personal information. The report notes that smart card systems are not invulnerable, and their security must be addressed when agencies plan smart card projects.

The General Services Administration is responsible for promoting smart card use and guiding agencies, the report notes, adding that GSA's effectiveness has been "mixed." GAO found that GSA has not established standards in the use of smart cards as a component of federal building security processes.

GAO also noted that the Office of Management and Budget, which along with the National Institute of Standards and Technology should be guiding agencies in smart card use, has not issued any policies specifically related to smart card use since designating GSA to take the lead in promoting the technology in 1996.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.