Smart cards: A step ahead, or a step backward?

OMB's E-Authentication page

A set of new policies, standards and acquisitions designed to get interoperable smart cards into the pockets of federal employees and contractors could have just the opposite effect, according to some industry insiders.

Daniel Turissini, president of Operational Research Consultants Inc. of Chesapeake, Va., is among those who are taking issue with the new public-key infrastructure (PKI) encryption and smart card proposals before the CIO Council. In an interview, Turissini said the success of the Defense Department's Common Access Card program, which has fielded 4 million cards, is proof that the ingredients of a

solid program are already at hand.

Last September, Turissini told a House Government Reform Committee subcommittee, "Instead of continually reinventing the mousetrap, we need to use the mousetrap we have and continually enhance that trap to remain one step ahead of the mice." He said last week he stands by that


A governmentwide program is ready to go but needs funding and a mandate to proceed, he said. "We can get 80 [percent] to 90 percent of the requirements done this year," Turissini said. Implementation of existing smart card and PKI technology would do much to protect the government's networks and sensitive information, he added.

An executive of another company, who declined to be named because his company sells smart cards to the government, questioned why the government is trying to line up two dozen new service providers that will issue PKI identity certificates and smart cards to agencies.

Two General Services Administration contracts, Access Certificate for E-Services and the Smart Access Common ID contract, provide similar services already, the executive said. Business has picked up recently on the Smart Access contract, he added.

GSA officials, however, were not available to comment on why the agency plans to create another contract vehicle as a new category of the GSA schedules. The GSA official who leads the interagency Federal Identity and Credentialing Committee was traveling out of the country and could not be reached for comment, an agency spokeswoman said.

This month the committee approved draft policies containing requirements for agencies that want to use PKI-enabled smart cards. The policies go to the CIO Council for review and, if approved there, could be adopted as policy by the Office of Management and Budget.

Ensuring agencies' ID cards are interoperable is a major goal of the draft policies, which fall under OMB's E-Authentication initiative, one of the Bush administration's e-government projects. According to the E-Authentication Web site, "Not undertaking a consolidated authentication approach would cost an additional $200 million in development costs, $26 million in acquisition costs and would delay implementation of the e-government initiatives to 2005 and beyond."

The draft policy does not include deadlines for agency action, but it states that "agencies should begin planning for migrating their current access control systems, both physical and logical, in order to conform to this policy."

Karen Evans, OMB's administrator of e-government and information technology, described the new policies approved by the committee as "a first step toward simplifying the system development time and costs for those agencies who have made the business case to implement smart cards for their employees and contractors."

Randy Vanderhoof, executive director of the Smart Card Alliance Inc., a consortium of card suppliers and users, said "the government is going about this the right way" by working simultaneously on the technical, policy and acquisition issues.

Eventually, smart cards will not only allow employees to access federal facilities but also provide a more reliable form of ID than the passwords currently used for logging on to federal systems and networks.

PKI-enabled smart cards can provide assurance that individuals are who they claim to be, whether online or at an entry gate.

Meanwhile, GSA issued an official solicitation for bids to supply smart card services that comply with the federal standards and certificate policy. That solicitation is expected to result in a list of qualified bidders by the end of June. The next step will be a set of GSA schedule contracts, according to the announcement.

Agencies are increasingly turning

to smart cards to serve as employee IDs. One of the most recent to do so is NASA, which is beginning to deploy a new One NASA card to 90,000 employees and contractors at 15 space centers and other

facilities. A pilot program will be conducted at the Marshall Space Flight Center

in Alabama before the cards are issued agencywide.

"When I got here almost three years ago, the ID pass had not been changed in almost eight years," said David Saleeba, assistant administrator for security management and safeguards at NASA, adding that the industry standard for smart card changeovers is five years. n

Ferris is a freelance writer in Chevy Chase, Md. She can be reached at


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.