More smart card standards, please

NIST report on smart-card standards

Although many smart card standards exist, more are needed to make the best use of the cards, according to a government report issued this week.

A National Institute of Standards and Technology study found a need for additional technical and policy standards as agency officials discover more uses for smart cards spanning organizations. Smart cards are increasingly being used both for controlling physical access to government facilities and authenticating federal users' identities online.

The study found a need for better coordination among agency officials in setting policies on the types of personal information that can be stored on smart cards. A report on the study also states that consistent, governmentwide policies are needed for who can enter and update personal information on the cards and how that should be done. The lack of consistent policies poses a barrier to interoperability.

The Defense Department, currently the largest federal user of smart cards, needs more consistent public-key infrastructure (PKI) policies so that users do not have to present unique PKI credentials at each of the facilities to which they need to gain access, the report states. DOD has issued 4 million smart cards so far.

Officials at the State Department, another potentially large user of smart card technology, also need to settle on a single technical standard that they can use for the agency's various government travel documents. Department officials currently favor so-called contactless smart card technology as the standard that can best accommodate State's needs, the study found. Contactless smart cards function at different ranges and frequencies and require no direct contact with readers.

The report concludes with recommendations that smart card policy or technical standards be developed for:

Biometrics, card-to-reader authentication, physical access and PKI interoperability.

Best practices and reference models.

Government Smart Card Interoperability Specification options.

Cross-agency credentialing.

Migrating to newer technologies such as contactless cards.

Integrating applications on a card.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.