OMB sets ID schedule
- By Florence Olsen
- Feb 15, 2005
SAN FRANCISCO -- Office of Management and Budget officials have laid out a timetable for federal agencies to comply with an executive order to issue federal employees and contractors identity cards that conform to a new governmentwide standard.
The Commerce Department secretary will sign the standard, Federal Information Processing Standard (FIPS) 201, no later than Feb. 27, officials from the National Institute of Standards and Technology said Feb. 15 at the RSA Conference here.
After the signing, most federal agencies, including many Defense Department agencies, will have much to do to in a short time to meet the requirements of the personal identity mandate known as Homeland Security Presidential Directive (HSPD) 12.
By June 25, federal officials must tell Office of Management and Budget officials how they plan to comply with the directive's requirements, said Judith Spencer, chairwoman of the Federal Public Key Infrastructure Steering Committee, a federal policy group interested in PKI standards.
The next HSPD 12 implementation deadline for agencies is Oct. 27. By then, agencies must have FIPS 201-compatible procedures in place for verifying employees' identities and for issuing smart cards that meet most of the FIPS 201 requirements.
Agency officials then will have until Oct. 26, 2006, to make whatever changes are needed to comply with the standard's interoperability specifications, which are its more difficult aspects, Spencer said.
To help agencies meet the cost of compliance, she said, General Services Administration officials are developing a governmentwide procurement so that agencies can take advantage of volume discounts to acquire the needed hardware, software and services for meeting HSDP 12.
In addition, national and international smart card standards are being revised to make them compatible with FIPS 201, said Teresa Schwarzhoff, smart card program manager at NIST. Many hours of volunteer work have gone into those revisions, Schwarzhoff said, adding that "the technical editors are doing this on their own nickel."
Jim Dray, a senior computer scientist at NIST, said the most difficult thing about FIPS 201 for many agencies will be the realization that they can't continue doing business as usual and still be compatible with the new standard.