OMB sets ID schedule

SAN FRANCISCO -- Office of Management and Budget officials have laid out a timetable for federal agencies to comply with an executive order to issue federal employees and contractors identity cards that conform to a new governmentwide standard.

The Commerce Department secretary will sign the standard, Federal Information Processing Standard (FIPS) 201, no later than Feb. 27, officials from the National Institute of Standards and Technology said Feb. 15 at the RSA Conference here.

After the signing, most federal agencies, including many Defense Department agencies, will have much to do to in a short time to meet the requirements of the personal identity mandate known as Homeland Security Presidential Directive (HSPD) 12.

By June 25, federal officials must tell Office of Management and Budget officials how they plan to comply with the directive's requirements, said Judith Spencer, chairwoman of the Federal Public Key Infrastructure Steering Committee, a federal policy group interested in PKI standards.

The next HSPD 12 implementation deadline for agencies is Oct. 27. By then, agencies must have FIPS 201-compatible procedures in place for verifying employees' identities and for issuing smart cards that meet most of the FIPS 201 requirements.

Agency officials then will have until Oct. 26, 2006, to make whatever changes are needed to comply with the standard's interoperability specifications, which are its more difficult aspects, Spencer said.

To help agencies meet the cost of compliance, she said, General Services Administration officials are developing a governmentwide procurement so that agencies can take advantage of volume discounts to acquire the needed hardware, software and services for meeting HSDP 12.

In addition, national and international smart card standards are being revised to make them compatible with FIPS 201, said Teresa Schwarzhoff, smart card program manager at NIST. Many hours of volunteer work have gone into those revisions, Schwarzhoff said, adding that "the technical editors are doing this on their own nickel."

Jim Dray, a senior computer scientist at NIST, said the most difficult thing about FIPS 201 for many agencies will be the realization that they can't continue doing business as usual and still be compatible with the new standard.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected