Broader implementation of HSPD-12 could boost PKI use

The Defense Department has issued more than 4 million Common Access Cards, but most Pentagon employees use the smart cards minimally.

With all the legacy systems DOD uses, integrating digital certificate software is costly and difficult, said Carl Vercio, director of DOD’s Identity Protection and Management Program for Washington Headquarters Services.

“Ninety percent of employees use their CAC to sign and encrypt e-mails or to get on the network,” Vercio said yesterday at the Identity Management Conference in Arlington, Va., sponsored by the Information Technology Association of America. “We are not taking advantage of the technology available to us today. We focus too much on people outside DOD.”

And DOD is not alone in the underutilization of smart-card and public-key infrastructure technology. Most agencies find that smart cards end up being used as flash badges to gain entrance to buildings instead of being used for true physical and logical access. And PKI technologies, which agencies and vendors have been excited about for more than five years, have little penetration across agencies.

“Authentication and identity management are the least-deployed technology to protect systems, networks and infrastructure,” said William Crowell, a security consultant and member of the Markle Foundation Task Force on National Security. “In 2003, PKI became a four-letter word. It is still the least-deployed and most-technical concept of all the technologies out there, including encryption.”

But Vercio and others see the government’s implementation of Homeland Security Presidential Directive 12 as a key to more agencies using digital certificates.

“We are retrofitting and adapting applications to meet the Personal Identity Verification standard [under Federal Information Processing Standard 201],” Vercio said. “We hope industry figures out ways to make the CAC useful.”

Margie Cashwell, director of worldwide systems engineering for RSA Security Inc. of Bedford, Mass., said HSPD-12 will bring PKI and the federal bridge to life. “Agencies can use HSPD-12 to further single-sign-on capabilities across the enterprise or for Web applications or for federated systems,” she said.

David Temoshok, the General Services Administration’s director of identity policy and management, said HSPD-12 also is an important piece of the e-government puzzle.

He said the standard smart card will establish strong identification services for government employees to gain access to systems and services, and that will help promote e-government. “We have to have stronger authentication to support online services,” he said. “We are building a system that will help citizens gain experience using the services and see that the services are reliable.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected