GAO assesses FIPS 201 challenges

"Agencies Face Challenges in Implementing New Federal Employee Identification Standard"

Related Links

Congressional auditors expressed concern in a report released today that agencies will fail to meet an Oct. 27 deadline for issuing interoperable smart card identity credentials to federal employees and contractors.

The report also questions whether the federal government can accomplish the major objective of the secure identity credentialing program, which is governmentwide interoperability.

Among the significant challenges is the need for testing and buying smart cards and card readers that meet the technical standard for the new identity cards, Federal Information Processing Standard (FIPS) 201. Agencies also must solve interoperability problems that will arise because of different specifications for implementing the FIPS 201 standard, according to the auditors’ report.

Agencies face further difficulties in resolving differences among various vendors’ implementation of the biometric standard that is part of FIPS 201, the report states.

The auditors faulted the Office of Management and Budget for providing incomplete guidance on how FIPS 201 applies to securing government facilities, employees and contractors and information systems. On that point, OMB officials disagreed with the Government Accountability Office.

“Our guidance provides the appropriate balance between the need to aggressively implement the president’s deadlines while ensuring agencies have the flexibility to implement [Homeland Security Presidential Directive 12] based on the level of risk their facilities and information systems present,” wrote Karen Evans, OMB administrator for e-government and information technology, in a letter to GAO.

GAO’s final concern was that agencies would struggle with budget uncertainties and unknown costs, increasing the likelihood that agencies would miss the Oct. 27 deadline and fail to achieve the desired results of FIPS 201.

GAO recommended that the OMB director monitor agencies' progress in implementing FIPS 201 by establishing agency reporting procedures. Evans said OMB would monitor the program using its existing management and budget tools.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.