GAO assesses FIPS 201 challenges
- By Florence Olsen
- Mar 03, 2006
"Agencies Face Challenges in Implementing New Federal Employee Identification Standard"
Congressional auditors expressed concern in a report released today that agencies will fail to meet an Oct. 27 deadline for issuing interoperable smart card identity credentials to federal employees and contractors.
The report also questions whether the federal government can accomplish the major objective of the secure identity credentialing program, which is governmentwide interoperability.
Among the significant challenges is the need for testing and buying smart cards and card readers that meet the technical standard for the new identity cards, Federal Information Processing Standard (FIPS) 201. Agencies also must solve interoperability problems that will arise because of different specifications for implementing the FIPS 201 standard, according to the auditors’ report.
Agencies face further difficulties in resolving differences among various vendors’ implementation of the biometric standard that is part of FIPS 201, the report states.
The auditors faulted the Office of Management and Budget for providing incomplete guidance on how FIPS 201 applies to securing government facilities, employees and contractors and information systems. On that point, OMB officials disagreed with the Government Accountability Office.
“Our guidance provides the appropriate balance between the need to aggressively implement the president’s deadlines while ensuring agencies have the flexibility to implement [Homeland Security Presidential Directive 12] based on the level of risk their facilities and information systems present,” wrote Karen Evans, OMB administrator for e-government and information technology, in a letter to GAO.
GAO’s final concern was that agencies would struggle with budget uncertainties and unknown costs, increasing the likelihood that agencies would miss the Oct. 27 deadline and fail to achieve the desired results of FIPS 201.
GAO recommended that the OMB director monitor agencies' progress in implementing FIPS 201 by establishing agency reporting procedures. Evans said OMB would monitor the program using its existing management and budget tools.