Agencies focus on HSPD-12 challenges ahead
- By Rutrell Yasin
- Nov 17, 2006
Federal agencies that met the deadline to begin issuing computer-readable identity cards must now look ahead to integrating identity management into cross-agency information sharing, officials said earlier this week.
Homeland Security Presidential Directive 12 (HSPD-12) required agencies, at a minimum, to issue a standards-compliant personal identity verification (PIV) card to one agency employee by Oct. 27. Agencies must issue the cards to all their employees and many contractors by Oct. 27, 2008. Employees and contractors will eventually use the cards to securely access federal buildings and information systems.
Agencies “can breathe a collective sigh of relief that [the first stage] of issuing HSPD-12 [cards] across the government has been met,” said David Temoshok, director of identity policy and management in the General Services Administration’s Office of Governmentwide Policy. He spoke at FCW Events’ Security conference this week.
However, as agencies move forward they must handle issues of card and certificate management, information systems interoperability and HSPD-12 program costs, said Temoshok and officials from the Defense and Agriculture departments during a session on agencies' HSPD-12 experiences and expectations.
Federal agencies using dozens of different card issuance systems will enroll millions of employees and contractors nationwide, Temoshok said. They will need a standard way of exchanging information about those cardholders, he said.
Agencies also will need standards for auditing their card issuing procedures, said Chris Niedermayer, Agriculture's associate chief information officer and co-chairman of the HSPD-12 Executive Steering Committee. And, not least, they must find ways to reduce costs associated with HSPD-12 programs, he said.
DOD, which has issued about 3.4 million Common Access Cards (CACs) to employees and service members, is aware of the cultural change agencies will undergo as they move to PIV cards, said Mary Dixon, director of DOD’s Defense Manpower Data Center.
DOD officials didn’t want to sacrifice work they had done on CACs to meet HSPD-12 requirements, she said. “But we [were able to] maintain the integrity of what we’ve done over the last six years,” she added. DOD is working to enhance CACs with new cryptographic functions.