HSPD-12 card may promote information sharing

Once agencies meet the deadline later this month to issue personal identity verification cards to all federal employees, agencies could start to find other uses for the smart card, said Dave Wennergren, deputy chief information officer at the Defense Department and vice chairman of the federal CIO Council.

The smart card provides for a common process to assure identity authentication under Homeland Security Presidential Directive 12. Agencies are supposed to have distributed the cards by Oct. 27 to federal employees and contractors with access to agency facilities, according to directions from the Office of Management and Budget.

The governmentwide card is a first step toward promoting trust and information sharing among agencies, Wennergren said. The next step is finding more ways to use the HSPD-12 card.

“One of the ways you can use it is about trust across organizations. I think it’s more about policy and process than having to change the nature of the card,” Wennergren said Oct. 8 at an identity management conference sponsored by the Information Technology Association of America.

Agencies can let employees use the smart card for physical access when they move between agencies. Among its goals, HSPD-12 aims to raise the bar on physical and eventually logical security across the government. Individually that happens because people move away from flash passes to use of public-key infrastructure credentials in their agencies, but it has to happen across agencies, too.

“That’s something we need to make a priority this year,” he said. Agencies are only now distributing the cards in large enough quantities that interoperability could happen, he said.

The CIO Council’s recently created Security and Identity Management Committee will determine what it will take for agencies to accept and trust a card issued by another agency when their employees come to their facility to visit and conduct business, he said.

The power of the card is that it has the information embedded in the technology on it that, once agencies install card readers, tells the facility guard that it is not a fraudulent card and that the person is a member of that community, he said.

DOD also is considering how it can advance the information-sharing component of physical access security to make it a service based on the data used for identity management, Wennergren said. He cited the example of DOD’s Maritime Domain Awareness program, a multiagency effort which describes the data it receives, makes the data discoverable and shares it within its community.

DOD recently established the Enterprise Guidance Board under the CIO Executive Board to determine the services that need to be deployed enterprisewide, make sure that the potential services have a business case and are funded and put in place, Wennergren said.

“We’ve already done collaboration, content staging and content discovery," he said. "The one we’re putting a lot of energy into this month is putting an identity service together."

The Air Force is leading the team that is developing the architecture for it, and which the Enterprise Guidance Board expects at its meeting later this month, he said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.