Contractors prep interoperable identity management systems

Defense contractors are preparing to deploy more secure identity management systems that are interoperable — or at least compatible — with one another and other systems that federal agencies use.

The contractors are adopting standards for federal personal identity verification and participating in federated trust networks, in which various groups share identity information, said Roger Roehr, chairman of the Smart Card Alliance’s Physical Access Council and government vertical marketing manager at Tyco Fire and Security. Network participants agree to verify identities based on various standards.

Roehr said contractors are wise to collaborate on identity management standards when seeking Defense Department work. “They need to work with the Defense Department but also with each other,” he said.

Although smart card technology is ready and federated networks and bridges have been created, not all the policies are in place yet, Roehr added. GSA created the Federal Bridge Certification Authority, for example.

DOD said this summer that it would begin accepting identity assurance from external authorities, such as CertiPath. However, the department has not finalized the policies that are necessary to make it happen. “The whole idea of trust and cross-certification is still relatively new to the federal government,” Roehr said.

Executives from Lockheed Martin, Northrop Grumman and Science Applications International Corp. offered details on their identity systems at the Smart Card Alliance Conference in late October.

For example, Northrop Grumman is preparing to issue its new OneBadge identification cards to thousands of employees. The OneBadge card design and policies meet federal and DOD standards, said Keith Ward, director of enterprise security and identity management at Northrop Grumman.

The company expects to be one of the first federal contractors to use a centralized public-key infrastructure as part of its identity management program, Ward said. The company participates in CertiPath, an entity created by several defense contracting firms that is part of the federal government’s trust network through a bridge relationship with the Federal Bridge Certification Authority.

Federal contractors are being encouraged to secure their global supply chains, a process that typically includes instituting strong identity management systems and policies, said John Slye, a principal analyst at Input, a research firm in Reston, Va. “We see a lot of talk about trusted supply chains,” Slye said. “It is the next wave.”

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.