Auditors urge more testing for RFID travel documents

GAO recommends State Department step up its security assessments for development of furture passport cards

The State Department should more stringently test or evaluate the security features of U.S. passport cards and border crossing cards (BCC) that use vicinity radio-frequency technology when those travel identification documents are updated, according to government auditors.

The designs for U.S. passport cards and second-generation BCCs generally meet or exceed standards for international travel documents, but the process through which State develops those cards could be improved to better assess security, according to the Government Accountability Office.

When redesigning the passport card State didn’t heed a previous recommendation to assess security features, GAO said in a report released July 1. State didn’t fully assess or test the security features incorporated on the passport card or the second generation BCC, GAO concluded.

State began issuing passport cards in July 2008 as a lower-cost alternative for U.S. citizens who are required to have travel documents under the Western Hemisphere Travel Initiative. The department then began issuing second-generation BCCs in October 2008 based on the same architecture as the passport cards. BCC’s are issued to citizens and residents of Mexico.


Related story

Rule will make passport cards scannable from several feet away


“More fully conducting testing of the passport card and the BCC and addressing identified problems would provide State with a fuller understanding of the overall security and performance of the cards and greater assurance that its cards have been produced with adequate security,” the auditors concluded.

For future redesigns or updates, GAO recommended that State improve its process for developing the cards fully:

  • Deal with any problems encountered during testing and include documentation of reasons for not dealing with any of them.
  • Test the security features on the cards as they will be issued, including any changes made to the cards’ construction, security features or appearance.

In response, State agreed with the recommendations and detailed actions already underway to deal with them. GAO noted that State has taken actions to conduct security assessments in future redesigns.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.