PIV card use about to be mandated

White House official says enforcement is coming soon

The White House will soon mandate the use of Personal Identify Verification cards, according to audience members who heard White House Cybersecurity Coordinator Howard Schmidt speak at an event closed to reporters.

According to attendees, Schmidt said White House guidance is coming very soon, with an enforcement order and funding "to make sure we do it."

Related coverage:

VA two years behind schedule on issuing secure ID cards

Goals for top-notch identity systems

Schmidt was speaking at a Titans of Technology breakfast presented by the Northern Virginia Technology Council.

Enhancing Homeland Security Presidential Directive 12, which requires the cards, has been a challenge, Schmidt said, according to attendees. The cards -- PIV in civilian agencies, Common Access Cards in the Defense Department -- are intended to control access to government facilities and information systems. However, HSPD-12 required agencies to issue the cards, but includes no mandate to actually use them.

DOD is using the CAC,Schmidt reportedly said, but the intent is to control access governmentwide, and the cards are for contractors too. Schmidt told the audience that getting agencies to use the PIV cards is a priority project. 

President George W. Bush enacted HSPD-12 in 2004.

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Dec 30, 2010

Since CAC was already up and running, and paid for, why did the civilian agencies pay millions and take years to reinvent the wheel? Just stand up another copy of the CAC system. PIV/CAC/TWC/trusted traveler et al, should have all be common-serviced from the get-go.

Tue, Dec 21, 2010 mike moxcey Fort Collins, CO

No one talks about the cost. I figure the cost of the whole system with background checks and computers and the folks who issue them only from secure centers, is about $1000/card. If someone has real data, please let the rest of us know. No one talks about the cost when I ask but they want to issue them to 4 million employees and contractors which works out to a kewl $4 BILLION. And of course, managing all your security from one place is not the most secure posture to take. More money down the 'security' drain.

Thu, Dec 16, 2010 USDA employee

Yesterday, I drove 3 hours each way to "enroll" to get my HSPD12 card. I already had a background investigation and fingerprints on file. In 2 weeks, the card will be mailed back to that office, and I will have to spend another 6 hours on the road to "activate" it. In the military, a CAC card could be issued at each major base in a matter of 15 minutes. If Federal Agencies continue to be this inefficient with their employees time, the PIV program won't do much good because people won't voluntarily go get them (most at my office haven't). There are many solutions, one of which is to have a mobile enrollment/activation station that travels around the state once a quarter until 90% of the employees are complete.

Thu, Dec 16, 2010

Six years later it is decided to force the use of the cards. Wonder if that is because a certain foreign power has already managed to penetrate the CAC system and suck data out of government computers?

One benefit of the CAC though, I do not have to remember 15+ different name/password combinations (all different formats to help confuse things) like I did in the 80's early 90's, I just have to enter my CAC pin three or four times to access data I need (or in the case of training, it was two times, not counting unlocking the PC). The downside is, if you forget/lose the CAC, many people are essentially worthless for the day in today's inter/intranet centric work environment, even our technicians repairing equipment have to CAC in to do any work.

Although I still have to have the CAC or my retired ID to get on base, a line badge to get inside the compound, a building badge to access the building, and then the CAC again to get into the computer and I am glad I do not work in the spook rooms, that is still another badge. And they all use some form of RF ID or electrical contact. Too bad they can not combine them all into one card. (yeah, poor English structure in that paragraph)

Thu, Dec 16, 2010 DC Fed

Great idea.... if the damned things worked. My agency has been using them for about 14 months just for building access and the readers fail frequently, the cards fail without warning and the turn around time for a replacement card from GSA is 3 weeks. At least when we had locally administered "castle" cards we could get a replacement the same day. They are also expensive which makes it a cost and administration headache to issue them to contractors who may be on short duration assignments (3-6 mo)since they cant be re-used/rte-issued.-

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group