OMB proposes ID timetable

Draft guidance on Homeland Security Presidential Directive 12

Office of Management and Budget officials have proposed guidelines and deadlines for federal agencies to issue employee identification cards that meet new federal standards for security and interoperability.

Government and industry officials will have about 30 days to comment on and suggest revisions to the proposed guidelines after they appear in the Federal Register this week.

The deadline that security officials say could be the most difficult to meet is Oct. 27, 2006, when agency officials would have to begin issuing new ID cards to employees and contractors who require long-term access to federal facilities and information systems.

Under the proposed rules, federal agencies would have until Oct. 27 this year to establish registration processes that conform to Homeland Security Presidential Directive 12 and Federal Information Processing Standard (FIPS) 201, which is based on that directive. By then, they would also have to add language to any contracts for which the new card technology could apply.

The more difficult deadline would not come until 2006, when agencies would be expected to begin using identity credentials that meet the FIPS 201 standard for interoperability. The card standard requires a digital certificate for access control.

Agency officials will be permitted to satisfy the new requirement only with card products and services approved by officials at the General Services Administration and Commerce Department, according to the proposed OMB guidelines.

The guidelines also require federal agency officials to prepare a privacy impact assessment of their FIPS 201 credentialing program and assign responsibility to someone for handling the data privacy concerns associated with the program.