Contractors prep interoperable identity management systems

Defense contractors are preparing to deploy more secure identity management systems that are interoperable — or at least compatible — with one another and other systems that federal agencies use.

The contractors are adopting standards for federal personal identity verification and participating in federated trust networks, in which various groups share identity information, said Roger Roehr, chairman of the Smart Card Alliance’s Physical Access Council and government vertical marketing manager at Tyco Fire and Security. Network participants agree to verify identities based on various standards.

Roehr said contractors are wise to collaborate on identity management standards when seeking Defense Department work. “They need to work with the Defense Department but also with each other,” he said.

Although smart card technology is ready and federated networks and bridges have been created, not all the policies are in place yet, Roehr added. GSA created the Federal Bridge Certification Authority, for example.

DOD said this summer that it would begin accepting identity assurance from external authorities, such as CertiPath. However, the department has not finalized the policies that are necessary to make it happen. “The whole idea of trust and cross-certification is still relatively new to the federal government,” Roehr said.

Executives from Lockheed Martin, Northrop Grumman and Science Applications International Corp. offered details on their identity systems at the Smart Card Alliance Conference in late October.

For example, Northrop Grumman is preparing to issue its new OneBadge identification cards to thousands of employees. The OneBadge card design and policies meet federal and DOD standards, said Keith Ward, director of enterprise security and identity management at Northrop Grumman.

The company expects to be one of the first federal contractors to use a centralized public-key infrastructure as part of its identity management program, Ward said. The company participates in CertiPath, an entity created by several defense contracting firms that is part of the federal government’s trust network through a bridge relationship with the Federal Bridge Certification Authority.

Federal contractors are being encouraged to secure their global supply chains, a process that typically includes instituting strong identity management systems and policies, said John Slye, a principal analyst at Input, a research firm in Reston, Va. “We see a lot of talk about trusted supply chains,” Slye said. “It is the next wave.”