HSPD-12 group said to be close on fingerprint exchange standard

A working group deciding on a standard way for agencies to submit requests for fingerprint checks and how they will receive the information back it has made significant progress in figuring out the new business processes, according to one official involved. Mike Butler, director of the Defense Department’s Access Card Office, said today the Homeland Security Presidential Directive-12 Executive Steering Committee should decide on the standard method in the next two months. DOD is a part of a working group that also includes the Office of Management and Budget, the FBI, the Office of Personnel Management and the National Institute of Standards and Technology. Butler said the business processes must become the standard for agencies in time for the General Services Administration’s Managed Service Office contractor to begin working with 42 customer agencies to issue cards. GSA is expected to make the award to a new contractor by May. Another HSPD-12 shared service provider, the Interior Department, also will benefit from this standard because it also has more than 20 customer agencies, Butler said. “We came up with a way that, I think, is simple and can be done to say, ‘This is how fingerprints will travel among agencies,' " Butler said during an HSPD-12 event held in  Arlington, Va., and sponsored by ActivIdentity. “There are two big codes that need to be agreed upon: one to request the clearance and the other to tell who the results should be sent to.” Butler said the Managed Service Office may submit the request on behalf of the customer agency, but GSA doesn’t necessarily want the results because the information is important only for the customer agency to decide the employee or contractor’s access. Getting to a standard method to exchange fingerprints has been difficult for agencies, Butler said. “There was no diagram or process flow for how this worked,” he said. “We put a team together to develop the as is and to figure out in the short term how to standardize it.” Butler also said DOD will issue a report in the next week or so on its physical security interoperability pilot conducted last year. The test used Common Access Cards, which are HSPD-12 compliant, in 10 separate buildings that had 10 different physical access control system card readers. “We started with 15 buildings, but could only find 10 that were able to participate,” Butler said. “We had one building’s system that will never be able to accept the CAC card. We will have to pull all the wires out.” As DOD has been issuing CACs compliant with HSPD-12, Butler said, one of the biggest challenges has been the middleware that helps the card communicate with the back-end database. He said DOD found 400,000 readers that didn’t work because they couldn’t process the data on the card. “The card was so much faster than what the readers were set for,” he said. “We went to vendors and said they have to fix it. In 10 days, we were installing new drivers to the readers.”