Final deadline moves federal government to common process for identity management and authentication.
The Office of Management and Budget expects agencies by Oct. 27 to have issued personal identity verification cards to all federal employees and to contractors who have access to their facilities under the Homeland Security Presidential Directive 12.
The cards will assure the owner’s identity for entrance to the agency building. In the future, agencies plan to use the cards for computer or logical access.
Agencies have told OMB that they anticipate providing HSPD-12 cards to 4.6 million federal employees and 1.3 million contractors.
“We’re doing a lot of outreach with the agencies now to track what’s happening,” said Karen Evans, OMB administrator for e-government and information technology, at an identity management conference Oct. 7 sponsored by the Information Technology Association of America.
The ability to assure authentication with a common standard will increase trust and confidence in the process and between agencies, she said.
The expectation is that as of Nov. 1, any new agency employee will receive an HSPD-12 card and not the previous card that was used to gain physical access to the building, she said.
The next step will be to have the CIO Council’s new Security and Identity Management Committee consider the interoperability of physical access and reading the biometric information off of the card, Evans said. The goal is to determine how to make the HSPD-12 card that one agency issues interoperable so that it can be used for authentication when federal employees visit other agencies, she said.
“We have to be able to trust each other; we have to be able to trust in that business process and we have to be able to accept that certificate when they come from another agency,” she said, “We’ve taken the first step in building that model of trust.”
The key is that all agencies conduct the business process and vetting for authentication the same way. Additionally, OPM has published policies and procedures for the adjudication of any anomalies to make sure that agencies are consistent in how they handle them.
She anticipates that the next administration will build on the existing framework, policies and infrastructure promoted by this administration. The basic services on authentication, identity management and security and privacy are critical to both parties, she said.
“What our office has done is Government 1.0. Now it can be turned over to the next administration with the opportunity to develop Government 2.0 services,” Evans said.