PRINCETON JUNCTION, NJ, October 28 / MARKET WIRE/ --
October 27th was deadline day for
the four-year-old HSPD-12 initiative. Attendees at the Smart Card Alliance
Smart Cards in Government Conference got a firsthand report Friday on the
governmentwide credentialing program's impressive results from a key figure
in the program -- Karen Evans, administrator of e-government and IT for the
Office of Management and Budget.
In what she termed a "successful partnership between government and
industry," Evans summarized the achievements of the last four years.
Standards were created and implemented; identity vetting and issuance
processes are in place; 34 system integrators and 370 products were
qualified; every agency has plans in place to implement both physical and
logical access control using the Personal Identity Verification (PIV)
cards; and as of September 1st more than 1.2 million credentials had been
issued to federal government employees who were fully vetted by the new
process, according to Evans. One particularly telling anecdote is that the
new PIV card and surrounding infrastructure enabled the President to
electronically authorize and submit the official U.S. budget to the
Government Printing Office (GPO) and Capitol Hill earlier this year, a
first for the United States or for any country, she said. Up-to-date
results on how close the government came to its goal of credentialing
approximately two million federal employees will be announced this week.
State and local governments are now starting to plan and test how to issue
and use PIV interoperable cards, and enterprises are also moving to adopt
PIV interoperable or compliant cards. Since only the federal government
can issue PIV cards, distinctions are evolving for PIV interoperable and
PIV compatible cards, based mostly on whether the PKI certificate comes
from a Certificate Authority (CA) approved through the federal bridge. PIV
compatible cards issued by commercial enterprises would, like PIV cards,
meet the FIPS 201 technical specifications but have digital certificates
that are not cross-linked and therefore not interoperable with the federal
government.
Robert Bunty, an IT policy consultant for the Commonwealth of Pennsylvania,
reported the state has largely completed putting an infrastructure in place
to issue and use PIV interoperable credentials for network security as part
of its Identity Protection Access Management vision. The next challenge
is to get leadership buy-in and support to generate "the big MO" needed to
issue and use the credentials statewide, Bunty said.
In addition to strong authentication for network security, many states in the National Capital
Region see the FEMA-led initiative to create an interoperable First
Responder Authentication Credential (FRAC) as the main motivation to start
issuing PIV interoperable credentials. Mike McAllister of the Governor's
Office of Commonwealth Preparedness announced that Virginia would be
starting its phase two program to issue an additional 2,000 FRAC
credentials in December 2008 for emergency responders in Alexandria and
Arlington County. Virginia was the first state to issue FRACs and has
already issued 2,200, according to McAllister.
Several of the presenters at the Alliance conference applauded the efforts
of FEMA's Craig Wilson, coordinator for National Preparedness, for his
leadership in programs to create a trusted, interoperable identity
credential that can be used by federal, state and local authorities. To
make sure every emergency response official (ERO) is ready to use a FRAC in
a disaster, Wilson and his team have organized 13 demonstrations to test
various emergency scenarios, including last week's Autumn Rush in
Gettysburg, Pennsylvania. The FRAC builds on the PIV standards and smart
cards, but Wilson reminded attendees this is not about technology. It is
about capability -- enabling law enforcement officials to make an informed
decision about whom they can trust and what they can do at a time of
crisis. "We don't want chaos on top of chaos," Wilson said.
Enterprises are also moving into PIV cards for physical and logical access
control. Northrop Grumman expects to fully badge 85 percent of its
employees in 2009 with a PIV interoperable card called One Badge, and has
already upgraded thousands of physical access control readers to work with
the cards, according to Keith Ward of its System Integration and Automation
division.
Chris Williams of SAIC says about one-third of the company's 44,000
employees have smart cards they use for logical access control. One
interesting aspect is that all of them requested it, primarily as a
replacement for one-time password (OTP) tokens. SAIC employees use the
cards for strong authentication to desktops and networks, digital signature
and encryption. Smart cards give employees more functionality at a lower
cost than OTP tokens, Williams said.
The Smart Card Alliance Identity Council recently published a white paper,
Using FIPS 201 and the PIV Card for the Corporate Enterprise,
available for free at the Identity Council page on the Smart Card Alliance
Web site at
www.smartcardalliance.org
, along with many other new
whitepapers. Newly covered subjects include interoperable air transport identity credentials, what makes a smart card secure and emergency response official credentials
(FRAC).
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association
working to stimulate the understanding, adoption, use and widespread
application of smart card technology. Through specific projects such as
education programs, market research, advocacy, industry relations and open
forums, the Alliance keeps its members connected to industry leaders and
innovative thought. Alliance Councils work on specific areas of interest
to member organizations; participation is open to any member who wishes to
contribute to Council projects. The Alliance is the single industry voice
for smart cards, leading industry discussion on the impact and value of
smart cards in the U.S. and Latin America. For more information please
visit
http://www.smartcardalliance.org
.
Contact:
Deb Montner
Montner & Associates
203-226-9290
dmontner@montner.com
