Electronic Government: Progress in Promoting Adoption of Smart Card Technology

On July 3, 2003, OMB issued a memorandum to major departments and agencies to coordinate and consolidate investments related to authentication and identity management, including the implementation of smart card technology. The memorandum calls for improvements in security protections for physical and electronic resources and common authentication and identity management processes across government, beginning by December 2003. Agencies were also directed to consult with the Federal Identity and Credentialing Committee (FICC) and E-Authentication Gateway before acquiring authentication technologies, including smart cards. As a result of the action taken by OMB, the Government Smart Card Interagency Advisory Board, the former Federal PKI Steering Committee, and Interagency Security Committee are for the first time coordinating efforts through the FICC to improve and provide consistent physical and computer security and guidance across government.

As recommended, NIST has continued to improve and update the government smart card interoperability specification by addressing additional technologies, such as contactless cards and biometrics, in version 2.1, published on July 18, 2003. In addition, NIST has taken steps to integrate smart card technology and public key infrastructure through its involvement in the newly established Federal Identity and Credentialing Committee and by assisting in the development of an interagency framework. By taking these steps, NIST has better ensured that smart card technology will interoperate among federal agencies and across government.

In August 2005 the President issued Homeland Security Presidential Directive 12 (HSPD-12), which outlined a government-wide strategy for implementing smart card-based federal identity cards across the federal government. On June 27, 2005, GSA submitted to OMB its implementation plan that outlines specific goals and milestones in support of this strategy.

In February 2004 GSA issued the "Government Smart Card Handbook" to share lessons learned and provide guidance to better address security priorities, including minimum security standards for federal facilities, computer systems, and data across the government. The handbook, which updated the "Smart Card Policy and Administrative Guidance" published in October 2000, also provides guidance on security strategies to federal agencies contemplating the development and deployment of smart card systems with other technologies such as PKI and biometrics. In addition, the handbook sets the NIST Smart Card Interoperability Specification as the minimum security standard for smart card systems interoperability. Furthermore, in March 2004 the Federal Identity Credentialing Committee issued guidance to federal agencies on the use of smart card based technology in badge, identification, and credentialing systems.

The recommendation for improving the effectiveness of smart card technology by establishing guidelines for federal building security was transferred to the Department of Homeland Security (DHS) because the Federal Protective Service had been moved to DHS when the department was created. In February 2005 the National Institute of Standards and Technology published the mandatory, governmentwide standard for secure and reliable forms of identification for federal government employees and contractors that access government-controlled facilities and information systems, titled the Federal Information Processing Standards (FIPS) Publication 201. In addition, the Government Smart Card Interagency Advisory Board's Physical Security Interagency Interoperability Working Group, which includes representatives from the Department of Homeland Security, developed the publication "Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems (PACS)". This document provides guidance on physical access and is referenced and supported by FIPS 201. As a result, DHS has helped to enhance the security of federal buildings and agency officials' abilities to implement smart card systems in a consistent and effective manner.

In August 2005 the President issued Homeland Security Presidential Directive 12 (HSPD-12), which outlined a strategy for implementing smart federal identity cards across the federal government. Within GSA's role, as defined by HSPD-12 and OMB, GSA has among other things (1) published the Federal Identity Management Handbook, which is an implementation guide to agency officials as they pursue compliance with HSPD-12 and the Federal Information Processing Standards (FIPS) Publication 201, (2) issued acquisition guidance to federal agencies, and (3) developed testing for smart card products to ensure they are interoperable with each other. As a result of GSA's efforts, important information regarding planning for, acquiring, and implementing smart cards is available to federal agencies to enable them to make educated and cost-effective decisions when implementing smart card systems.