EDITOR'S DESK: Hard target
The new year has barely begun and already agencies are feeling the pressure to meet the October deadline to roll out a new uniform identification system for federal employees and contractors.
As this issue's report on the progress of Homeland Security Presidential Directive 12 suggests, much remains to be done.
While NIST established personal-identity verification standards nearly a year ago, the first products designed to meet those standards aren't expected to be available before May.
That leaves little time to find and fix the inevitable operating snags that arise with a security system of this scale. PIV system operators will need to deal with a wide range of contingencies that go beyond obtaining and storing biometric and personal data correctly and securely. They must also deal with employees and contractors whose jobs and responsibilities change all the time'and the need to alter access to different federal facilities and information systems quickly and securely.
The rush to implement a new system on this scale carries huge risks that costly errors will be made in what some see as a shotgun marriage between physical and electronic security staffs.
GSA's Mary Mitchell, deputy associate administrator, Office of Technology Strategy, acknowledges October's deadline is 'challenging' if not 'extreme,' but insists HSPD-12 remains on track. Milestones so far have been achieved on time. NIST's early involvement significantly reduces the need for agencies to test components. The Smart Access ID Card governmentwide acquisition contract has vendors up to speed to implement many HSPD-12 requirements. And new federal acquisition rules (issued January 3) will now require contractors working on federal networks or in federal facilities to meet the same identification standards as federal employees.
The October deadline, moreover, is a starting point; it's when agencies need to begin issuing cards to employees and contractors.
Nonetheless, OMB has set a hard'and potentially unrealistic'target if effective security is its real objective.
Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.