Panel mulls shared services for HSPD-12 credentials

Interagency committee looking at meeting geographic challenges

The goal is to avoid 10 separate registration sites. There is a good business argument for doing that.'

' Chris Niedermayer, USDA

Henrik G. de Gyor

About 80 percent of federal employees work at 120 locations outside the Washington metro area. And they all will need interoperable credentials under Homeland Security Presidential Directive-12.

The Office of Management and Budget has said agencies must determine the risks for each of their offices in deciding how quickly they implement the mandate. But the larger issue is how to mitigate the costs and time it will take to set up the registration processes and printing of the cards for all the employees.

The goal is to get all employees and contractors across the country outfitted with interoperable cards by 2009, officials said.

'How can we be organized based on the need at geographical locations?' asked David Temoshok, the General Services Administration's director of policy and identity management during a panel discussion of HSPD-12 at the Interagency Resources Management Conference last week in Williamsburg, Va. 'It makes sense to start with card production and card issuance and manage it through a lead agency.'

OMB has asked the HSPD-12 Executive Steering Committee to devise a plan for agencies to share the cost of registering employees and printing the cards.

One alternative is using the concept of shared-services providers, under which some agencies would set up geographically dispersed registration stations where all employees, regardless of agency, could register and have ID cards printed.

The shared-services concept would be an alternative to agencies setting up their own stations in every office or every city, said Chris Niedermayer, associate CIO for the Agriculture Department.

'The goal is to avoid 10 separate registration sites,' he said. 'There is a good business argument for doing that, and to leverage investments that are already in place.'

The steering committee surveyed agencies to find out which technology they had and whether it met Federal Information Processing Standard 201-1. Now the committee, in the next few weeks, will ask agencies with at least some systems that come close to meeting the FIPS-201-1 requirements if they want to become shared-services providers, Niedermayer said.

'We will know what we can leverage and how we will have to fill in the gap,' he said. 'We may fill the gap with industry's help.'

The shared-services plan is one of three goals of the committee, which is led by OMB and the departments of Agriculture, Commerce, Defense, Homeland Security and Veterans Affairs, and the General Services Administration, said Carol Bales, a senior policy analyst at OMB.

Bales said that, besides the plan, the committee will:
  • Determine a governmentwide implementation approach for issuing HSPD-12 credentials at the lowest possible cost by Oct. 27

  • Establish a mechanism for small agencies to buy services

  • Ensure governmentwide interoperability.

While registration and card issuance would be common for every agency, logical and physical security are agency-specific, Niedermayer added. That is why the committee is pushing the shared-services concept forward'to let agencies worry about their local security.

'Shared services will provide agencies with a variety of options to meet the requirements,' Bales said. 'Agencies will want to go into shared services because of the dramatic cost savings.'

Bales said the details of how the shared-services providers will work still have to be developed, but should be ready by June.

OMB also will issue a survey in the next week or so, asking agencies for their registration and identification card requirements, Bales said.

'We are asking them what their requirements are and whether they could be a provider, or whether they might want managed services,' Bales said. 'We also want to know how many people are in their offices and whether they are in a multitenant building.'

Temoshok said GSA has modified its plan to release a blanket purchase agreement and will open the Federal Acquisition Service's IT schedule to approved HSPD-12 products and services.

GSA will issue a notice on FedBizOpps.gov that it is opening up the IT schedule to vendors.

'We intend to bundle products and managed services,' Temoshok said. 'This is a departure to how we usually manage the schedule.'

GSA also will spur interagency activities by aggregating the orders for the smart cards, he said.

Once systems integrators have been deemed qualified, and once agencies begin submitting orders for products and services'both slated to begin this summer'GSA will attempt to aggregate the orders to obtain economies of scale, Temoshok said. The aggregation of orders is likely to occur even without major changes in IT system architectures, he said.

Washington Technology staff writer Alice Lipowicz contributed to this story.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above