Government releases guidelines for governmentwide smart cards

Government releases guidelines for governmentwide smart cards

The Federal Identity and Credentialing Committee has released guidelines for developing interoperable federal identification systems based on smart cards.

The government has adopted a policy for establishing a common Federal ID Card, which could be used for both physical and logical access control. Individual agencies would issue and manage the cards, but the cards would interoperable across agencies.

'The FIC is to be used as the identity and basic authentication credential ' within the issuing agency,' the guidelines note. 'It will be the basis of identity and basic authentication when visiting other domains within the federal government enterprise.'

The committee is promoting smart cards as the platform of choice for Federal ID Cards as agencies replace existing badge and ID systems.

The Office of Management Budget chartered the committee, which is a consolidation of two other groups: the Federal PKI Steering Committee and the Smart Card Interoperability Advisory Board. Members include federal smart-card managers, PKI managers, human resources managers, physical security managers and officials from the National Institute of Standards and Technology.

Each agency relying on the common card would be responsible for verifying cards issued by other agencies and would establish its own physical and logical access policies.

The guidelines lay out minimum requirements for smart-card credentials:

  • Standard electrically readable format for data


  • Tamper and counterfeit resistance


  • Support for three means of authentication, such as passwords, credentials and biometrics


  • Automated use monitoring for audit trails


  • Digital certificates on each card for identification, encryption and digital signatures


  • Ability to be updated after issuance


  • Certification of applications carried on the cards.


The committee encouraged agencies to design smart-card systems that can support biometrics and comply with standards from the major federal and international standards bodies.

The guidelines also suggest that agencies plan for a functional card life of six years.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected