Government releases guidelines for governmentwide smart cards

Government releases guidelines for governmentwide smart cards

The Federal Identity and Credentialing Committee has released guidelines for developing interoperable federal identification systems based on smart cards.

The government has adopted a policy for establishing a common Federal ID Card, which could be used for both physical and logical access control. Individual agencies would issue and manage the cards, but the cards would interoperable across agencies.

'The FIC is to be used as the identity and basic authentication credential ' within the issuing agency,' the guidelines note. 'It will be the basis of identity and basic authentication when visiting other domains within the federal government enterprise.'

The committee is promoting smart cards as the platform of choice for Federal ID Cards as agencies replace existing badge and ID systems.

The Office of Management Budget chartered the committee, which is a consolidation of two other groups: the Federal PKI Steering Committee and the Smart Card Interoperability Advisory Board. Members include federal smart-card managers, PKI managers, human resources managers, physical security managers and officials from the National Institute of Standards and Technology.

Each agency relying on the common card would be responsible for verifying cards issued by other agencies and would establish its own physical and logical access policies.

The guidelines lay out minimum requirements for smart-card credentials:

  • Standard electrically readable format for data

  • Tamper and counterfeit resistance

  • Support for three means of authentication, such as passwords, credentials and biometrics

  • Automated use monitoring for audit trails

  • Digital certificates on each card for identification, encryption and digital signatures

  • Ability to be updated after issuance

  • Certification of applications carried on the cards.

The committee encouraged agencies to design smart-card systems that can support biometrics and comply with standards from the major federal and international standards bodies.

The guidelines also suggest that agencies plan for a functional card life of six years.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected