DOD smart-card lesson: Issuing 'em is easy part
- By William Jackson
- Mar 09, 2004
With more than 4 million cards distributed to DOD employees and contractors, the Defense Department's Common Access Card program has become the benchmark for federal smart-card efforts. But to the thinking of senior Defense officials, the department still is finding its way in new territory.
The department has mastered the issuing process, but it continues to struggle with creating applications for using the new technology for physical and systems access, said Kenneth C. Scheflen, director of the Defense Manpower Center Scheflen.
"The infrastructure side is still lagging," he said today at a government smart-card project managers meeting in Arlington, Va. "We will get there, but there is a lot of work yet to do."
DOD has issued cards to about 83 percent of the active-duty military personnel, civilian employees and contractors who will be getting the cards. The department is issuing cards at the rate of more than 10,000 a day at 900 sites in 25 countries.
"I think it is lot easier to issue cards than it is to put in a large infrastructure," Scheflen said.
The next step in building out that infrastructure is to close the gap on the last 17 percent of the cards that must be issued.
Beyond that step, the department has many other items on its smart-card agenda:The department has begun issuing a second generation of cards as the first series of cards expire and holders leave their jobs. For a few high-volume recruiting centers with severe time constraints, DOD is considering whether to alter its policy of issuing cards locally and instead issue them for new recruits from a central office. A handful of remote sites with very small volumes also probably would be handled by the central location, Scheflen said.The program needs to improve user support, such as adding a capability for easily resetting personal identification numbers and providing a series of applets to the basic card.The department also is looking to the credit card industry as its model for electronic verification of large volumes of transactions.Because it was the first sweeping smart-card implementation, CAC stands too much by itself, Scheflen said. "We need to move to interoperability," he said. That will probably involve adding biometric data to the cards that will enable strong multifactor authentication, for instance, he added.Applications to use the cards for physical access control to DOD facilities also must be developed. Scheflen said the department needs to move away from its current use of visual verification of ID cards.
William Jackson is a Maryland-based freelance writer.