Agencies face a tight timetable on new federal ID standard

SAN FRANCISCO'The Federal Information Processing Standard for personal identity verification, expected to be signed Feb. 25, represents two years of work crammed into six months.

Then the hard part starts. Agencies must be in initial compliance with the new standard by October.

The process is likely to be difficult, said Jim Dray, of the National Institute of Standards and Technology's Computer Security Division. "I don't think its going to be possible for most agencies to continue doing business as usual and comply," Dray said.

A panel of NIST officials gave a briefing on the new standard, FIPS-201, before a full house Tuesday at the RSA Security Conference, outlining the work that has been done in developing the standard, and what remains to implement it.

"There is nothing like a presidential directive to pack a room," Dray quipped.

FIPS-201 is the product of Homeland Security Presidential Directive 12, issued in August and mandating that a common, interoperable, electronically verifiable identity card be developed for federal employees and contractors.

The new card will be used for both physical and IT system access, and a handful of technologies have been specified. It will be a smart card with a programmable chip, with both contact and contactless (wireless) interfaces. It will use cryptographic tools for higher levels of security and will contain biometric data to verify identity. Because biometric standards now exist only for fingerprints, FIPS-201 will call for fingerprints, although additional forms of biometrics could be added later.

The card also will contain a digital photo of the holder, as well as a printed photo that will appear on the card. The cards can also include a magnetic stripe or a bar code.

Agencies will have four months from issuance of the new standard to submit a program to the Office of Management and Budget for compliance. Within another four months, agencies must be in initial compliance.

"It's a daunting task," said Judith Spencer, chairwoman of the Federal ID Credentialing Committee.


About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • smart city (metamorworks/Shutterstock.com)

    Citizen engagement and public service in the era of the IoT

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group