OMB issues draft federal ID card guidance

OMB issues draft federal ID card guidance

The Office of Management and Budget wants to establish an 18-month timeline for agencies to implement an interoperable employee identification card.

In the draft guidance that will be published this week in the Federal Register, OMB officials set an Oct. 27, 2006, deadline for agencies to comply with the National Institute of Standards and Technology's Federal Information Processing Standard 201. NIST released the standard in February [See GCN story].

Agency and industry comments are due 30 days after the proposed rule is published in the Federal Register.

NIST developed FIPS 201 with two sections, and it is the second one that will give agencies a lot of problems, experts said.

By Oct. 27, 2006, agencies will have to implement interoperable ID credentials, require the use of credentials for all new employees and contractors, phase in the issuance of cards for current employees and contractors, authenticate cards and activate at least one digital certificate for access control of networks and systems.

Agencies have about another year'by Sept. 30, 2007'to set up the policies and procedures to begin identity proofing of all current employees and contractors, the draft notice said.

In the standard, NIST set an Oct. 27 deadline for agencies to comply with Part 1, where agencies must adopt common ID and security requirements for the applications, an accredited registration process for new and existing identity credentials, add language requiring the new standards to vendor contracts and complete the privacy requirements.

In the meantime, NIST must finish technical specifications on biometrics and physical specifications for the standard by April 29. Then it must release a reference implementation strategy for agencies by June 25 and conformance testing information by Aug. 5.

OMB also set deadlines for the General Services Administration to establish an authentication acquisition services contract by July 31, and issue an amendment to the Federal Acquisition Regulations to implement the standard by Oct. 27.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group