DOD still has far to go on FIPS 201

DOD still has far to go on FIPS 201

CAMBRIDGE, Md.--The Defense Department has reached about 80 percent compliance with the new federal standards for worker identification cards. But achieving that last 20 percent will take the full 18 months before the October 2006 deadline.

Mary Dixon, deputy director of the Defense Manpower Data Center, yesterday said DOD already has begun the work to meet the requirements outlined in Federal Information Processing Standard 201 But it will take until 2009 for the department to reissue all of its 4 million Common Access Cards to meet the technical specifications of FIPS 201 and related special publications from the National Institute of Standards and Technology requiring contactless chips and biometric data.

"A big issue for us is interoperability between vendor cards," Dixon said at the 2005 Interagency Resources Management Conference here. "We also have to figure out how to make sure everyone we hire goes through the National Agency Check. That is a big challenge for everyone."

Every federal hire must undergo the process, which includes checking criminal and other databases for secret or confidential clearances.

Dixon repeated the urging of many experienced officials to strategize how to meet the multiple deadlines between June 2005 and October 2006.

Agencies have until June to submit a plan to the Office of Management and Budget describing how they will comply with FIPS 201. By Oct. 27, agencies must implement the first phase, called Personal Identity Verification I, which covers identity-proofing, registration and issuance processes. Agencies then have until October 2007 to begin issuing interoperable cards [see GCN coverage].

"This is not easy, but it is not impossible either," she said. "Agencies should lean on more experienced agencies and build on the work of others or use existing systems."

Dixon said DOD later this summer will test the contactless, wireless card. It also will develop the identity card to technical standards for physical access and figure out how to put biometric fingerprints on the card using minutiae instead of images.

The key for any agency, Dixon said, is to have support at the highest levels, and cooperation among the human resources, CIO and physical security departments.

"This requires a lot of culture change," she said. "You need senior people to oversee the process and solve the main issues."

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group