HHS looks to support PKI on identity smart cards
- By Mary Mosquera
- Dec 02, 2005
The Health and Human Services Department seeks information about technologies to support and manage public-key infrastructure credentials on personal identity verification smart cards to meet requirements of Homeland Security Presidential Directive 12
for secure forms of identification.
The smart cards must be compliant with Federal Information Processing Standard 201
, a common identification standard for federal employees and contractors, and PKI Common Policy Certificate requirements.
HHS wants to learn about product functionalities, technical architectures and system requirements, and how these products would interoperate with or supplement existing identity management and physical access systems, the department said in a posting
Currently, personal ID verification (PIV) registration, ID card issuance and physical access control are managed locally by each agency using a number of systems, with PIV data maintained in a number of separate databases and directories.
HHS intends to issue three sets of digital certificates'authentication, digital signature and key management certificates'to each PIV card.
Under HSPD-12, agencies this fall had to implement
FIPS-201, Part One (PIV I), which called for them to make sure their processes to issue federal identity cards and register employees met certain standards. Agencies have until October 2006 to begin implementing PIV II, which calls for interoperable systems and issuing credentials that use these applications.
Under the request for information, HHS requires that proposed technologies must:
- interoperate with third-party certificate authorities
- work with FIPS-201 digital certificates to be put onto PIV-II smart cards
- provide certificate lifecycle support and
- support HHS additions to the Federal Certificate Profile.
The proposed application should also support other FIPS-201 PIV business processes or interface with systems that perform functions such as authorization, registration, criminal/credit background checks and card issuance and management.
Responses are due Dec. 12.
Mary Mosquera is a reporter for Federal Computer Week.