Deadline Passes for Federal Agencies to Begin Issuing 'Smart' ID Cards
November 25, 2006 // Published as a news service by IHS
While Oct. 27, 2006 marked the deadline for U.S. federal agencies to begin issuing new biometrics-based smart cards to its employees and contractors for access to federal buildings and information systems nationwide, agencies have until Oct. 27, 2008 to provide the personal identity verification (PIV) cards to all employees.
The measure is part of the 2004 mandate, Homeland Security Presidential Directive 12 (HSPD-12), which called for a mandatory, government-wide standard for secure and reliable forms of identification to enhance government security and efficiency, reduce identity fraud and protect personal privacy.
Experts said the implementation of the PIV system involves a significant degree of organizational change across federal agencies.
To assist in the implementation and deployment of these new forms of identification, the National Institute of Standards and Technology (NIST) spearheaded the development of an overarching standard, the Federal Information Processing Standard (FIPS) 201 - Personal Identity Verification of Federal Employees and Contractors, and several supporting documents.
FIPS 201 encompasses three technical publications covering several aspects of the initiative's administrative procedures and technical specifications:
- NIST Special Publication 800-73 - Interfaces for Personal Identity Verification (PIV), outlines the interface and data elements of the card's biometric information.
- NIST Special Publication 800-76 - Biometric Data Specification for Personal Identity Verification (PIV), details procedures for the technical acquisition and formatting requirements of fingerprints and facial images used to authenticate identity. A revised draft of the document recently released for public comment includes clarified performance testing and certification procedures.
- NIST Special Publication 800-78 - Cryptographic Algorithms and Key Sizes for Personal Identity Verification, specifies the acceptable cryptographic algorithms and key sizes to be used for the PIV system.
According to NIST, the standards are likely to undergo revision as the PIV system is fully implemented and put into use. To enable interoperability between federal organizations so that cards issued by one agency can be used to gain access to another, NIST released NIST Special Publication 800-96 - PIV Card to Reader Interoperability Guidelines to ensure compatibility between cards and readers from different vendors.
Last spring, NIST conducted a PIV demonstration to test the compatibility of products from 44 companies, concluding in a subsequent report that the products currently available offered viable solutions for meeting the HSPD-12 mandate.
NIST identified several areas of focus for additional guidelines necessary to support the continued roll-out of the system. Future projects will include the development of standards that ensure appropriate levels of security for all relevant applications, that support the electronic transmittal and storage of biometric data and that protect the personal privacy of PIV system subscribers.
Source: American National Standards Institute (ANSI).