Administration readies new ID standard for employees

Agencies must submit plans for incorporating new standards by June and comply by October.

The Bush administration is on the verge of releasing new standards for federal smart cards and employee credentialing systems, officials said Wednesday.

Commerce Department Secretary Carlos Gutierrez is expected to approve the new standards, which apply to federal employees and contractors, this Friday. All agencies must submit plans for meeting the standards by the end of June and be in compliance with them by the end of October, said Judy Spencer, chairwoman of the Federal Identity Credentialing Committee.

"It's not going to be easy," Spencer said at a homeland security conference hosted by AFCEA International. "There will be pain. The idea here is to manage that pain as much as possible."

Commerce was required to develop a governmentwide common identification standard by Homeland Security Presidential Directive-12, issued last August.

The Federal Identity Credentialing Committee plans to issue a draft identity management handbook next week to help agencies come into compliance, Spencer said. The handbook will be a "how-to" guide" that includes checklists, recommendations and best practices.

Spencer said the General Services Administration will seek feedback on the handbook from agencies and industry in order to publish a final version by the end of March.

"Once this is out ... the work really has just begun because now we have to work with that standard to make sure that we, the agencies ... implement this in a fashion that is as efficient and cost-effective as possible," she said.

According to Spencer, GSA also will explore making bulk purchases on behalf of agencies. She acknowledged that agencies will face costs in order to comply with the new standards, but said that those will vary depending on how far along an agency already is. She added that agencies should examine their existing internal credentialing processes to determine whether money can be saved.

Curt Barker, a National Institute of Standards and Technology program manager, said the government had to balance several interests while writing the new standards. For example, the standards need to increase security, enhance interoperability, minimize cost, meet an aggressive schedule, conform to existing privacy laws and regulations, accommodate training programs, and satisfy a broad range of systems that already use smart cards and biometric readers.

"Right now, we have drivers licenses, birth certificates and passports, all of which are based on documentation that can be forged or obtained fraudulently," Barker said. "It's an extremely aggressive schedule and one which we're working very hard to make possible."