Such a common infrastructure would make it easier and cheaper for agencies to enroll and register people in the PIV program, said David Temoshok, director for identity policy and management at the U.S. General Services Administration. The GSA and the Office of Management and Budget are undertaking the study, he said.
Federal agencies are required to distribute smart cards by Oct. 27 under Homeland Security Presidential Directive 12 (HSPD-12), which was issued in August 2004. The directive requires that smart cards support biometric identifiers.
"If we can put a common infrastructure in place for agencies to start enrolling and registering individuals, it would be a huge and important step" in speeding adoption of smart cards, Temoshok said.
The infrastructure would include common services for capturing identity and biometric information and the systems needed to record that information, he said.
A separate GSA executive steering committee is studying funding and governance issues and is working to determine which agencies should be responsible for overseeing a shared infrastructure, said Temoshok. Management of the infrastructure could be outsourced, officials said.
More mandates
HSPD-12 also mandated that federal agencies establish processes for verifying the identities and backgrounds of all federal employees. That effort was completed last October as required by the directive.
The government's exploration of a shared infrastructure comes as federal agencies scramble to install by the October deadline required devices such as PIV-compliant card readers, biometric readers and physical access-control devices.
The National Institute of Standards and Technology has created a set of conformance guidelines for vendors of smart cards and middleware technologies. NIST has also established test laboratories where vendors of smart-card technologies can get products certified for conformance with PIV standards, said Curt Barker, a NIST program manager.
So far, only two vendors have been issued compliance certificates, and several others are going through the process, he said.
"People may be underestimating the logistical, technical and organizational challenges" involved in rolling out the cards, said David Troy, practice manager at Plano, Texas-based Electronic Data Systems Corp.
Even when PIV-compliant products do become available, considerable integration work will be required, said Neville Pattison, director of technology and government affairs at Axalto Inc., a smart-card manufacturer in Austin. "There's a lot of work to do and perhaps not enough time," he said
Some agencies have also been forced to hustle to find funding to meet the requirements of the unfunded program, said Manoj Srivastava, CEO of Infomosaic Inc., a Santa Clara, Calif.-based maker of a workflow software product for registering individuals to the PIV program.
"Some agencies have done nothing. Some have done a little," he said. "A lot of them are trying to do the minimum. There really is no money to push this forward."