US gov't demands smart-card implementation update

Federal agencies have until Sept. 8 to provide an update on their readiness to comply with a presidential directive on issuing Personal Identity Verification (PIV) smart cards to all employees and contractors by the end of October.

The request for the update went out to federal CIOs in the form of a memo issued Tuesday by the White House Office of Management and Budget (OMB). The memo was signed by de facto federal CIO Karen Evans and included a template for CIOs to use in updating information on their agency's status and strategy for implementing the requirements of Homeland Security Presidential Directive-12 .

Issued Aug. 27, 2004, HSPD-12 requires all federal agencies to deploy a common standard for identifying and authenticating government employees and contractors. Under HSPD-12, federal agencies are expected to use a common identification credential -- the PIV smart cards -- for controlling access to government IT systems and buildings.

Under the two-phase implementation schedule mandated by HSPD-12, each agency had until last October to have processes in place for verifying the identities and backgrounds of all its employees and contractors. As part of the second phase, they are required to start issuing PIV smart cards on or before Oct 27. Both deadlines have been widely viewed as extremely aggressive given the scope of the process and the technology challenges involved in moving federal agencies over to a common identity and access management infrastructure.

Tuesday's memo from Evans noted that only changes to previously stated implementation plans needed to be submitted. "At a minimum, agencies will need to respond to questions on the number of background investigations they have planned for FY 2007 and FY 2008," the memo noted.

The OMB will provide agencies with a written evaluation of their updated plans, the memo added without specifying a time frame.