The government's exploration of a shared infrastructure comes as federal agencies are scrambling to implement the needed infrastructure -- such as PIV-compliant card readers and biometric readers and physical access control devices -- by the October deadline. With just six months left to go, agencies don't have a much time left, especially considering the fact that few PIV-compliant products are available, said David Troy, practice manager at Plano, TX.-based EDS.
"People may be under-estimating the logistical, technical and organizational challenges" involved in rolling out the cards, Troy said, noting that there has nonetheless been "tremendous progress" within agencies in establishing consistent ID vetting processes over the last several months. He stressed that with few products available and no clear indication yet on how or when the government will start procuring them, the October deadline could be tough to meet, he said.
Even when PIV-compliant products do become available, there is still going to be considerable integration work required, said Neville Pattison, director of technology and government affairs at Axalto Inc., a smart-card manufacturer in Austin. "Everybody is doing the best they can. But there's a lot of work to do and perhaps not enough time."
The fact that HSPD-12 is an unfunded mandate also means that in some cases agencies are scrambling to find money to implement PIV cards, said Manoj Srivastava, CEO of Infomosaic Inc., a San Jose-based software vendor with a work flow product for registering individuals to the PIV program. "Some agencies have done nothing. Some have done a little. It all depends on which agency you are talking about," he said. "A lot of them are trying to do the minimum; There really is no money to push this forward."
The National Institute of Standards and technology (NIST), which was responsible for developing the PIV specification and related technology standards, has established a set of conformance guidelines for vendors of smart cards and middleware technologies. NIST has also established test laboratories where vendors of smart card technology can get their products tested and certified for conformance with PIV standards, said Curt Barker, a NIST program manager who deals with PIV standards. So far, two vendors have been issued compliance certificates, while several others are now going through the process, he said.