Agencies strive to meet ID card deadline

By Daniel Pulliam
dpulliam@govexec.com

Federal agencies are facing numerous challenges as they struggle to meet an Oct. 27 deadline for issuing high-tech credit-card-sized identity badges to employees and contractors, participants in a conference on the mandate said Thursday.

John Sindelar, acting head of the General Services Administration's Office of Governmentwide Policy and a member of the governmentwide identity card executive steering committee, said while new credentials will not be issued to every federal employee come Oct. 27, every agency will be issuing new cards to at least some.

"It's not going to look pretty on Oct. 28," Sindelar said at the conference, which was hosted by the educational nonprofit Potomac Forum of Potomac, Md. "The vision for the long-term outcome is not exactly clear ... but the dates for achieving [the Homeland Security Presidential Directive 12 mandates] are aggressive."

Agencies may not have fully integrated systems for managing the cards by the Oct. 27 deadline, and the initiative is "not blessed yet" with a governance structure, Sindelar said.

Chris Niedermayer, Agriculture Department associate chief information officer and chair of the HSPD 12 and E-Authentication Executive Steering Committee, said shared service centers in four federal buildings hosting multiple agencies, one in Seattle and the others in New York City, Atlanta and Washington, D.C., will start enrolling employees and issuing cards in October. Baltimore originally was on the list, but Atlanta was substituted because of an issue with the building in Baltimore, Niedermayer said.

The expectation is that employees in about 30 agencies will receive cards through the service centers and that the rollout will be expanded next year to include additional cities and employees.

"It's a test, more or less," Niedermayer said. "It helps meet the basic requirements [of HSPD 12], but do it smartly."

Agencies must buy equipment for issuing cards from vendors that are compliant with National Institute of Standards and Technology standards and have passed a separate round of GSA testing for interoperability.

Last week, OMB released a list of certified products and services that meet previously established requirements. A Federal Acquisition Regulation rule mandating the use of the GSA product list is expected soon.

All products and services bought through other means than the GSA purchasing vehicle also must be certified to ensure they meet all HSPD 12 and interoperability standards.

Not all the necessary equipment has made it through the testing process -- for example, the interfaces that go between the enrollment process and card issuance for the agency human resource systems -- but the standards for the interfaces should be released late this summer or early in the fall, Sindelar said.

"We are struggling with how that's going to work. I'll admit that," he said.

Sindelar said it has yet to be determined how exactly the shared service centers will operate. Smaller agencies are encouraged, but not required, to use larger agencies' shared service centers for issuing and administering the new identity management system as a way to cut costs.

Sindelar argued that HSPD 12 is not an unfunded mandate, contrary to what many have suggested. By asking agencies to consolidate their identity management to shared service centers, significant budget savings are expected, he said.