The government has adopted a policy for establishing a common Federal ID Card, which could be used for both physical and logical access control. Individual agencies would issue and manage the cards, but the cards would interoperable across agencies. “The FIC is to be used as the identity and basic authentication credential … within the issuing agency,” the guidelines note. “It will be the basis of identity and basic authentication when visiting other domains within the federal government enterprise.”
The committee is promoting smart cards as the platform of choice for Federal ID Cards as agencies replace existing badge and ID systems.
The Office of Management Budget chartered the committee, which is a consolidation of two other groups: the Federal PKI Steering Committee and the Smart Card Interoperability Advisory Board. Members include federal smart-card managers, PKI managers, human resources managers, physical security managers and officials from the National Institute of Standards and Technology.
Each agency relying on the common card would be responsible for verifying cards issued by other agencies and would establish its own physical and logical access policies.
The guidelines lay out minimum requirements for smart-card credentials:
- Standard electrically readable format for data
- Tamper and counterfeit resistance
- Support for three means of authentication, such as passwords, credentials and biometrics
- Automated use monitoring for audit trails
- Digital certificates on each card for identification, encryption and digital signatures
- Ability to be updated after issuance
- Certification of applications carried on the cards.
The guidelines also suggest that agencies plan for a functional card life of six years.
Quelle: Government Computer News, 11.02.2004
