By Electronics giant uses EDS acquisition to springboard into credentialing
The past year saw the rollout of Hewlett-Packard’s (HP) next generation government employee ID card, a development the company sees as the first step to bringing its identity management and credentialing services to cyber security, commercial clients and the health care industry.
Assured Identity Plus is HP’s latest smart card product for the U.S. General Services Administration’s USAccess federal ID program. The program helps federal agencies to comply with HSPD-12, the mandate requiring them to issue secure credentials to government employees and contractors.
HP is the prime service provider for USAccess, the GSA’s branding for the suite of FIPS 201 compliance services it provides through its Managed Service Office. Currently the GSA program holds an 80% market share for federal agencies issuing FIPS 201 credentials.
Through its Identity and Access Management Services division, HP serves 79 of the 92 agencies enrolled in USAccess and has issued more than a half-million credentials, says Jess May, HP’s Global Identity Practice Lead for the U.S. Government Sector
HP was involved in the credentialing space prior, but its $13.9 billion acquisition of Electronic Data Systems Corp. (EDS) in 2008 was a game changer. The acquisition put HP in a powerful position in government ID.
With the EDS acquisition came the $66 million contract GSA awarded to the firm in April 2007 to support USAccess. It also included EDS’ contract with the U.S. Department of Defense (DOD). Currently there are 3.3 million active DOD credentials, says May, adding that since 2001 EDS and HP have issued more than 23 million credentials to the department.
HSPD-12: Next generation add-ons
One hang-up with HSPD-12 is that agencies have had trouble managing the requests and approvals that must be in place before an employee can obtain a credential. HP sought out improvements in this area to set its credentialing system apart, May said.
With the next generation card, HP upgraded its self-service Web portal to provide agencies with a single system to issue, activate and maintain employee credentials.
The portal allows agencies to request credentials and indicate which computer applications and government buildings an employee needs to access.
“All of the work flows and approvals are in the system,” says May. “On the back end, because you’re requesting this information from one place, all of your reporting for compliance is available.”
Every 90 days, agencies are required to audit their employees to make sure their credential is valid. So if an individual was authorized to use 500 different online applications, for example, the agency used to have to validate that person for each application one-by-one.
“You don’t have to do that anymore … it’s a tremendous decrease in manual labor,” May explains adding that by streamlining processes HP can deliver services at a fixed cost.
In line with HSPD-12 requirements, HP’s credential enables government employees to get past physical and logical access points with a single ID. Still, explains May, many agencies have not taken that step. “But the new FICAM (Federal Identity, Credentialing and Access Management) guidelines have requested that agencies start making this move,” she notes.
GSA surveys market
HP is likely to be reapplying soon for its role as the USAccess program’s core service provider. GSA issued a request for information (RFI) on shared service providers for the program, putting out feelers to see what other technology and companies available.
A GSA newsletter stated that they would “gather industry insight and guidance regarding the best way to structure the necessary re-competition for the program’s core service provider.” Responses were due in July.
Citing the sensitivity of the program’s procurement actions, officials with GSA declined to comment for this story, only to say they were unsure where the RFI might lead.
Global, commercial work
For more than a decade HP has provided identity management services to government and commercial clients worldwide. The company provides national ID cards to Poland and Italy and lists the Department of Motor Vehicles in both Florida and Maryland among its clients.
On the corporate side, HP has helped commercial clients secure their computer systems following Sarbanes Oxley. “We’ve taken all the work we’ve done for Sarbanes Oxley and combined that with credentialing (for public access),” says May. “The same types of service we’re delivering to government agencies we are delivering on the corporate side as well.”
One of the major industries on the horizon for HP is health care. ‘My two biggest priorities are health care and cyber security, and you can’t have either one without ID management,” says Dennis Stolkey, HP’s senior vice president of U.S. Public Sectors. The company already does work for Blue Cross/Blue Shield and the Department of Health and Human Services.
According to May, HP sees itself playing a major part in the proposed National Strategy for Trusted Identities in Cyberspace initiative, which would give every citizen a national online ID.