By Guy Vancollie, Chief Marketing Officer, CoreStreet
Since enterprises first looked at implementing smart card-based common access card programs in the 1990s, there have been many changes. Although some major companies have successfully deployed such programs, smart card-based identity solutions never have penetrated the enterprise market. Looking back, it is clear that a lack of standards as well as the ensuing incompatibility between different proprietary products led to one-off projects rather than solutions that would consistently drive prices down and make implementation easier.
As a result of 9/11, the U.S. issued HSPD-12, a “policy for a common identification standard for federal employees and contractors.” Under this mandate, all federal employees and contractors were to be issued a personal identity verification card, a smart card with contact and contactless interfaces to be used as their identity credential for logical access to information systems and physical access to facilities. In response to HSPD-12, the National Institute of Standards and Technology published FIPS 201, specifying the architecture and technical requirements for this common identification standard and finally providing standards.
Due to the need to define and set-up processes, such as ones for vetting card recipients and for card issuance, the initial rollout of PIV cards has been slower than initially expected. However, with more than 1.5 million cards issued by the second half of 2008, critical mass was finally reached. This increased deployment was in part driven by the Oct. 27 deadline for agencies to issue cards to all employees and contractors with 15 years or less of service.
With FIPS 201 in place, common access cards are now spreading outside the federal government and the first foray has been in state and local emergency management solutions. In this space FEMA efforts have led to the First Responder Authentication Credential to accurately identify emergency responders.
Additionally, the Transportation Worker Identification Credential is being implemented in the transportation and critical infrastructure industries to identify truck drivers and port workers and to mitigate the effects of a transportation security incident. Finally, major contractors to the federal government, such as Lockheed Martin, Northrop Grumman and SAIC, which were required to provide PIV cards to a number of their employees, are now looking to implement such programs company-wide.
Parallel with the above developments has been discussions about security convergence. The basic idea was that enterprises would benefit from jointly considering both logical security for information resources and physical security for facilities in order to implement a successful risk management strategy.
With physical security comes the concept of an access card. For example, HID Global at the recent ASIS Conference in Atlanta, announced the availability of a contactless smart card reader that can be built into the palm rest of select Dell laptops.
Another trend likely to further these developments is the fact that the digital certificates required for common access cards can also be used for logical security solutions. These can easily be obtained as an outsourced service from managed security service providers rather than requiring a heavy investment for an in-house public key Infrastructure.
In 2009, common access card programs will get another chance to conquer the enterprise market due to the government’s drive to implement PIV cards for all employees and contractors, the availability of standards and compatible products, the spread of standards beyond the federal government to state and local entities as well as government-linked enterprises. Most importantly, security convergence will finally receive market traction.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews.com, ContactlessNews.com, CR80News.com, RFIDNews.org, FIPS201.com, NFCNews.com, ThirdFactor.com, and DigitalIDNews.com.