The U.S. National Aeronautics and Space Administration (NASA) typically sets lofty goals (literally and figuratively) and has become accustomed to taking on tasks with few if any prior benchmarks of reference. Now the U.S. space agency has trained its sights at ground level and is looking for a “state of the art” identity solution, and in so doing, the agency is setting a new benchmark for U.S. federal government initiatives.
In January 2004, the U.S. General Services Administration (GSA) awarded a $93 million “task order” to Reston, Va.-based Maximus, Inc. to help NASA develop a “state-of-the art” smart card for agency employees and contractors. The card is to provide both physical and logical access for all worldwide NASA employees.
“The NASA smart card award is the latest in our strong history of wins in the smart card integration marketplace,” said Dr. David V. Mastran, Maximus CEO. “However, I want to be perfectly clear on what the task order means to Maximus. This does not mean that this is a contract for $93 million. What this really translates into is that we will do the initial work with NASA and the remainder of the task order will be funded incrementally based upon NASA’s needs. So the initial value of the NASA card deployment is probably more in the $10 million range over two years.”
Maximus will develop a Centralized Card Management System that will administer and issue NASA credentials, interface with various certificate authorities and physical access systems, and manage access to networks. In addition, Maximus will provide access control readers and visitor badging systems for selected NASA facilities.
“The big picture is that we’re developing a single system for both physical and cyber access,” said Jeremy Grant, Maximus vice president.
The company’s primary team member for the project is EDS. Other members include ActivCard, which will provide the secure smart card software; Risk Management Associates, a security consulting firm; and ISR Solutions, experts in physical access control.
“We’ll use EDS to support implementation of the project, provide some of the technical solutions, provide deployment and do the site surveys,” said Mr. Grant. “We?ve done some cards in the lab, but the first ones (about 2,000 at Huntsville) will roll out around May or so,” he added.
“We?re delighted to be on their team,” said ActivCard’s Greg Dicks, vice president of government solutions. He said the software that will be utilized is ActivCard’s Identity Management System Version 3.5.1.
“We hope to be in large scale issuance mode by September with 20,000 cards by the end of November,” said Mr. Dicks. They will be Schlumberger cards, 64K with DESFire for the contactless portion, he added. ActivCard is providing the AIMS software solution, with PKI security from Entrust.
“There will be no biometrics yet,” said Mr. Dicks. But he added that ActivCard is to do nothing “that would preclude biometrics in the future.” He said the company will be supplying applets for the personal data and for the PKI info.
“If you have a manned station, biometrics is useable, but at an unmanned station, biometrics is too easy to spoof,” said One NASA lead systems engineer, Tim Baldridge.
One of the main reasons for using smart technology, he added is that “the technology is cloning resistant. The cards are harder to counterfeit.
“NASA’s pilot program has been in the planning stages for two years with the National Institute of Standards and Technology and a working group of the federal government Interagency Advisory Board (IAB). GSA awarded the task order through its Smart Access Common ID Contract managed by the Federal technology Service (FTS) Center for Smart Card Solutions.
“GSA?s FTS is providing NASA with cradle-to-grave services on this task order including card management, enrollment, logical and physical access capabilities,” said FTS Commissioner Sandra Bates.
“If the field trials are successful, and we receive the approval of the Office of Management and Budget, we plan to deploy more than 100,000 smart cards before the end of FY 05.” said David Saleeba, NASA’s assistant administrator for security management and safeguards.
Eventually, personnel at 15 major NASA facilities are expected to receive One NASA identification cards over the next two years.
The One NASA smart card will enhance physical security for NASA facilities by authenticating an individual’s identity, said a NASA spokesperson. It will also provide a higher level of identity assurance for the agency’s information technology systems. With the smart card, employees and contractors need only to swipe it across or insert it in a reader to access a NASA center, facility or computer system.
The smart card will include a photo of each cardholder, and will require the cardholder to enter a personal identification number after inserting the card into a card reader, said Mr. Baldridge. NASA employee cards will be different from those of contractors or others doing business with NASA, he added.
The smart card will be deployed in compliance with the Government Smart Card Interoperability Specification (GSC-IS), allowing NASA smart cards to be fully interoperable with other Federally issued smart credentials. It will support both contact and contactless transactions and allow NASA employees and contractors to conduct business using a single card for both physical and logical access, including the PKI-enabled applications.
“NASA sees this as something they can make available to other agencies,” said Mr. Dicks.
In a recent presentation, Mr. Baldridge hinted at NASA’s approach to logical and physical access. The objective, said Mr. Baldridge, is to “control routine access to NASA resources with a common credential token.” Goals are to “adopt an agency-wide consistent credential policy, to implement within NASA a logically centralized, distributed process, credential issuance system and to issue credential tokens providing a known assurance for identity and authentication.”
Lofty goals for sure, but if achieved with a shared sense of interoperability from other federal agencies this benchmark will certainly be one worth referencing for years to come.