CIO Council helps industry with secure ID interoperability

New guidance provides advice to ensure non-federally issued identity cards can work with federal HSPD-12 cards and systems.

By Jason Miller
Executive Editor
FederalNewsRadio

The Chief Information Officer’s Council is giving industry and others non-feds some guidance for issuing secure identification cards that are compliant with federal requirements.

The document provides a minimum set of requirements for federal agencies to trust secure ID cards issued by industry, state and local governments and non-governmental organizations.

Several organizations have been trying to match the federal requirements under Homeland Security Presidential Directive 12.

State and local governments have issued First Responders Authentication Cards (FRAC), and many of the largest federal contractors have signed up for the Federation for Identity and Cross-Credentialing Systems (FIXs).

The document details four specific areas to make sure non-federal cards could be trusted and interoperate with federal cards:

  • Common terminology for ID cards;
  • Technical requirements for the cards to interact with federal systems;
  • Identifier namespace, which ensures that the card is unique;
  • Trusted identity process to verify and authenticate the card holder;

The council says trust of non-federally issued ID cards is not mandated.

Instead, each agency can decide for itself what, if any, cards to trust, and if so, for what purposes.


On the Web:

CIO Council — FIXs Web site

FederalNewsRadio — Almost half of all feds have HSPD-12 cards

(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more