Will the Feds get HSPD-12 done? Then What?

If public sector, namely federal government, identity management is something you do few conversations are held without talking about HSPD-12. After reviewing Implementation Status Government-Wide published by Office of Management and Budget (OMB) I will share a few highlights. If you know what HSPD-12 is skip the next paragraph. The bullets below it will save you time and give you the highlights. What I keep coming back to, however is …“Where does the money and technological advances take us in identity management? That will be the topic of a different post.

Homeland Security Presidential Directive-12 (HSPD-12) - "Policy for a Common Identification Standard for Federal Employees and Contractors” directed the creation of a new Federal standard for a secure and reliable form of identification to be issued by all Federal Agencies to their employees and contractors. FIPS 201, also called Personal Identity Verification (PIV) is the primary standard with several others around it. The solution is basically a smart card containing several digital certificates for different applications and reference fingerprint templates. A template is a mathematical representation of the fingerprint following a particular standard data format for interoperability. The General Services Administration (GSA) stood up a shared service (I guess you could call it Identity-as-a-Service) to issue these new credentials to agencies who signed up with them. A total of 64 did. Others, total of 25, went at it alone. All have been working to issue cards.

From the latest report:

• Number of people who require this credential is about 5.8M. Down 13% from six months ago (has our government actually gotten smaller or is it just lower headcount between administrations)
• The number of PIV cards issued went from 20% six months ago to 48% currently. At this rate they should be done in a year – if you chose to define done as over 90%. Not likely if you look at the data but I won’t go there right now.
• Of the 15 cabinet-level agencies (aka “Department of..." ), Energy, Housing and Urban Development, Labor and State are all greater than 80% done.
• Of the 15 cabinet-level agencies (aka “Department of..." ), Justice and Homeland Security are the worst off…still. To be fair, DHS, hasn’t filed a report since last October despite the mandate by OMB to do so quarterly. Ironic the agencies responsible for law enforcement and security are the least able to abide by a federal security program.
• Of the 15 cabinet-level agencies (aka “Department of..." ), Defense dominates. DoD accounts for almost 3.3M of the total 5.8M. The 3.3M is 13 times more than the next largest agency, Veterans Affairs. DoD has issued 1.7M already. To be fair, they did have a HUGE head start.

The government continues to move along. What is more interesting to speculate, however, is given the amount of money the government dumped into this program, how and in what form will the technology find its way to a larger global marketplace. It happens a lot with technology innovations. Just look at the very medium we are using right now.