Digital Common Sense

Full story on Network World Fusion at
http://www.nwfusion.com/news/2005/022805fips201.html

Govt. braces for key security standard
Department of Defense could feel biggest impact of new smart-card rules.

By Ellen Messmer
Network World, 02/28/05

The National Institute of Standards and Technology last week raced to meet a weekend deadline to issue a smart-card standard that will be the basis for products that give federal employees and contractors secure access to networks and buildings.

President Bush imposed the deadline last August in a directive aimed at improving government security by having a common access technology adopted by next year.

The arrival of the Federal Information Processing Standard (FIPS) 201 is being met with a mix of optimism and anxiety. If it works out, the standard could provide a framework for adoption outside the federal government. But more immediately, government agencies are concerned about its costs and practical implementation.

The Department of Defense, the government’s biggest user of smart cards, is most worried.

“We expect we’re going to have to make some changes,” says Mary Dixon, deputy director at the department’s Defense Manpower Data Center. The group has issued more than 3 million smart cards based on the older Government Smart Card Interoperability Specification (GSCIS ).

In comments to NIST last December on the draft standards document, the Defense Department said FIPS 201 would force a “costly re-investment” that would “require [Department of Defense] to re-deploy desktop middleware to 2.2 million [Defense Department] computers,” update 3.5 million Common Access cards and “impose an unproven solution with no supporting product.”

The government did not release estimated costs to pay for Bush’s mandate.

Filed by Ken at 3:01 pm under General, InfoSec