recommended reading

DHS Kicks Off $100 Million Employee ID Project

Sergey Nivens/Shutterstock.com

The Homeland Security Department is buying $100 million worth of services to issue staff at all agencies smartcards with iris and facial recognition capabilities.

Late Friday, DHS opened the bidding process for a decade-long project to upgrade personnel identification cards that are used to access federal buildings and networks. Following the September 2001 terrorist attacks, Homeland Security Presidential Directive–12, or HSPD-12, mandated biometric IDs for employees governmentwide. But many workers, including 82 percent of DHS computer users, flash the credentials at guards, rather than digital readers, largely because the cards’ electronic components haven’t been activated, according to internal audits.

Now, contractors will replace about 161,924 cards in 2013 and 116,172 cards in 2014, according to contracting documents.

“The present Identity Management System was designed in 2008 and has remained basically unchanged since its inception. New more capable methods are now available that must be evaluated and implemented to move the [ID management] process into compliance,” project plans state.

The work includes "the full range of program management support, engineering services, labor, materials, and equipment" to operate the entire credentialing process, from enrolling employees to synching with card readers on facilities and computers, the contracting papers state. The deal is capped at $99.5 million. 

The use of iris recognition is expanding governmentwide. In July 2012, the Obama administration announced plans to embed iris images in all employee ID cards. Meanwhile, DHS and the Justice Department are collecting iris snapshots to identify legitimate travelers as well as track criminal offenders. 

Companies competing for the Homeland Security smartcard job must "demonstrate the system’s ability to capture facial, fingerprint and iris biometric,” technical specifications state.

The contractor will provide the technology backbone for up to 400 workstations that distribute IDs at sites departmentwide. Wherever possible, the new tools will be incorporated into the department's roughly 405 pre-existing stations. The contract also requires as many as 16,000 "light activation stations" -- PCs connected to a credential management computer program -- that allow workers to independently update ID data and reset passwords.   

The new supplier will be responsible for adapting current operations overseen by incumbent contractor XTec to the new arrangement without disrupting credentialing or login systems on buildings and computers. Homeland Security’s goal is to minimize "downtime and cost overruns as well as functional, security and performance impacts,” according to the contracting documents. The technologies in need of transitioning include "back-end infrastructure and interfaces and distributed end user facing systems." 

Since clinching the DHS ID management award in 2008, Reston-based XTec has continued to win credentialing contracts from other major departments. In February, the General Services Administration closed a deal with the firm for an unspecified price to issue smartcards for more than 90 agencies that outsource their HSPD-12 credentialing services to GSA, according to XTec. 

As of December 2012, most federal employees were carrying biometric IDs but more than 40 percent didn’t use them to log onto agency networks, according to the executive branch’s annual report on adherence to the 2002 Federal Information Security Management Act. Last year, about 57 percent of computer accounts required smartcards to sign in, down from 66 percent in 2011. A decrease in smartcard usage at the Pentagon and significantly less usage at the Agriculture Department drove the decline.

(Image via Sergey Nivens/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.