DOD keeps vendors on their toes

Middleware vendors may have a hard time with the Defense Department's approach to its Common Access Card (CAC) procurement because, in many ways, it is a new twist to what they've been doing in the commercial arena.

"None of what we've been asking middleware vendors to do with their products is all that new," said Michael Butler, chief of the DOD's smart card programs, because they've been used to meeting stringent requirements from the likes of Wall Street brokers and financial firms. "But those companies usually pick just one package to use across the whole of the enterprise."

DOD, on the other hand, made it clear from the beginning of the CAC program that it would be a multiple sourced effort.

"The bottom line is we're not looking for a DOD implementation, we're looking for a commercial implementation and we want people to compete," Butler said.

It's taken time for that concept, and the need for interoperability, to make its impression. Even now, middleware vendors still come to one of the prime contractors in the CAC program, Northrop Grumman Corp., hoping to sell their proprietary products to the government, according to Keith Ward, manager of identification and authentication solutions for the company.

"So we point them to the spec and tell them to go read it," Ward said. "We tell them they may have the greatest applications that could be useful to agencies, but if they are not compliant with the spec, there's nothing we can do."

Vendors and agencies finally seem to be getting the message, said Mike Brooks, director of the General Services Administration's Center for Smart Card Solutions. Last year he preached interoperability, he said, whereas 2002 is shaping up to be the year of implementation.