DOD's most popular card

The Defense Department's highly successful smart card program, which has issued more than

5 million cards so far, is likely to become the chief model as the government's civilian agencies adopt a single card for employee identification.

DOD has led the way in smart card technology on the federal level, requiring all active-duty and reserve service members be issued Common Access Cards (CAC), which cost between $6 and $8 each. The department has issued more than

5 million since 1999, completing a long and expensive initiative only six months behind schedule. The program cost $250 million in fiscal 2003.

Other departments have dabbled in smart card technology, but none has pursued such a widespread adoption as DOD.

"The DOD CAC program has broken through some barriers and proven that large-scale implementation of [public-key infrastructure] ID credentialing is effective," said Randy Vanderhoof, executive director of the Smart Card Alliance Inc. in Princeton Junction, N.J.

In light of last month's proposed policy that would require all federal agencies to use smart cards as employee IDs, officials from the General Services Administration are pushing for a system that would provide the government with increased security. Smart cards can offer an added degree of safety for access to data and access to a building or system.

If the CIO Council approves the policy, the final hurdle would be adoption by the Office of Management and Budget. The policy lists no specific deadlines, but it calls for agencies to begin planning for the transition from their current access control systems to smart cards.

The CIO Council would have to establish the business rules to have each agency issue certifications, while ensuring that the participants develop interoperable solutions, Vanderhoof said. Part of the proposed policy calls for solutions that allow employees to use their smart cards at any agency.

David Wennergren, the Navy's chief information officer and DOD's point man for the CAC program, said developing interoperability shouldn't be a major problem for any agency adopting the technology, provided it pays close attention to industry standards and best practices.

"Our experience was this: If an agency were to build to industry standards — and we helped develop those standards — any card should work with any reader in any location," Wennergren said. "I don't think others have to do exactly what we did, but we're offering up our experience" for them to learn.

Wennergren said that when DOD first embarked on the smart card program, standards for smart card technology were just being established. The department's efforts helped pave the way for more widespread adoption, he said.

"We were able to bear the brunt of change management that other agencies now won't have to," Wennergren said.

The first step agencies would have to take is assuring their employees that the information they collect and store on a smart card will be protected, according to John Link, Northrop Grumman Information Technology's program manager for identity and access management initiatives for DOD.

"The employees will essentially be carrying around a database of some of their personal information," Link said. "They have to feel comfortable that the cards are secure and the methods the various

departments will use to access the information contained on the cards are secure."

Integration of the cards — for example, ensuring that an employee of the Department of Health and Human Services can, if allowed, enter a facility run by the State Department — will rely on more than just standards, according to Robert Brandewie, deputy director of the Defense Manpower Data Center, which is responsible for maintaining DOD's personnel data.

"Standards don't take you all the way to interoperability," Brandewie said. "Interoperability at the higher levels — levels that are integrated and seamless — can play a role in allowing federal agencies to interact in much-improved business practices."

The key benefit of smart card technology comes in security. However, fringe benefits of increased efficiency and a lower cost of doing business can be welcome byproducts, said Wennergren.

"Smart cards are an enabling force," he said. Agencies "would have a hard time moving to e-government without them. Without them, you're stuck in a paper process, a labor-intensive process. If you move to an electronic solution such as this, there are cost avoidances that can be achieved."