By OMB’s latest report — as of Sept. 1 — shows that 73 percent of all federal employees and 64 percent of all contractors have secure ID cards. In all, the government has issued cards to 4.2 million feds or contractors out of the estimated 5.9 million who need them.
Agencies have made significant progress since April when 1.2 million federal employees had HSPD-12 cards. OMB had set an October 2008 deadline for all employees and contractors to have secure identification cards. Agencies did not come close to meeting that deadline.
Several agencies are at or close to issuing 100 percent of its cards to employees, including the departments of Housing and Urban Development, Education, State and the Environmental Protection Agency, according to the latest reports from agencies to OMB.
At the same time, there are several agencies which haven’t made a lot of progress, including the departments of Homeland Security, Justice and Health and Human Services.
The council states the document will “provide a common segment architecture and implementation guidance for use by federal agencies as they continue to invest in identity, credential and access management programs. It also seeks to support the enablement of systems, policies, and processes to facilitate business between the Government and its business partners and constituents.”
The document also calls for agency leaders to “take ownership of their role” in promoting and implementing identity and access management technologies-both logical and physical access.
The council details several new agency initiatives that would help integrate the different programs and policies. These include 26 performance improvement recommendations, including the need for governmentwide guidance on the use of digital signatures and encryption and the lack of reciprocity among agencies on background investigations, and 32 current performance metrics.
The roadmap also details four governmentwide and five agencywide initiatives.
The governmentwide plans include:
Augment policy and implementation guidance to agencies
Establish federated identity framework for the government
Enhance performance measurement and accountability within identity management and access control initiatives
Provide governmentwide services for common identity management and access control requirements
Each of these initiatives has milestones, owners of those milestones and implementation deadlines.
This progress comes as the government is testing the use of commercial ID management providers. The National Institutes of Health is leading a pilot to use the OpenID standard to let employees and other users log into NIH services using their username and password from providers such as Google, Yahoo! or PayPal.