Government Applications

• Smart Card Alliance Government Resources

• U.S. Federal Government Smart Card Programs

  • HSPD-12, FIPS 201 and the PIV Card
  • Department of Defense Common Access Card
  • Department of Homeland Security Transportation Workers Identification Credential Program
  • Department of Homeland First Responder Authentication Card
  • U.S. ePassport

• Other Government Smart Card Resources

Smart Card Alliance Government Resources

• Assurance Levels Overview and Recommendations
• Authentication Mechanisms for Physical Access Control Systems
• Best Practices for the Use of RF-Enabled Technology in Identity Management
• The Commercial Identity Verification (CIV) Credential–Leveraging FIPS 201 and the PIV Specifications
• Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility
• Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery
• ePassport Frequently Asked Questions
• Expert Series Videos: Biometrics, FICAM, First Responder Authentication Credentials, NSTIC, PIV-I Credential
• FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience
• FIPS 201 Resources
• FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems
• Government ID Resources
• Identifiers and Authentication – Smart Credential Choices to Protect Digital Identity
• Identity Management Systems, Smart Cards and Privacy
• Interoperable Identity Credentials for the Air Transport Industry
• Logical Access Security: The Role of Smart Cards in Strong Authentication
• Personal Identity Verification - Interoperable (PIV-I): A Secure ID Credential for Non-Federal Issuers slide show
• Personal Identity Verification Interoperability (PIV-I) for Non-Federal Issuers: Trusted Identities for Citizens across States, Counties, Cities and Businesses
• Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials
• PIV-I for Non-Federal Issuers Webinar
• Privacy, Identity, and the Use of RFID and RF-Enabled Smart Card Technology – A Smart Card Alliance Brief for State and Local Governments
• Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology
• Recommendation on the Credential Numbering Scheme for the FIPS 201 PIV Card Global Unique Identifier
• Secure Identification Systems: Building a Chain of Trust
• Securing Identity and Enabling Employment Verification: How Do Immigration Reform and Citizen Identification Align?
• Smart Card Alliance Comments on NIST Notice of Inquiry (NOI), “Models for a Governance Structure for the National Strategy for Trusted Identities in Cyberspace (NSTIC)
• Smart Card Alliance Access Control Council
• Smart Card Alliance Identity Council
• Smart Card Alliance Response to DHS REAL ID NPRM Federal Register Notice
• Smart Card Alliance Response to WHTI Passport Card Federal Register Notice
• Smart Card Technology and the National Cybersecurity Strategy slide show
• Smart Cards and Biometrics
• The REAL ID Act: Why Real ID Cards Should Be Based on Smart Card Technology
• The Top 10 Hot Identity Topics
• Western Hemisphere Travel Initiative PASS Card: Recommendations for Using Secure Contactless Technology vs. RFID

U.S. Federal Government Smart Card Programs

Smart card technology is currently recognized as the most appropriate technology for identity applications that must meet critical security requirements. Countries around the world use smart cards for secure identity, payment, and healthcare applications. In addition, public corporations use smart employee ID cards to secure access to physical facilities and computer systems and networks.

The U.S. Federal government has standardized on smart cards for employee and contractor identification cards and is also specifying smart cards in new identity programs for citizens, transportation workers and first responders.

HSPD-12, FIPS 201 and the PIV Card

Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush on August 27, 2004, mandated the establishment of a standard for identification of Federal government employees and contractors. HSPD-12 requires the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems. The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, issued on February 25, 2005, and a number of special publications that provide more detail on the implementation of the standard.

Both Federal agencies and enterprises are now implementing FIPS 201-compliant ID programs and issuing PIV cards. The FIPS 201 PIV card is a smart card with both contact and contactless interfaces that is now being issued to all Federal employees and contractors. Within the next five years, GSA estimates that 12 million PIV cards will be used in the Federal Government alone, driving a significant expansion of FIPS 201 infrastructure and applications.

As a result of non-federal issuers (NFIs) of identity cards expressing a desire to produce identity cards that can technically interoperate with Federal government PIV systems and can be trusted by Federal government relying parties, the Federal CIO Council published the guidance document, Personal Identity Verification Interoperability for Non-Federal Issuers. A PIV interoperable (PIV-I) credential is of great value to organizations that collaborate or do business with the Federal government and have a requirement to issue interoperable identity credentials.

Additional information about FIPS 201 can be found on the Government Identity/Credentialing Resources page, from NIST and from the Smart Card Alliance Access Control Council.

Department of Defense Common Access Card

One of the most advanced smart ID card programs in the United States is the Department of Defense (DoD) Common Access Card (CAC), a smart card that serves as the DoD standard identification for active duty military personnel, selected reserve personnel, civilian employees, and eligible contractor personnel. The CAC is the principal card used for logical access to DoD computer networks and systems, and will be the principal card used to enable physical access as systems are installed for authentication and access at DoD facilities. As with all Federal agencies, DoD is now migrating to a FIPS 201-compliant Common Access Card.

Department of Homeland Security Transportation Worker Identification Credential

TWIC was established by Congress through the Maritime Transportation Security Act (MTSA) and is administered by the [Transportation Security Administration (TSA)](http://www.tsa.gov} and U.S. Coast Guard. TWICs are tamper-resistant biometric credentials that are being issued to workers who require unescorted access to secure areas of ports, vessels, outer continental shelf facilities and all credentialed merchant mariners. Longshoremen, truckers, port employees and others are required to obtain a TWIC. As of December 2011, over 2 million individuals have enrolled in the TWIC program and over 1.9 million have received and activated a TWIC card.

DHS First Responder Authentication Credential (FRAC)

The Office of National Capital Region Coordination coordinated a major initiative to develop a smart identity card system (the First Responder Authentication Credential) for emergency responders. These smart cards would allow first responders from across the region the ability to quickly and easily access government buildings and reservations in the event of a terrorist attack or other disaster. The initiative is designed to remedy access problems such as those encountered by state and local emergency officials responding to the 9/11 attack on the Pentagon.

The Smart Card Alliance Identity Council and Access Control Council developed a white paper, Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery, after discussion with DHS personnel to understand the complexities of trusting identity credentials at disaster response and recovery scenes. The white paper describes the benefits of using FIPS 201-based smart cards for ERO credentials and presents credential use cases that support both emergency response and daily use.

U.S. ePassport

The Department of State, Bureau of Consular Affairs, in cooperation with its partners at the United States Government Printing Office and the Department of Homeland Security, is issuing the ePassport – a new version of the United States passport that contains an embedded contactless smart card chip. The chip is used to store biographic data on the passport; once unlocked, the data can be displayed on a screen at passport control. The new technology enhances the security of the passport and facilitates the movement of travelers at ports of entry.

The ePassport has been designed to comply with the specifications of the ICAO, Document 9303, Part I and its technical reports and annexes relating to advanced storage media for use in passports. The Smart Card Alliance Identity Council ePassport FAQ answers common questions about how the ePassport works and what technology is used to protect an ePassport holder’s personal information.

Additional information on U.S. government identity management initiatives can be found at the IDmanagement.gov web site. The Smart Card Alliance annual Smart Cards in Government conference includes briefings from many government smart card program managers, with proceedings available from past conferences.

Other Government Smart Card Resources

• Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, November 10, 2009. This document provides Federal agencies with architecture and implementation guidance that addresses existing ICAM concerns and issues.
• Federal Information Processing Standard 201 (FIPS 201) Personal Identity Verification (PIV) of Federal Employees and Contractors
• Government Smart Card Handbook
• IDManagement.gov, providing information on Federal identity management activities
• Inter-agency Advisory Board (IAB) web site