GSA compiles list of vendors compliant with FIPS-201
- By Jason Miller
- Mar 10, 2005
The General Services Administration is combing the Federal Supply Service's IT schedule for smart-card vendors whose products and services meet a new governmentwide standard.
To help agencies comply with the Federal Information Processing Standard personal identity verification (PIV) requirements, GSA will set up a program management office and place compliant components under a Special Item Number on Schedule 70, according to Judith Spencer, chairwoman of GSA's Federal ID Credentialing Committee.
"We will put in place bulk purchase agreements for agencies," Spencer said today at the fourth annual Smart Card and E-Government Conference in Washington, sponsored by the Smart Card Alliance, an industry trade association based in Princeton Junction, N.J.
Previously, GSA said it would update its smart-card governmentwide acquisition contract to help agencies meet these new standards. Spencer also said GSA would release by Friday a draft of the Identity Management handbook to help agencies implement the new standard.
GSA later will add guidance from the Office of Management and Budget and a PIV implementation plan template. Both of these documents should be available in the next few weeks, according to Spencer.
The template will ask agencies to evaluate where they are in implementing FIPS-201 and how they will complete the first phase by Oct. 27. "It is a road map for agencies," Spencer said. "It will be an online, fillable form that can be sent to OMB by e-mail." The questions on the three-page form are divided into several sections, including PIV I, PIV II, and security and privacy.
Spencer said the forthcoming OMB guidance on FIPS-201 would identify exactly how the administration will define compliance. "It will explain to agencies what it means to be compliant on Oct. 27 and beyond," Spencer said. "It will also give a date when OMB expects agencies to begin to deploy PIV II-compliant cards."
Spencer also suggested that the widely speculated on PIV II compliance date of October 2006 might not be feasible for all agencies.