Fixing the Identity Credentialing Problem
Companies now can acquire certified identity credentials that facilitate employees’ physical and logical access when they work with the U.S. Defense Department, other government agencies and government-affiliated organizations. A biometrics-infused card authenticates a person’s identity using barcodes, a digital photograph and fingerprints. Through a not-for-profit association, contractors become part of an operational system that can exchange credential information with the government.
Organizations interested in obtaining an identity credential for their employees first must join the Federation for Identity and Cross-Credentialing Systems (FiXs). The federation focuses on standards-based operating rules for identity authentication credentials and networks. It champions open systems architecture and nonproprietary solutions.
Dr. Michael J. Mestrovich, president, Unlimited New Dimensions LLC, and president of FiXs, explains that work on credentialing began five years ago. It was born from the need to verify the identification of contractors who were working throughout the department. In most cases, an individual repeatedly needed to obtain different credentials depending on the work he or she was contracted to perform. In current military operations, employees of contracted companies would have to wait in the
FiXs began its work with the Defense Manpower Data Center (DMDC), which is the organization that issues the Defense Department’s Common Access Card (CAC). After conducting some pilot programs, FiXs signed its first memorandum of understanding with the DMDC in January 2006.
This was just the beginning of the hard work, Mestrovich says. The FiXs identity-credentialing network became operational in 2008 and currently is the only one certified to interoperate with the Defense Cross-Credentialing Identification System, or DCCIS, infrastructure.
To be able to obtain a FiXs-certified credential for its employees, an organization must first join the FiXs coalition. Before it is granted membership, the applicant's company is vetted through LEXIS-NEXIS. This process generally takes 10 business days.
Once it has successfully passed this vetting process, the organization is allowed to become a federation member, which initially costs approximately $700. It is assigned a unique organization code, a classification structure that FiXs developed with the DMDC. At this point, employees from the member organizations are eligible to apply for the FiXs-certified card.
Mestrovich explains that the federation's operating rules currently allow for three levels of credentials: high, medium-high and medium. The vetting process the employee undergoes is based on the level of credential being requested. Currently, Operational Research Consultants Incorporated (ORC) is one of two companies that have been approved as issuers of the FiXs-certified credentials; the other is Data Systems Analysts Incorporated (DSA).
Rick Webb, executive director of advanced technologies, ORC, explains that once an organization is accepted as a member of FiXs, its company-appointed official provides to ORC or DSA a list of employees who need a FiXs-certified card. At this point, individual employees can go online to fill out a preregistration form.
Once approved, the individual comes to one of ORC’s facilities or an event at which ORC is issuing cards and presents documentation of citizenship. The person’s fingerprints are captured digitally for storage on the card, and a digital photograph is taken that will be laminated on the card and included on the computer chip. The card then is immediately activated and given to the applicant, providing that person with physical and logical access as granted by the organization for which he or she is working.
When individuals arrive at a Defense Department site, their FiXs-certified credential is inserted into a handheld device. They then enter their personal identification number, or PIN, which unlocks the personal information on the card's embedded chip, and put their finger on the device to be verified.
The cost of the individual credentials varies and is based on the level and length of time the credential is valid. Even the highest level, a credential that is valid for up to three years, is less than $550. Mestrovich and Webb agree that, in most cases, the company will cover this expense for its employees.
Currently, a pilot program is underway at Fort Belvoir, which comprises the issuance of up to 3,000 individual FiXs-certified cards to employees of contractors. The pilot program will continue through the end of September. Applying for the cards is strictly voluntary, and Mestrovich emphasizes that this is not a national identification card.
Read the expanded version of this article in the August issue of SIGNAL Magazine, in the mail to AFCEA members and subscribers July 31, 2009. For more information about purchasing this issue, joining AFCEA or subscribing to SIGNAL, contact AFCEA Members Services.
