All federal agencies will have to come up with a plan to implement use cases for PIV credentials by the end of March, according to a memo released by the White House Office of Management and Budget.
“Each agency is to develop and issue an implementation policy, by March 31, 2011, through which the agency will require the use of the PIV credentials as the common means of authentication for access to that agency’s facilities, networks, and information systems. Moreover, the DHS memorandum outlines a set of requirements that needs to be included in an agency’s implementation policy, in order for that policy to be effective in achieving the goals of HSPD-12 and realizing the full benefits of PIV credentials.”
The implementation plans need to include the following:
- Effective immediately, all new systems under development must be enabled to use PIV credentials, in accordance with NIST guidelines, prior to being made operational.
- Effective the beginning of fiscal year 2012, existing physical and logical access control systems must be upgraded to use PIV credentials, in accordance with NIST guidelines, prior to the agency using development and technology refresh funds to complete other activities.
- Procurements for services and products involving facility or system access control must be in accordance with HSPD-12 policy and the Federal Acquisition Regulation. * Agency processes must accept and electronically verify PIV credentials issued by other federal agencies.
- The government-wide architecture and completion of agency transition plans must align as described in the Federal CIO Council’s “Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance”
Agency progress on the implementation will be watched by the National Security Staff, and OMB will continue to provide guidance and oversight for agency IT investments.
Download a PDF of the memo here.