Federal Programs


HSPD 12 is a presidential directive requiring all Federal Executive Departments and Agencies to implement a government-wide standard for secure and reliable forms of identification for employees and contractors, for access to Federal facilities and information systems and designates the major milestones for implementation. The Directive applies to all "Executive departments" and agencies listed in title 5 U.S.C. § 101, and the Department of Homeland Security; "independent establishments" as defined by title 5 U.S.C. §104(1); and the United States Postal Service (title 39 U.S.C § 201). The exceptions are as follows: "Government corporations" as defined by title 5 U.S.C. § 103(1) are encouraged, but not required to implement this Directive. (Ref: OMB M-05-024 Section 1.A.)

Presentation on interoperability guidelines for non-Federal agencies given a meeting of the Government Smart Card Interagency Advisory Board (IAB) in Washington, D.C.


The Transportation Worker Identification Credential (TWIC) is a tamper-resistant credential that contains biometric information about the holder which renders the card useless to anyone other than the rightful owner. Using this biometric data, each transportation facility can verify the identity of a worker and help prevent unauthorized individuals from accessing secure areas. Currently, many transportation workers must carry a different identification card for each facility they access. A standard TWIC would improve the flow of commerce by eliminating the need for redundant credentials and streamlining the identity verification process.


Since September 11, 2001, and highlighted again by Hurricanes Katrina and Rita, there has been a critical demand for a common authentication credential that first responders can use for all-hazards event response and recovery efforts. At the federal level, the Department of Homeland Security's Office of the National Capital Region Coordination and First Responder Partnership Initiative have been cultivating interagency and multi-jurisdictional partnerships with multiple federal and non-federal agencies, and establishing policies and procedures that promote interoperability of first responder credentials across jurisdictional boundaries.

Building on the standard documentation necessary for nationwide credentialing (FIPS 201), the First Responder Authentication Credential (FRAC) is supported by nationally interoperable technology standards that allow the identity credentials to be electronically validated regardless of location. The backbone of this technology is the public-key infrastructure (PKI) as defined in the Federal Information Processing Standard 201 (FIPS 201, Personal Identity Verification (PIV)) developed by the National Institute of Standards and Technology (NIST) in response to Homeland Security Presidential Directive 12 (HSPD 12).

First responders need to move and communicate easily across jurisdictions in the event of a terrorist or other all-hazards incident. Issuing credentials to first responders across the State that comply with the same minimum standards, as well as are in compliance with federal standards, will facilitate movement across jurisdictional boundaries, allowing more rapid response to a catastrophic event. Additionally, these credentials will contain information about responder qualifications and skills, so that incident command will immediately know the types and quantities of the resources they have on-scene. This means more efficient and effective deployment of resources at the incident site.

The Office of National Capital Region Coordination is coordinating a major initiative to develop a smart identity card system for emergency responders. These smart cards would allow first responders from across the region the ability to quickly and easily access government buildings and reservations in the event of a terrorist attack or other disaster. The initiative is designed to remedy access problems such as those encountered by state and local emergency officials responding to the 9/11 attack on the Pentagon.

Office of National Capital Region Coordination

The Office of National Capital Region Coordination (NCRC) oversees and coordinates Federal programs for and relationships with State, local, and regional authorities in the National Capital Region (NCR). The Office's responsibilities include:

  • Coordinating Department activities relating to the NCR 
  • Coordinating to ensure adequate planning, information sharing, training, and execution of domestic preparedness activities in the NCR 
  • Assessing and advocating for resources needed in the NCR


Originally launched in 2002 as the E-Authentication Initiative and as part of the President's Management Agenda, the E-Authentication Solution assists Federal agencies in meeting two primary goals:

  1. Mitigate the security and privacy risks associated with electronic government by allowing government agencies to develop trust relationships with their respective user communities through the use of electronic identity credentials (e.g., PKI certificates; user IDs/passwords) issued by other agencies and commercial organizations.
  2. Control costs associated with authenticating the identity of a large number of end users by eliminating the need for each agency to create and maintain a separate credentialing system for each of their online applications.

To achieve these goals, the E-Authentication Solution created the US E-Authentication Identity Federation which allows Federation members to recognize and trust log-in IDs that are issued by other trusted Federation members. The trusted members that issue these log-in IDs may be other government agencies, academic institutions, or commercial entities, such as banks or other financial services institutions.

The policy issued by OMB in Memorandum M-04-04 and by the National Institute of Standards and Technology in Special Publication 800-63 (NIST SP 800-63), and industry standards such as the Security Assertion Markup Language (SAML), form the foundation of the Federation. Together these foundational pieces provide agencies a policy-compliant and standards-based framework for authentication and identity services that enable the reuse of identity credentials across government applications. The E-Authentication Solution Program Management Office (PMO) provides agencies with the technical assistance and operational support needed to function successfully within the Federation.

Through the US E-Authentication Identity Federation an American citizen will be able to access government services online using a log-in ID they already have from a website they trust, rather than having to create another user ID and password.


REAL ID is a law and rule that establishes minimum standards for state-issued driver's licenses and personal identification cards. REAL ID compliant drivers licenses and ID cards will allow you to board a federally-regulated airplane, access a federal facility or a nuclear power plant.

REAL ID Act of 2005, was passed by Congress to make it more difficult to fraudulently acquire a drivers license or ID card, as part of the effort to fight terrorism and reduce fraud. REAL ID compliant licenses and ID cards must meet minimum standards which include: 

  • Information and security features that must be incorporated into each card 
  • Proof of identity and U.S. citizenship or legal status of an applicant 
  • Verification of the source documents provided by an applicant 
  • Security standards for the offices that issue licenses and identification cards

The 9/11 Commission endorsed the REAL ID requirements, noting that "For terrorists, travel documents are as important as weapons -- All but one of the 9/11 hijackers acquired some form of identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities."

Health IT

Medicaid is the single largest budget item for most state governments, absorbing in some cases a fifth of all state revenues. Currently, most of these costs are being managed by state Medicaid Management Information Systems, a complex of both manual and computer services that are costly to operate, poorly integrated and not standard across programs from one state to the next. In response, the federal Centers of Medicare and Medicaid Services (CMS) is partnering with state Medicaid and health and human services officials to bring Medicaid into the digital age.

In support of the President's Management Agenda Expand E-Government (E-Gov) initiative, HHS E-Gov objectives, and CMS' strategic objective of collaborative partnerships, CMS is developing an enterprise service to enable secure access to information and applications. The service, "Individuals Authorized Access to CMS Computer Systems" (IACS), will support secure application access for authorized users including Medicare and Medicaid beneficiaries, contractors, employees, state agencies, and trusted partners. The IACS Service will accomplish this in part by creating a single, cost-effective, enterprise service to support identity management and authentication for CMS applications. Moving user identification and authentication functions from the application to the enterprise level eliminates the inefficiencies of administering user identities within each application.

Medicaid-SCHIP Identity Management Session (March 2008 presentation) 

Mount Sinai Smart Card Alliance Profile 

University of Pittsburgh Medical Center Smart Card Alliance Profile