The U.S. Department of Defense (DoD) has incorporated fingerprint biometrics and facial images into its common access cards (CAC), which control entry to DoD facilities and information systems including data centers, according to a background briefing by Security and SDM magazines with HID Global experts.

In 2004, President George W. Bush issued Homeland Security Presidential Directive (HSPD) 12, which requires all civilian federal agencies to begin a program of issuing high-assurance verification cards to all employees for both logical access to federal computer systems as well as physical access to facilities. The Federal Information Processing Standards (FIPS) 201-1 in 2006 specified that a facial image, as well as fingerprint biometrics, be included on PIV cards. The DoD’s preexisting CAC effort has since been merged with the general PIV movement as far as the standards to be followed. More recently, 201-1 is undergoing some significant revisions. (For information on the revisions, visit: www.securitymagazine.com and its archive of articles.)

Still, the original purpose was to ensure the government was giving the right card to the right person, who would be enrolled by presenting documentation and fingerprints sent to the FBI for a criminal background check. Then there would be a second visit where the biometric was used to make sure it was the right person picking up the card. But that is not what the biometrics on the PIV and CAC were meant to be used for; the card was meant to identify the person carrying it. The way it has been used does not authenticate the person. The card is merely placed against a reader and if the card number finds a match in the database, the door opens. 

Federal agencies are only now starting to use the PIV cards for what they were originally intended. In early 2011, the Office of Management and Budget required all agencies to come up with a plan to implement all of the FIPS 201 requirements.

As for iris scans, a new draft of FIPS 201-2, recommends that agencies use iris scans but does not require it. Another challenging area for biometrics technologies involves the issue of interoperability. FBI, DHS and DoD biometrics databases are interoperable, meaning that the systems can share and exchange data. Recently released expanded standards cover DNA, footmarks and enhanced fingerprint descriptions.