Web System Vets U.S. Contractor Workers

A Web-based system can save taxpayers millions of dollars by speeding up routine identification processes.

MONTEREY, Calif.—The U.S. federal government and the 3.3 million people who work as private-industry contractors to provide goods and services for it now have a centralized, secure, Web-based system for identifying and credentialing outsourced workers around the world.

This system, in the works for about five years and tested by the Department of Defense for three years, officially went online July 25. It processes outsourced workers whether they represent an aircraft manufacturer or deliver soft drinks to machines on a military base.

The announcement was made July 31 at a conference at the Del Monte Hyatt Regency here in this seaside city.

The DOD has declared the new trusted-identity system, designed and built by a separate not-for-profit coalition of government and private-sector agencies and companies, as the first global and enterprisewide solution for cross-credentialing between industry and the U.S. government.

The system makes extensive use of existing corporations employee credentialing by federating those commercial identity systems into that of the DODs.

The Federation for Identity and Cross-Credentialing Systems, or FIXS, builder of the network, is a not-for profit organization that provides a forum for government and industry to come together to solve issues involving centralized identity, credentialing and network authentication.

/zimages/3/28571.gifClick here to read why the Cyber Security Industry Alliance gives the U.S. government poor marks on information security.

FIXS, based in Fairfax, Va., comprises a coalition of government contractors, commercial companies and nonprofit organizations whose mission is to build a worldwide interoperable identity and cross-credentialing network built on security, trust and standard operating rules.

This weeks conference here is FIXS annual event for getting many of the key government agencies and private-sector defense and security vendors in one place to facilitate improvements in the federal governments wildly disparate identification and credentialing systems for the millions of contractors—large and small—who provide goods and services to the government.

In its previous two conferences, FIXS was fixated on getting various U.S. government agencies—such as the DOD and the National Security Administration—together to work on these problems. This year the focus is on bringing the private-sector service providers into the mix, FIXS President and conference director Mike Mestrovich told eWEEK.

"The biggest issue weve had to face is the process of vetting the users who need to get into this new system," Mestrovich said. "Companies and agencies all have different models and processes, and coming to common denominators on the key factors took a great deal of time and work, to say the least."

The FIXS network is now an authorized link to the DODs cross-credentialing identification system infrastructure. It is modeled after the financial industrys highly secure ATM approach, Mestrovich said.

"The ATM system is amazingly secure, more so than you might think," said Bob Lentz, who serves the DOD as deputy assistant secretary of defense for information and identity assurance. "The banks lose to fraudulent activity only $7 out of $1,000 moved via ATMs every day. Thats a great record. Wed like our network to be as efficient and safe."

/zimages/3/128936.gifListen here to a podcast about nearshoring, the growing practice of outsourcing IT jobs to our neighbors just across the border in Canada.

The FIXS network is a scalable system—not unlike Star and Cirrus verification for ATM cards—that provides trusted, secure identity verification and credential authentication for contractors accessing a range of government facilities, Mestrovich said.

One of the first bottom-line benefits of the new credentialing system is that it speeds up the deployment of contractors working on projects in remote areas, such as the military theaters in the Middle East.

DOD contractors wait an average of five to seven days—and often much longer—between arrival at the job and deployment on their missions while their credentials and permissions are being authenticated, Lt. Richard Faulkner, an Army security specialist, told eWEEK.

Since the contractors are being paid from the moment they arrive on the job site, "tens of millions of dollars are lost each day on idle contractors, while they await their credentials and work instructions," Mestrovich said.

The indoctrination process for all workers for all government and military contractors includes more than just identity vetting. There are health examinations and immunizations, issuance of Java-enabled CAC (common access card) identification, visas, passports, issuance of government equipment, uniforms and several other factors.

But identity management and security clearances have always taken the most time, Faulkner said. "Every hour that we can cut off the time it takes to process a contractor is money saved," he said.

Now in full DOD production, the FIXS network is operational on a global scale, Mestrovich said.

"The ability to conduct worldwide identity transactions represents a new era for federated identity strategies and clearly shows the commitment of industry and government to build more secure global identity management systems for physical applications," Mestrovich added.

Member companies in the FIXS coalition include Northrup Grumman, Lockheed Martin, SAIC International, EMCs RSA Security, SRA International, Digital Government Institute, SuperCom, Imadgen and PriceWaterhouseCoopers, among others.

Halliburton and Bechtel, two of the largest government military contractors, are not yet members of FIXS, Mestrovich said. "Were hoping they join us, of course," he said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...