The Department of Defense (DoD) has awarded Enterprise Software Agreements (ESA) for middleware software, which enables DoD user applications to work with the Common Access Card (CAC). The Indefinite Delivery, Indefinite Quantity contract awards, announced on August 8, 2002, were made to four vendors (Schlumberger, Datakey, SSP-Litronic and Spyrus) who were selected based upon functional testing and price. CAC middleware is software that allows application programs to communicate with Smart Cards through Smart Card readers. Commercial product may also allow additional features such as file encryption and utilities that may be used on the desktop or in conjunction with a Smart Card.
The contract culminated an eighteen-month process that started with a specification that defines the basic functionality that is required by DoD CAC users. Functionalities primarily include: digitally signing e-mail, digitally encrypting e-mail, ability to change user's Personal Identification Number (PIN), and working within certain operating systems and products to utilize the DoD Public Key Infrastructure (PKI).
The contracts will have a three-year base performance period and a cumulative sales ceiling of $26 million. When cumulative sales under all contracts reach the specified maximum amount, the individual contracts ceilings will be considered exhausted and ordering under all contracts will cease. Funding will be provided by the customer on each individual delivery order that is issued under these contracts.
The Naval Inventory Control Point (NAVICP), Mechanicsburg, Pa., acted as the contracting agent for the award. The contracts were awarded under the DoD Enterprise Software Initiative. It is expected that the contract will be open for orders in early September 2002, following First Article Test. Online ordering is available through ITEC Direct (www.itec-direct.navy.mil). Full descriptions of the software's options, hardware compatibility and ordering procedures can be obtained from the Department of the Navy (DON) IT Umbrella Program. The Joint Interoperability Test Command (JITC), Indian Head, Md., is conducting middleware testing with the CAC. JITC is also testing for compatibility with operating systems and card reader hardware. Results of the test will be a listed so those customers can identify any issues before they make an investment in CAC middleware. Additionally, vendors may have reader products tested at JITC (at vendor cost) to have their hardware added to the test report.
Historically, the Smart Card industry has been a proprietary market within the United States, but now the industry has now defined business cases, technical standards, and interoperability goals. Several steps were involved in this transition. The first was the publication of the General Services Administration (GSA) Government Smart Card-Interoperability Standard (GSC-IS) by the National Institute of Standards and Technology (NIST), which defined common data, formats for Smart Cards for the U.S. government. The second was the fielding of a large scale JAVA card (the CAC) which openly supports and encourages multiple sources for Smart Card applications. The third was the marriage of Smart Cards, PKI, and the DoD identification card to provide a business case for supporting this new high-tech platform. The successes of these multiple efforts have resulted in an exemplary, robust Smart Card infrastructure. This success has enabled NIST to approach the International Organization for Standardiztion (ISO) to consider the U.S. Government Smart Card specifications as baselines for new ISO Specifications.