Barriers to CAC/PIV Secure Printing Implementation

Federal agencies understand the gravity of a security leak, especially when it comes to sensitive topics. Since HSPD-12 came out in 2004, agencies have been working to secure their desktops, laptops, door access, emails and any sensitive information using FIPS-201 compliant smart cards.

Even so, government agencies struggle to secure their print infrastructure—while maintaining ease of use for employees.

Because printing converts data to physical media, it is considered one of the most vulnerable security areas within an organization. Once data is printed it is difficult to control, and it’s easy to imagine how risky it is to have sensitive information sitting on a printer tray in plain sight. Anyone could pick it up, stash it in their briefcase, and walk out of the building. Once a breach like this occurs, the information is nearly impossible to retrieve.

It’s well known that Common Access Cards (CAC) or Personal Identity Verification (PIV) smart cards can be used for multi-factor authentication at a printer to secure printing and mitigate these risks. The odd thing is that many federal agencies have been slow to implement CAC/PIV secure printing solutions. Therefore, PrinterLogic, a leader in secure pull printing, conducted research with agency IT personnel to find out why.

Our research identified four key reasons why federal agencies are slow to implement CAC/PIV secure printing:

  1. Difficulty justifying replacing the entire printer fleet. Most printers in an agency fleet do not have an integrated CAC/PIV reader. Implementing CAC/PIV solutions across an entire agency is a high-cost scenario that involves lots of expensive devices and massive infrastructure changes. Upgrades of this magnitude require a lot of planning and are accompanied by big incremental budget approvals. Workers and support staff need training on the new printers, as well as the software to manage them. Large deployments can take years to complete, and productivity suffers during the transition period.
  2. Installed base of functioning printers has to be abandoned. Printers that are in service and still work are like the laws of inertia: They tend to stay in service unless acted upon by an opposing force. In most organizations, working printers are used until they break or can no longer be serviced. The installed base of printers includes smaller models that can’t be retrofitted to support CAC/PIV authentication and would be scrapped. This causes some agencies to procrastinate CAC/PIV deployments in order to avoid waste.
  3. Vendor locking is a double-edged sword. Federal agencies are motivated to employ CAC/PIV print solutions, but they prefer vendor-agnostic procurement practices. Most CAC/PIV solutions are tied to one printer manufacturer’s hardware, which means committing to a solution that “locks” the agency into one vendor. This gets in the way of a multi-vendor approach that benefits from competitive offerings. On one hand, agencies want the flexibility of upgrading and switching to better solutions when they are available. On the other hand, they are married to existing hardware and service commitments until those expire.
  4. Complex back-end Infrastructure. Federal agencies have spent the last 10+ years consolidating their network and server infrastructure. Most CAC/PIV solutions require an extensive server implementation. One agency we surveyed said they would need 2,000+ pull-print servers to facilitate secure print authentication using their PIV cards. The sheer cost, software training, and incremental support staff needed for this kind of investment has slowed adoption.

Based on this research, PrinterLogic has developed a cost-effective CAC/PIV secure pull-printing system that works with ANY network printer, requires no print servers, and gives complete visibility into print activity on the network. Read about it in our new blog, The PrinterLogic CAC/PIV Advantage, call our Federal Sales Desk at 435-216-1939 for more information, or to schedule a WebEx product demonstration and a 30-day free trial.