Computerworld - Federal agencies continue to miss by a wide margin the implementation deadlines for an ambitious government-wide smart card identity credential initiative designed to shore up the security of federal networks and facilities.
The most recent deadline passed on Oct. 27. By then, agencies were supposed to have finished issuing new Personal Identity Verification (PIV) smart cards to all their employees and contractors under a 2004 presidential directive, Homeland Security Presidential Directive-12 (HSPD-12).
Of the more than 5.5 million federal employees and contractors who were supposed to have been issued PIV cards by that date, less than 1.6 million -- or 29% -- actually did get them, according to numbers by the Office of Management and Budget (OMB), which is overseeing the effort.
HSPD-12 is an unfunded mandate that calls for a government-wide standard for identifying federal employees and contractors. It mandates comprehensive background checks of all government employees and requires the use of a common identification credential (PIV smart cards) for access to government computer systems and facilities.
The cards are based on a standard developed by the National Institute of Standards and Technology (NIST) and are required to be interoperable across government, meaning a PIV card issued by one agency can be read and verified by another agency's authentication systems.
Under the multiphased rollout, federal agencies were required to have implemented a background check process and started issuing cards by end of October 2006, finished issuing the cards in October 2007 to all employees with less than 15 years service and have completed the roll out this year. However, as with this time, federal agencies have missed previous deadlines by wide margins.
Not all agencies' progress on implementation is equal. Agencies identified by the OMB as making the most progress were the Departments of Defense, Labor and State, the Social Security Administration and NASA. As of Oct. 27 of this year, the State Department had issued cards to about 21,500 of its more than 27,700 employees and contractors. Similarly, about 1.2 million of the DoD's total of nearly 3.8 million employees and contractors had been issued PIV cards by that date, while the SSA had issued it to more than 70,000 of its 86,000 or so individuals.
In contrast, the U.S. Department of Homeland Security had issued the cards to just 1,200 of its over 255,000 employees and contractors while the Veterans Administration had rolled it out to barely 6,000 of over 450,000 individuals who are required to have the cards. Many agencies have yet to finish even their background check process, which in HSPD-12-speak is called the National Agency Check and Inquiries (NACI) process.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
