Newsletter Sign-Up

Receive the latest technology news and information.

Federal agencies miss smart card ID deadlines by wide margin

2004 presidential directive has resulted in only 29% of federal employees and contractors receiving cards, OMB says

By Jaikumar Vijayan

November 6, 2008 12:00 PM ET

Top Stories

Computerworld - Federal agencies continue to miss by a wide margin the implementation deadlines for an ambitious government-wide smart card identity credential initiative designed to shore up the security of federal networks and facilities.

The most recent deadline passed on Oct. 27. By then, agencies were supposed to have finished issuing new Personal Identity Verification (PIV) smart cards to all their employees and contractors under a 2004 presidential directive, Homeland Security Presidential Directive-12 (HSPD-12).

Of the more than 5.5 million federal employees and contractors who were supposed to have been issued PIV cards by that date, less than 1.6 million -- or 29% -- actually did get them, according to numbers by the Office of Management and Budget (OMB), which is overseeing the effort.

HSPD-12 is an unfunded mandate that calls for a government-wide standard for identifying federal employees and contractors. It mandates comprehensive background checks of all government employees and requires the use of a common identification credential (PIV smart cards) for access to government computer systems and facilities.

The cards are based on a standard developed by the National Institute of Standards and Technology (NIST) and are required to be interoperable across government, meaning a PIV card issued by one agency can be read and verified by another agency's authentication systems.

Under the multiphased rollout, federal agencies were required to have implemented a background check process and started issuing cards by end of October 2006, finished issuing the cards in October 2007 to all employees with less than 15 years service and have completed the roll out this year. However, as with this time, federal agencies have missed previous deadlines by wide margins.

Not all agencies' progress on implementation is equal. Agencies identified by the OMB as making the most progress were the Departments of Defense, Labor and State, the Social Security Administration and NASA. As of Oct. 27 of this year, the State Department had issued cards to about 21,500 of its more than 27,700 employees and contractors. Similarly, about 1.2 million of the DoD's total of nearly 3.8 million employees and contractors had been issued PIV cards by that date, while the SSA had issued it to more than 70,000 of its 86,000 or so individuals.

In contrast, the U.S. Department of Homeland Security had issued the cards to just 1,200 of its over 255,000 employees and contractors while the Veterans Administration had rolled it out to barely 6,000 of over 450,000 individuals who are required to have the cards. Many agencies have yet to finish even their background check process, which in HSPD-12-speak is called the National Agency Check and Inquiries (NACI) process.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

ID

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

1 comments | Add new

See all comments (1) | Add new

White Papers & Webcasts

Enterprise 2.0 Applications - Block or Not?
Learn what your organization should do to control Enterprise 2.0 Applications.

Data in Action: Making the Planet Smarter
Register Now

Product Overview Brochure
Learn how to deliver secure data and applications wherever and whenever they're needed.

Hosted Security Services: Why it make budget and security sense in today's economy
Watch Now

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

All White Papers | All Webcasts

Computerworld Reports

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

8 Questions To Ask About Your Intrusion-Security Solution

All Computerworld Reports

Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.