Resource and Security Hinder DHS Implementation of Homeland Security Presidential Directive 12
Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, requires the development and agency implementation of a mandatory, government-wide standard for secure and reliable forms of identification for federal employees and contractors. All federal departments and agencies are to implement an HSPD-12 program to meet the standard established by the policy, which aims to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy.
An accurate determination of identity is essential to make sound decisions when granting an individual access to security-sensitive government buildings and other facilities, computer systems, or data. Successful implementation of the directive’s requirements will strengthen access controls, increase the security of federal facilities and information systems, and reduce the potential for terrorist attacks.
Although DHS has established an identification credentialing and issuance process, the department has not made the implementation of an effective HSPD-12 program a priority. The original completion date for the issuance and use of identity credentials by all federal employees and contractors was October 27, 2008. As of September 22, 2009, only 15,567, of the approximately 250,000 department employees and contractors, had been issued identity credentials.
Due to weak program management, including insufficient funding and resources, and a change in its implementation strategy, the department is well behind the deadline for fully implementing an effective HSPD-12 program. In addition, the department faces significant challenges in meeting HSPD-12 directive requirements for logical access to its information systems. Furthermore, system security and account management controls are not effective in protecting personally identifiable information collected and stored from unauthorized access. Existing security issues must be addressed to allow for the deployment of a robust, efficient, and secure interoperable identity card and issuance system department-wide.
We are making 15 recommendations to DHS’ Chief Security Officer, in conjunction with the Chief Information Officer. DHS management.