Access Management , Identity & Access Management

IG: DHS Too Slow in Identification Credentialing

Department Years Behind in Complying with Presidential Directive
IG: DHS Too Slow in Identification Credentialing
Twitter Follow on Twitter

The Department of Homeland Security has fallen years behind in issuing reliable identification credentials for federal employees and contractors as ordered by a directive signed 5½ years ago by President Bush, the DHS inspector general said in a report made public Wednesday.

The government uses the credentials to determine employee and contractor access to federal facilities and computers.

As of Sept. 22, only 15,567, or 6 percent, of some 250,000 department employees and contractors, had been issued identity credentials. Homeland Security Presidential Directive 12, or HSPD-12, and an Office of Management and Budget memorandum required that all credentials be issued by Oct. 27, 2008.

The IG blamed DHS's tardiness on weak program management, insufficient funding and resources and a change in its implementation strategy. In addition, the IG report said, DHS faces significant challenges in meeting the directive's requirements for access to information systems. "System security and account management controls are not effective in protecting personally identifiable information collected and stored from unauthorized access," the 48-page report said. "Existing security issues must be addressed to allow for the deployment of a robust, efficient and secure interoperable identity card and issuance system department-wide."

The IG made 15 recommendations to DHS's chief security officer, in conjunction with its chief information officer. DHS management concurred with the recommendations and has begun to take the actions to implement them, the IG said.

According to the IG, a wide range of mechanisms traditionally has been employed to authenticate an individual's identity, using various classes of credentials for physical access to buildings and authorization to access computers and data. HSPD-12 established the policy for a common standard for identification credentials issued by government departments and agencies to its employees and contractors.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.