IG faults Energy Department for not fully implementing HSPD-12

Energy has spent $15 million on implementation over 7 years

Despite seven years of effort and $15 million spent, the Energy Department has not fully implemented the physical and logical access controls required under “HSPD-12,” according to a new report from DOE Inspector General Gregory Friedman.

Energy also has not issued HSPD-12 credentials to many of the 40,000 contractor personnel at its five field sites, the report said.

Two of the field sites, Oak Ridge National Laboratory and the East Tennessee Technology Park, were partially done, and three others had not started yet.

Under HSPD-12 (Homeland Security Presidential Directive-12), federal agencies were required to establish credentialing systems for their workers and contractors for building access and also for access to computers and equipment.

The inspector general also said four of the field sites were failing to provide credentials to contractors who do not hold security clearances, which is contrary to the directive. All together, about 11,000 individuals without security clearances who require routine access to work sites for at least six months had not been issued their credentials as required, Friedman wrote in the report.

Friedman faulted the department for not providing effective guidance.

“We noted what we considered to be a lack of a coordinated approach among programs and sites related to implementation of HSPD-12 requirements,” Friedman wrote. “In particular, we found that guidance provided by management was fragmented and often inadequate to meet the goals of the initiative. In addition, ongoing efforts suffered from a lack of coordination among programs and sites to determine the cost, scope and schedule of work required to implement HSPD-12 requirements. Further, several programs and sites visited had not established budgets in anattempt to obtain funding to support HSPD-12 activities.”

The inspector general offered four recommendations for improvements, and Energy officials agreed with all of them.

However, the DOE managers noted that for certain contractors, such as construction workers restricted to certain areas who do not use data systems, providing an HSPD-12 credential is not cost effective.

The inspector general said while he generally supported that approach for low-risk situations such as this, it would be best to consult with the Office of Management and Budget on any deviations from the rules.

Writing in response to the report, Kenneth Powers, associate administrator for management and budget for the Nuclear Security Administration, noted that HSPD-12 mandate was not fully funded and that has contributed to delays in implementation.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected