Fed IT security executives struggle with HSPD-12 planning

Government security managers are having trouble preparing to comply with Homeland Security Presidential Directive 12, according to an independent survey Input released today.

The survey states that nearly half of the federal executives overseeing information technology security do not have a plan for adopting Personal Identity Verification (PIV) as directed by HSPD-12. CA commissioned the survey.

Nearly half of the respondents also expressed confusion with the Office of Management and Budget's guidelines for compliance.

“Federal IT security executives cite a noticeable lack of guidance as to how to actually define success with the compliance efforts and how funding and budgetary issues would be addressed,” said Bruce Brody, vice president of information security at Input. He noted that 37 percent of the respondents also did not believe or are unsure that OMB will stick with the Oct. 27 deadline.

Lack of standardization hampers efforts to adopt interoperable PIV cards. More than half of the respondents said they had seven or more physical access systems. Those systems must be whittled down to one to ensure standardized card access for workers, something agencies are struggling to do.

Although many managers have difficulty understanding HSPD-12 guidelines, 74 percent said they had created task forces to handle the upcoming deadline, a statistic that Brody believes shows that agencies take PIV cards -- and the compliance deadline -- seriously.

“Agencies are clearly struggling with HSPD-12 compliance,” said Christopher Michael, federal technology strategist at CA. “This compliance deadline, however, does present an opportunity for agencies to address their larger identity management issues and thereby improve the speed and efficiency with which they manage their growing user base.”