Federal agencies have made limited progress in implementing and using Personal Identity Verification (PIV) cards, according to the Government Accountability Office, which also acknowledged much has been accomplished to lay the foundations for implementation of HSPD-12, a new federal standard for secure and reliable forms of ID.

The eight agencies reviewed in a report released today by the GAO -- including the Departments of Agriculture, Commerce, Homeland Security, Housing and Urban Development, the Interior, and Labor; the Nuclear Regulatory Commission; and the National Aeronautics and Space Administration -- have generally completed background checks on most of their employees and contractors and established basic infrastructure, such as purchasing card readers.

However, none of them met the Office of Management and Budget's (OMB) goal of issuing PIV cards by October 27, 2007, to all employees and contractor personnel who had been with the agency for 15 years or less. In addition, for the limited number of cards that have been issued, most agencies have not been using the electronic authentication capabilities on the cards and have not developed implementation plans for those capabilities.

In certain cases, products are not available to support those authentication mechanisms.

A key contributing factor for why agencies have made limited progress is that OMB, which is tasked with ensuring that federal agencies successfully implement HSPD-12, has emphasized issuance of cards, rather than full use of the cards' capabilities.

Federal agencies anticipate having to make substantial financial investments to implement HSPD-12, since PIV cards are considerably more expensive than traditional ID cards. However, OMB has not considered HSPD-12 implementation to be a major new investment and thus has not required agencies to prepare detailed plans regarding how, when, and the extent to which they will implement the electronic authentication mechanisms available through the cards.

While steps have been taken to enable future interoperability, progress has been limited in making current systems interoperate, partly because key procedures and specifications have not yet been developed to enable electronic cross-agency authentication of cardholders, according to the GAO.

However, General Services Administration officials say they have taken the initial steps to develop guidance to help enable the exchange of identity information across agencies, and they plan to complete and issue it by September 2008. Such guidance should help enable agencies to establish cross-agency interoperability-a primary goal of HSPD-12.

 

Tod Newcombe, Editor  |  Editor, Public CIO