Vendors, agencies struggle with HSPD-12
Recent surveys signaled just how much vendors and agencies are struggling to implement Homeland Security Presidential Directive-12.
Two recent surveys signaled just how much vendors and agencies are struggling to implement Homeland Security Presidential Directive-12.
The area most often identified by systems integrators and federal IT security executives as needing attention was physical-access control. In a survey of federal IT security executives released by Computer Associates International Inc. of Islandia, N.Y., 56 percent said they had seven or more physical-access control systems, and 58 percent said their agencies had yet to make a decision on whether to standardize these systems.
Another survey of 44 systems integrators by RSA Security Inc. of Redwood City, Calif., found that 59 percent said lack of interoperability in physical and logical access is the most significant challenge.
The Office of Management and Budget, through its Executive Steering Committee, is working to solve the issue through a set of standards. The ESC also is trying to set up a nationwide network of providers for registration and enrollment.
While final details still are to be worked out, many agency executives still are confused about the mandate, according to the CA survey, which was released in collaboration with Input, a market research firm in Reston, Va.
"There appears to be considerable confusion in the industry, as 46 percent of survey respondents do not feel that OMB is providing enough clarity for HSPD-12 compliance," said Bruce Brody, vice president, information security at Input. "Federal IT security executives cite a noticeable lack of guidance as to how to actually define success with the compliance efforts and how funding and budgetary issues would be addressed. There is even more gray area with regards to the deadline itself, since 37 percent of respondents either do not believe or are unsure that OMB will hold fast to the HSPD-12 compliance deadline."
OMB has set a deadline of Oct. 27 for agencies to begin issuing cards that meet the Personal Identification Verification II standards.
RSA also found that integrators believe that OMB will push back the deadline. Its survey said 77 percent feel an extension is needed, while 70 percent said agencies do not have migration plans in place to move to PIV II standards.
"One of the things that stuck out to me and throughout the HSPD-12 process is the funding issue," said Shannon Kellogg, director of government and industry affairs at RSA Security. "It was interesting that only 18 percent of the systems integrators identified funding at agencies for this initiative. I also found it striking that 48 percent said that they have not been able to identify agency funding. OMB says agencies must find funding. This is a directive they are expected to comply with and to a certain degree there should be some level of funding identified."
Both surveys did find that agencies say HSPD-12 is a high- or a mid-level priority. Computer Associates' survey found 74 percent of the agencies said they established a HSPD-12 task force, while RSA's said found the systems integrators said about 80 percent treated this as a high- or mid-level priority.