According to a draft memo obtained by Federal News Radio, the DHS is giving agencies just two months to implement a six-year old mandate to issue credentials that can be used for identification across agencies. The memo is expected to be sent out shortly, according to the report.
Homeland Security Presidential Directive-12 (HSPD-12), issued Aug. 27, 2004, requires that a “government-wide standard for secure and reliable forms of identification” be issued by the federal government to its employees and contractors.
Most agencies have already implemented the secure ID, according to the draft memo. But those agencies that are lagging now have only two months to catch up.
“As of September 2010, agencies reported that approximately 4.9 million out of 5.8 million federal employees and contractors have completed background investigations, and 4.3 million have [HSPD-12] credentials,” wrote Greg Schaffer, DHS's assistant secretary for cybersecurity and communications in the draft memo. “With the majority of the federal workforce now in possession of the credentials, agencies are in a position to aggressively step up their efforts to use the electronic capabilities of the credentials.”
The DHS and General Services Administration (GSA) are partnering to implement the secure ID program, called the Federal Identity, Credential and Access Roadmap and Implementation Guidance (ICAM).
"This includes a DHS partnership with the GSA Public Building Service to ensure implementation of physical access requirements for federal buildings, under PBS's purview, are implemented in accordance with the Federal Security Level Determinations for Federal Facilities – an Interagency Security Committee Standard and NIST guidelines," Schaffer wrote in the memo.
Agency plans must include a strategy to ensure that all new systems under development use HSPD-12 credentials prior to being made operational, the memo said.
Starting in fiscal 2012, existing physical and logical access control systems must be upgraded to use the secure ID cards prior to the agency using funding for further development or technology refresh, the memo said.
In addition, all procurements for products and services for facility and system access control must meet HSPD-12 standards and the Federal Acquisition Regulations to ensure interoperability. And agencies will accept and electronically verify secure ID cards issued by other agencies, according to the draft memo.