Federal agencies will have until March 31 to have in place a standard secure ID that can be used across agencies, as required by the Homeland Security Presidential Directive-12, according to a draft Department of Homeland Security (DHS) memo.
DHS is giving agencies two months to implement a six-year old mandate to issue credentials that can be used for identification across agencies. The memo is expected to be sent out shortly, says an AP report.
Homeland Security Presidential Directive-12 (HSPD-12), issued Aug. 27, 2004, requires that a “government-wide standard for secure and reliable forms of identification” be issued by the federal government to its employees and contractors.
Most agencies have already implemented the secure ID, but those agencies that are lagging now have only two months to catch up.
“As of September 2010, agencies reported that approximately 4.9 million out of 5.8 million federal employees and contractors have completed background investigations, and 4.3 million have [HSPD-12] credentials,” wrote Greg Schaffer, DHS's assistant secretary for cybersecurity and communications in the draft memo. “With the majority of the federal workforce now in possession of the credentials, agencies are in a position to aggressively step up their efforts to use the electronic capabilities of the credentials.”
The DHS and General Services Administration (GSA) are partnering to implement the secure ID program, called the Federal Identity, Credential and Access Roadmap and Implementation Guidance (ICAM).
"This includes a DHS partnership with the GSA Public Building Service to ensure implementation of physical access requirements for federal buildings, under PBS's purview, are implemented in accordance with the Federal Security Level Determinations for Federal Facilities – an Interagency Security Committee Standard and NIST guidelines," Schaffer wrote in the memo.
Agency plans must include a strategy to ensure that all new systems under development use HSPD-12 credentials prior to being made operational, the memo said.
Starting in fiscal 2012, existing physical and logical access control systems must be upgraded to use the secure ID cards prior to the agency using funding for further development or technology refresh, the memo said.
In addition, all procurements for products and services for facility and system access control must meet HSPD-12 standards and the Federal Acquisition Regulations to ensure interoperability. And agencies will accept and electronically verify secure ID cards issued by other agencies.