DoD Implementation of Homeland Security Presidential Directive-12

2008 
Abstract : We performed the audit in response to a request from the Office of Management and Budget that the President's Council on Integrity and Efficiency review agency processes and help ensure they are consistent with HSPD-12 and FIPS 201-1. We evaluated DoD business processes to determine whether they comply with directives and standards to develop secure and reliable Personal Identity Verification (PIV) credentials. DoD is not complying with HSPD-12 requirements, has not issued comprehensive HSPD-12 implementation guidance to DoD Components, and has not met HSPD-12 implementation milestones. DoD policy on physical access controls needs to be updated to comply with HSPD-12 policy objectives. Specific examples follow. DoD did not meet Government-wide milestones for completing background checks. Personnel at stations that issue the Common Access Card cannot electronically verify whether card applicants have initiated or completed a National Agency Check with Written Inquiries. DoD displays the full Social Security number on the Geneva Conventions credential, increasing the risk of identity theft. Components are purchasing equipment that is not compliant with HSPD-12. DoD is using barcode technology on the Defense Biometric Identification System credential that is not equivalent to mandatory HSPD-12 security features. DoD's current PIV credential does not meet interoperability requirements and needs to be updated.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    0
    References
    0
    Citations
    NaN
    KQI
    []