Surveys: HSPD-12 plans lag

Feds, industry have their doubts about meeting deadline

Progress slow as execs look for clear guidance

In CA's survey:

56% of federal IT executives said they had not implemented an identity and access system.

46% said they do not think OMB is providing sufficiently clear guidance.

74% said their agencies had established an HSPD-12 task force.

In RSA's survey:

77% of integrators said an extension of HSDP-12's Oct. 27 deadline is is needed.

70% said they do not have migration plans for moving to PIV II standards.

Two recent surveys signaled just how much agencies and vendors are struggling to implement Homeland Security Presidential Directive-12.

The biggest area of trouble identified by federal IT security executives and systems integrators was physical-access control.

In a survey of federal IT security executives released recently by CA of Islandia, N.Y., 56 percent said they had seven or more physical-access control systems, and 58 percent said their agencies had yet to make a decision on whether to standardize these systems.

In another survey of 44 systems integrators, conducted by RSA Security Inc. of Bedford, Mass., 59 percent said lack of interoperability in physical and logical access was the most significant challenge.

The Office of Management and Budget, through its Executive Steering Committee, is working to solve the issue through a set of standards. The ESC also is trying to set up a nationwide network of providers for registration and enrollment.

While final details of the enrollment still are to be worked out, many agency executives still are confused about the mandate, according to the CA survey, which was released in collaboration with market research firm Input of Reston, Va.

'There appears to be considerable confusion in the industry, as 46 percent of survey respondents do not feel that OMB is providing enough clarity for HSPD-12 compliance,' said Bruce Brody, vice president, information security at Input.

'Federal IT security executives cite a noticeable lack of guidance as to how to actually define success with the compliance efforts and how funding and budgetary issues would be addressed,' Brody said. 'There is even more gray area with regards to the deadline itself, since 37 percent of respondents either do not believe or are unsure that OMB will hold fast to the HSPD-12 compliance deadline.'

OMB has set a deadline of Oct. 27 for agencies to begin issuing cards that meet the Personal Identification Verification II standards.

RSA also found that integrators believe OMB will push back the deadline. Its survey said 77 percent feel an extension is needed, while 70 percent said agencies do not have migration plans in place to move to PIV II standards.

'One of the things that stuck out to me, and throughout the HSPD-12 process, is the funding issue,' said Shannon Kellogg, director of government and industry affairs at RSA Security. 'It was interesting that only 18 percent of the systems integrators identified funding at agencies for this initiative. I also found it striking that 48 percent said that they have not been able to identify agency funding. OMB says agencies must find funding. This is a directive they are expected to comply with, and to a certain degree there should be some level of funding identified.'

Both surveys did find that agencies say HSPD-12 is a high- or a mid-level priority. Computer Associates' survey found 74 percent of the agencies said they established an HSPD-12 task force, while RSA's systems integrators said about 80 percent treated this as a high- or mid-level priority.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above