Surveys: HSPD-12 plans lag
Feds, industry have their doubts about meeting deadline
- By Jason Miller
- Jul 06, 2006
Two recent surveys signaled just how much agencies and vendors are struggling to implement Homeland Security Presidential Directive-12.
The biggest area of trouble identified by federal IT security executives and systems integrators was physical-access control.
In a survey of federal IT security executives released recently by CA of Islandia, N.Y., 56 percent said they had seven or more physical-access control systems, and 58 percent said their agencies had yet to make a decision on whether to standardize these systems.
In another survey of 44 systems integrators, conducted by RSA Security Inc. of Bedford, Mass., 59 percent said lack of interoperability in physical and logical access was the most significant challenge.
The Office of Management and Budget, through its Executive Steering Committee, is working to solve the issue through a set of standards. The ESC also is trying to set up a nationwide network of providers for registration and enrollment.
While final details of the enrollment still are to be worked out, many agency executives still are confused about the mandate, according to the CA survey, which was released in collaboration with market research firm Input of Reston, Va.
'There appears to be considerable confusion in the industry, as 46 percent of survey respondents do not feel that OMB is providing enough clarity for HSPD-12 compliance,' said Bruce Brody, vice president, information security at Input.
'Federal IT security executives cite a noticeable lack of guidance as to how to actually define success with the compliance efforts and how funding and budgetary issues would be addressed,' Brody said. 'There is even more gray area with regards to the deadline itself, since 37 percent of respondents either do not believe or are unsure that OMB will hold fast to the HSPD-12 compliance deadline.'
OMB has set a deadline of Oct. 27 for agencies to begin issuing cards that meet the Personal Identification Verification II standards.
RSA also found that integrators believe OMB will push back the deadline. Its survey said 77 percent feel an extension is needed, while 70 percent said agencies do not have migration plans in place to move to PIV II standards.
'One of the things that stuck out to me, and throughout the HSPD-12 process, is the funding issue,' said Shannon Kellogg, director of government and industry affairs at RSA Security. 'It was interesting that only 18 percent of the systems integrators identified funding at agencies for this initiative. I also found it striking that 48 percent said that they have not been able to identify agency funding. OMB says agencies must find funding. This is a directive they are expected to comply with, and to a certain degree there should be some level of funding identified.'
Both surveys did find that agencies say HSPD-12 is a high- or a mid-level priority. Computer Associates' survey found 74 percent of the agencies said they established an HSPD-12 task force, while RSA's systems integrators said about 80 percent treated this as a high- or mid-level priority.