NIST proposes relaxed security checks for interim credentials under HSPD-12
- By Jason Miller
- Sep 09, 2005
Agencies preparing to implement the first phase of Homeland Security Presidential Directive 12
may receive a bit of reprieve in how many security checks personnel must undergo before receiving credentials.
The National Institute of Standards and Technology last week issued a proposed revision
to the Federal Information Processing Standard 201 Personal Identity Verification I (PIV 1) that will let agencies issue interim credential to employees after they submit to an FBI fingerprint check and have been vetted against various terrorist and criminal watch lists.
Agencies have until Oct. 27 to comply with PIV I, which outlines how agencies should implement standards for issuing and registering employee and contractor identity cards. In July, NIST issued guidelines
to help agencies verify that organizations issuing new governmentwide identification cards are meeting the new standards.
Agencies have until Oct. 26, 2006, to start implementing PIV II, which requires issuing credentials using the new standards and having interoperable systems. PIV II must be completed by Oct. 27, 2007, the Office of Management and Budget said in a recent memo
Previously in PIV I, NIST required all agency personnel to go through the full set of five National Agency Checks before receiving a credential, a NIST official said.
'The checks still must be completed, but this allows some to work with one check,' according to the official, who requested anonymity.
The proposed changes also would require employees to appear in person once before the agency organization that issues the credential and provide two forms of identification.
NIST also is proposing to change the way interim-approved employees are tracked in systems versus employees who have been fully vetted. The official said there will be an indicator stored in one of the fields on the card that will indicate whether the person is interim or fully cleared.
The proposed changes to PIV I were first outlined in the OMB memo. NIST will accept comments until Oct. 2.