News

The HSPD12 Access Control Race

The clock is ticking on federal agencies to comply with a Bush directive to overhaul access control for millions of workers

By Al Sacco, Al Sacco

January 01, 2006CSO

In August 2004, President Bush issued Homeland Security Presidential Directive-12 (HSPD-12), which requires federal agencies to set up one identification system for all staff and contractors who have access to sensitive facilities or information. The move to stiffen access control for several million people who work for the U.S. government and its contractorspart of post-9/11 efforts to beef up security at federal installationshas set off a scramble by 2 dozen agencies seeking to comply by October's deadline.

The directive means that the agencies need to reassess the way they check worker backgrounds and issue IDs, and then tailor those checks to comply with a new set of criteria that the National Institute of Standards and Technology issued last February.

Those criteria, called the Federal Information Processing Standard, specify that agencies must initiate in-depth background checks for all new and existing employees with access to sensitive information; that new ID cards must include biometric measures such as an iris scan or fingerprint; that such personal information must be encrypted to ensure employees' privacy; and that new equipment is installed and in place by Oct. 27, 2006.

Alex Conant, White House Office of Management and Budget spokesman, says all 24 agencies met an interim deadline last October to modify the way they checked workers' backgrounds and issued IDs.

That was the easy part. The real test will be this October. Picture a sea of new badges and myriad doorway checks, and you've got an interesting Monday morning on Oct. 30 at federal sites around the nation.

Countdown to New IDs

President Bushs directive for access control systems gave federal agencies two years to implement them. A timeline:

Feb. 25, 2005: The National Institute of Standards and Technology issued identification standard. Approved by Commerce Department.

Oct. 27, 2005: Agencies modified ID proofing processes to comply with new standard.

Oct. 27, 2006: Agencies must implement new systems and issue new ID cards.

Consultant Jim Ganthier, global director of defense, intelligence and public safety solutions at Hewlett-Packard, notes that many agencies are working on assessments of their access control procedures, "so they're not surprised later or, more important, so they don't end up with a technological dead end." Ganthier adds that those agencies that have to rip and replace their systems face big hurdles.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Learn how the new Quad-Core AMD Opteron™ processor improves performance

IDC Defines an Identity and Access Management Submarket

Welcome to the age of Service-Oriented Security (SOS)

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Using Likewise to Comply with PCI Data Security Standard

Enabling Compliance with Converged Mainframe Security and Storage

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Rolling the dice with your security? Take the Self-Assessment Test now

Digital Identity Protection and Data Security Get Personal

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

The Case for Business Software Assurance ~ Securing Your Applications