HSPD 12 Compliance Causes In-Depth Security Strategy Examination

U.S. officials are looking beyond existing access control and employee identification systems for HSPD 12.

As the Oct. 27 compliance deadline for HSPD 12, the government’s identity standard initiative, bears down on U.S. agencies, officials are looking beyond existing access control and employee identification systems, Security Director News reports.

According to the article, government agencies and departments are finding that compliance with HSPD 12, which requires a smart card-enabled credential that will grant federal employees and contractors access to all federal facilities and networks, is forcing them to look at the non-technical side of their security operations as well.

Officials at the Department of Health and Human Services (DHHS) had to rethink their own background screening processes and fine-tune non-equipment-related issues in order to prepare the department’s 4,400 buildings and more than 68,000 employees for the new standards, the article reports.

This included clarifying the level of background checks necessary for each position so screening wouldn’t be duplicated, migrating to an electronic fingerprint and background application for government clearance, and starting a training program that will school human resource and contracting officers on how to classify the sensitivity of different positions within the agency, Security Director News reports.

"Our intent was to build a foundation so the house wouldn’t crumble once we implemented the technology side," Mario Morales, director of the HSPD 12 program office for DHHS, told Security Director News.

The DHHS includes the Food and Drug Administration, Centers for Medicare and Medicaid Services and the National Institutes of Health, and has more than 100 different cards in use.

"In attacking the problem, we also had to figure how to be interoperable amongst ourselves," Morales told Security Director News.

The article states that the agency has also developed a technological solution to the HSPD 12’s common platform. It has a tri-interface reader that allows for a temporary, but compliant solution.

For an in-depth examination of HSPD 12, read HSPD12: The United States of Access Control and How HSPD 12 Works on CSOonline.

Copyright © 2006 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline