Online and Digital Identification, Securing Web 2.0, PKI and Digital Certificates

NASA's PIV project didn't meet fed rules

Wednesday, June 3, 2009

NASA’s Office of Inspector General released a report stating that the agency didn’t fully comply with federal regulations for the issuance of PIV credentials.

As of January, NASA had issued more than 70,000 credentials to staff and contractors, more than 98% of the PIV cards NASA planned to issue. The problem is the credential issuer had not been accredited because NASA did not fully comply with federal guidance.

If NASA’s PIV issuer reveals that the problems still exits the agency could be required to stop issuing credentials and reissue other cards at a minimum of a $1 million cost.

“NASA’s noncompliance with Federal guidance resulted from the lack of a project management plan for the Agency’s transition to HSPD-12 compliant cards. For example, NASA did not establish an implementation office to plan and coordinate project integration until July 2006–two years after HSPD-12 was signed and three months before the deadline for agencies to begin issuing HSPD-12 compliant identity cards,” the report states.

NASA also didn’t comply with its policy on incorporating new requirements into ongoing projects nor conduct a gap analysis to ensure that the ongoing common badging and access control projects incorporated HSPD-12 requirements. “In an effort to meet established deadlines, NASA implemented processes and systems that had not been adequately planned and, as a result, developed the system for producing PIV cards but did not complete the accreditation process for ensuring that the system subcomponents met Federal requirements for HSPD-12.”

There were also problems with the controls in the issuance process. NASA had one individual sponsoring and authorizing employees PIV cards, going against federal requirements, the report states. This issues has been resolved and two individuals are now performing this task.

There were also no audit trails put in place for the issuance process. “If the deficiencies identified are not corrected, the risk of NASA issuing PIV cards to individuals who have no legitimate need to access NASA’s facilities or systems could be increased.”

The full report can be downloaded here[end] 

Related Articles
BioP@ss project speeds up passport control

The BioP@ss project, a program funded through the EUREKA micro-electronics cluster MEDEA+, has been working on a way to speed up passport control at European airports. As reported on PhysOrg.com, digital security specialists, European electronics makers and biometrics experts have been working together on this new technology to meet the air travel security standards for 2014.

read more »
DARPA working towards new internal biometric authentication systems

The U.S. Defense Advanced Research Projects Agency (DARPA) is looking for proposals for research projects that could yield new biometric systems that authenticate users based on their own unique movements or behaviors such as the way they type or move a mouse, according to a ZDNet article.

read more »
Suprema receives final certifications for use in UID

Suprema announced that its RealScan-G10 and RealScan-10 line of fingerprint scanners have received final certification from the Government of India’s Standardization Testing & Quality Certification (STQC) to be part of the country’s Unique ID (UID) project.

read more »
Russian government delays universal card project

Russia has pushed back the launch of its universal eID card to January 2013, reports The Moscow Times.

Originally scheduled to roll out this month, the card is supposed to function as an electronic ID, driver’s license, proof of auto insurance, ATM card and immigration document, along with other possible features.

read more »
All handset makers are readying NFC payments, says MasterCard exec

Ed McLaughlin, MasterCard’s head of Emerging Payments, has some good news for those waiting on NFC-enabled phones for contactless payments.

In an interview with Fast Company, McLaughlin said that he didn’t know of a handset maker who wasn’t working on integrating support for PayPass contactless payments.

read more »
Indian government compromises on biometrics and identity

India’s government has called a truce in the ongoing argument between the Ministry of Home Affairs’s National Population Register (NPR) project and the Unique Identification Authority of India (UIDAI), reports the Indian Express.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.