Online and Digital Identification, Securing Web 2.0, PKI and Digital Certificates

NASA's PIV project didn't meet fed rules

Wednesday, June 3, 2009

NASA’s Office of Inspector General released a report stating that the agency didn’t fully comply with federal regulations for the issuance of PIV credentials.

As of January, NASA had issued more than 70,000 credentials to staff and contractors, more than 98% of the PIV cards NASA planned to issue. The problem is the credential issuer had not been accredited because NASA did not fully comply with federal guidance.

If NASA’s PIV issuer reveals that the problems still exits the agency could be required to stop issuing credentials and reissue other cards at a minimum of a $1 million cost.

“NASA’s noncompliance with Federal guidance resulted from the lack of a project management plan for the Agency’s transition to HSPD-12 compliant cards. For example, NASA did not establish an implementation office to plan and coordinate project integration until July 2006–two years after HSPD-12 was signed and three months before the deadline for agencies to begin issuing HSPD-12 compliant identity cards,” the report states.

NASA also didn’t comply with its policy on incorporating new requirements into ongoing projects nor conduct a gap analysis to ensure that the ongoing common badging and access control projects incorporated HSPD-12 requirements. “In an effort to meet established deadlines, NASA implemented processes and systems that had not been adequately planned and, as a result, developed the system for producing PIV cards but did not complete the accreditation process for ensuring that the system subcomponents met Federal requirements for HSPD-12.”

There were also problems with the controls in the issuance process. NASA had one individual sponsoring and authorizing employees PIV cards, going against federal requirements, the report states. This issues has been resolved and two individuals are now performing this task.

There were also no audit trails put in place for the issuance process. “If the deficiencies identified are not corrected, the risk of NASA issuing PIV cards to individuals who have no legitimate need to access NASA’s facilities or systems could be increased.”

The full report can be downloaded here[end] 

Related Articles
Identity management and the law

Shifting focus from technology to legal ramifications of identity

In the area of identity management there has been significant work related to the technical exchange of identity information and the actual authentication processes. There has not, however, been a focused look at the legal issues, particularly those that would hold parties responsible for not properly identifying and authenticating users or customers.

read more »
Lieberman Software helps companies meet regulations

Lieberman Software helps companies with privileged identity management, handing access to root and administrative accounts. “Essentially the keys to the kingdom,” says Philip Lieberman, president and CEO at Lieberman Software.

read more »
SecuGen releases biometric scanner and card reader in-one solution

SecuGen, a developer of biometric technology solutions, has announced the availability of its SecuGen iD-USB SC/PIV, a USB-connectible device that is capable of scanning fingerprints and smart cards and is FIPS 201/PIV compliant.

read more »
CEA-Leti demonstrates new communication technology for smart cards

French researcher CEA-Leti announced that it has demonstrated a contactless, high-speed interface for smart cards. Leti has created a prototype of a complete phase modulation system, a reader and a card, that now achieves speeds of 6.8 Mbit/s. Phase modulation’s spectral characteristics are superior to those of amplitude modulation, allowing considerably higher speeds than the current limit of 848 Kbit/s.

read more »
HID extends iCLASS to printers

HID Global announced an extension of its secure access and identification solutions to secure print authentication. The company is partnering with multi-function printer manufacturers and their application partners to develop secure print authentication solutions that enable HID Global customers to use iClass credentials on printers to reduce print costs and increase security and compliance.

read more »
MTA pilots GPS tracking on city buses

New York’s MTA is piloting GPS tracking technology on city buses, allowing passengers to receive updates on their bus’ status via mobile phone or at the bus stop, according to nyunews.com.

read more »

Copyright © 2010, AVISIAN, Inc. All rights reserved.