Online and Digital Identification, Securing Web 2.0, PKI and Digital Certificates

GAO: PIV usage lacking

Thursday, September 22, 2011

A U.S. Government Accountability Office report states that government agencies are making progress issuing interoperable smarty card credentials to employees and contractors but actual use of the high-tech credential isn’t happening very often.

The GAO looked at how eight agencies were progressing with their used of PIV credentials. The Departments of Agriculture, Commerce, Homeland Security, Housing and Urban Development, the Interior, and Labor; the National Aeronautics and Space Administration and the Nuclear Regulatory Commission have mixed results, the report states.

“Specifically, they have made substantial progress in conducting background investigations on employees and others and in issuing PIV cards, fair progress in using the electronic capabilities of the cards for access to federal facilities and limited progress in using the electronic capabilities of the cards for access to federal information systems,” the report states. “In addition, agencies have made minimal progress in accepting and electronically authenticating cards from other agencies.”

Agencies contribute the delays to a number of obstacles. Many agencies report problems issuing credentials to employees in remote locations. Also, agencies have not always established effective controls for tracking the issuance of credentials to contractor personnel or for revoking those credentials and the access they provide when a contract ends.

The GAO states that PIV-enabled logical and physical access systems haven’t been deployed because they are low priorities. For logical access there is also a lack of procedures for accommodating personnel who don’t have a PIV credentials. A lack of funding has also slowed the use of PIV credentials for both physical and logical access.

Lastly, there has been a trust issue with PIV. “The minimal progress in achieving interoperability among agencies is due in part to insufficient assurance that agencies can trust the credentials issued by other agencies. Without greater agency management commitment to achieving the objectives of HSPD-12, agencies are likely to continue to make mixed progress in using the full capabilities of the credentials,” the report explains.

The full report can be downloaded here[end] 

Related Articles
ImageWare enhances identity management biometrics for points-of-access

Multimodal biometric security provider ImageWare Systems Inc. has released version 2.0 of its Biometric Engine (BE) physical security identification product.

This product is designed for airports, seaports and other critical points-of-access for government and private enterprises. This update takes into account the SAFE Port Act, which requires foreign shippers to secure cargo being shipped to the U.S. and ensure the identity of those loading it. Shippers must manage this by 2013.

read more »
Keyboard, biometric reader GSA approved

Key Source International announced GSA approval for it’s biometric keyboard and stand-alone biometric pod. KSI products are approved under FIPS 201 for Federal Employees and civilian contractors.

read more »
Audio from April 25 IAB meeting online now

The April meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).

read more »
HID’s pivCLASS is GSA approved

HID Global announced that the company’s pivCLASS readers and authentication systems have achieved compliance with the U.S. General Services Administration Evaluation Program for certifying that products meet FIPS 201 federal identity specifications.

read more »

Comments
Be first to comment...
Comment on this article

Your full name and URL will be displayed with your comment.

Your email is not shown or shared, and is used only for your Gravatar image.




characters left.
Copyright © 2012, AVISIAN, Inc. All rights reserved.