Secure ID Deadline is March 31

February 7, 2011

Federal agencies will have until March 31 to have in place a standard secure ID that can be used across agencies, as required by the Homeland Security Presidential Directive-12, according to a draft Department of Homeland Security (DHS) memo.

DHS is giving agencies two months to implement a six-year old mandate to issue credentials that can be used for identification across agencies. The memo is expected to be sent out shortly, says an AP report.

Homeland Security Presidential Directive-12 (HSPD-12), issued Aug. 27, 2004, requires that a “government-wide standard for secure and reliable forms of identification” be issued by the federal government to its employees and contractors.

Most agencies have already implemented the secure ID, but those agencies that are lagging now have only two months to catch up.

“As of September 2010, agencies reported that approximately 4.9 million out of 5.8 million federal employees and contractors have completed background investigations, and 4.3 million have [HSPD-12] credentials,” wrote Greg Schaffer, DHS's assistant secretary for cybersecurity and communications in the draft memo. “With the majority of the federal workforce now in possession of the credentials, agencies are in a position to aggressively step up their efforts to use the electronic capabilities of the credentials.”

The DHS and General Services Administration (GSA) are partnering to implement the secure ID program, called the Federal Identity, Credential and Access Roadmap and Implementation Guidance (ICAM).

"This includes a DHS partnership with the GSA Public Building Service to ensure implementation of physical access requirements for federal buildings, under PBS's purview, are implemented in accordance with the Federal Security Level Determinations for Federal Facilities – an Interagency Security Committee Standard and NIST guidelines," Schaffer wrote in the memo.

Agency plans must include a strategy to ensure that all new systems under development use HSPD-12 credentials prior to being made operational, the memo said.

Starting in fiscal 2012, existing physical and logical access control systems must be upgraded to use the secure ID cards prior to the agency using funding for further development or technology refresh, the memo said.

In addition, all procurements for products and services for facility and system access control must meet HSPD-12 standards and the Federal Acquisition Regulations to ensure interoperability. And agencies will accept and electronically verify secure ID cards issued by other agencies.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Secure ID Deadline is March 31

Related Articles

Related Products

Related Events

Report Abusive Comment