GAO: OMB should move on HSPD-12

Government auditors blamed today the Office of Management and Budget for the limited issuance of secure identification cards across the federal government and the failure of agencies to begin using the smart cards’ electronic security features. Auditors told the House Oversight and Government Reform Committee’s Government Management, Organization and Procurement Subcommittee that OMB should focus on how agencies will use and read ID cards that comply with Homeland Security Presidential Directive 12 rather than just their distribution.Bush administration officials said there had been a marked increase in the number of cards that agencies have issued in recent months and that the point of HSPD-12, the directive requiring card issuance, was to lay a security foundation across the federal government.Only 3 percent of federal employees and contractors have received smart ID cards that agencies are required to issue to employees and contractors, according to OMB.Linda Koontz, director of Information Management Issues at the Government Accountability Office, said using the cards only as ID cards for visual inspection is wasteful and limits the security benefits.GAO said none of the federal agencies that it surveyed had met the October 2007 deadline for issuing cards to employees and contractors who had been with the agency for 15 years or less. Koontz said that since such few cards had been issued, there was an opportunity to correct business processes.“The whole issue of building the underlying security systems that allow you to put to use the electronic capabilities of the card is the foundation that we are talking about…and we need to put more emphasis on that rather than just emphasizing the issuance of the cards especially in the cases where we are not bringing to use the electronic capabilities,” Koontz said. However, Karen Evans, OMB’s administrator for e-government and information technology, said it was important to focus on the way that HSPD-12 implementation fits into the larger strategy of securing federal identification and information systems. She added that OMB had been working with agencies to help them craft implementation policies.“What’s really important about HSPD-12 is getting a common business practice so that when Department of Commerce issues a credential that DOD has trust in that credential,” she said. The auditors said HSPD-12 had improved federal security by increasing the percentage of employees who had undergone background investigations. According to OMB, as of March 1, 2.5 million employees, including military personnel, had undergone background investigations — or 59 percent of employees. More than 500,000 contractors, or 42 percent, had completed background investigations.