HSPD-12: It’s a Big Deal

When President Bush signed Homeland Security Presidential Directive 12 (HSPD-12) in August 2004, he set in a motion a major technological initiative by the federal government to standardize how ID badges are issued and used by federal employees. The goal is to improve security and reduce long-term costs by enabling all federal employees to have ID badges that use secure technology, require a background check, and are interoperable with all other governmental agencies.

As part of HSPD-12, new standards had to be created for the access control equipment to be used. These standards have been developed by the National Institute for Standards and Technology (NIST) and are called the Federal Information Processing Standards 201 (FIPS 201). Under FIPS 201, NIST has set minimum requirements for the Federal Personal Identification Verification (PIV) system (and ID badges will commonly be referred to as PIV cards).

While HSPD-12 was just a grand vision two years ago, today it is getting very close to a reality. In fact, with the upcoming October 27, 2006 deadline for all governmental agencies to start issuing FIP 201-compliant PIV cards, HSPD-12 is all over the news. A lot is happening fast and furious—and if these new government standards trickle down to the private sector as they are eventually expected to, then the changes will impact you, the security dealer integrator.

What's Happening Now

Although the October 27 deadline is important, it is not the final HSPD-12 deadline. Instead, the final deadline for HSPD-12 is still scheduled two years from now on October 27, 2008 for all background checks to be completed. Furthermore, each governmental agency is responsible for itself when it comes to implementing HSPD-12, so is it possible that some agencies are lagging behind or not taking it seriously?

“Every agency and department within the U.S. government is taking this seriously merely as a function of the fact that it is a presidential mandate,” explains Mark Visbal, director of research and technology, the Security Industry Association. “Every agency and department has a plan that was developed under PIV Part 1 (developed and submitted 10/27/05) that it is following to achieve compliance with HSPD-12.”

Beth Thomas, product manager, credentials and readers, Honeywell, agrees that government agencies have been taking HSPD-12 seriously. “Because the execution of FIPS 201 is complex, complying with the technical scope of integration involves concentrated effort,” she says.

“The rollout of program implementation across the federal sector is dependent upon available funding. Sites that had maintenance budgets in place for technology upgrades in 2006 have been purchasing hardware to implement FIPS 201 since the beginning of this year,” she continues.

According to Thomas, the GSA has already selected a badge issuance service provider and the Department of Commerce has requested information to get their own procurement process underway. “At Honeywell, we have been working with our customers at both large and small government facilities on planning system updates that are FIPS 201-ready,” she states.

Private Sector Begins To Follow Suit

Visbal expects the private sector to follow suit with regard to FIPS 201, but they will likely wait for the government to work out the kinks first. “Critical infrastructure (CI) protection will most likely be the proving ground for the application of FIPS 201 to the private sector,” he states. “A major reason for this is that there will be federal monies made available for CI protection (97% of which is in the private sector), as long as the security solutions adhere to established interoperability and performance standards (i.e. FIPS 201).”