Making Up For Lost Time

Agencies failed to meet the first deadline for HSPD-12. Now they need to get on the ball.

By Oct, 27, 2007, federal agencies were supposed to complete background checks for employees with 15 years' or less experience and begin issuing new identity cards. None met the deadline.

So now what?

That's the question many agencies are struggling with as they plan for the next deadline. Under Homeland Security Presidential Directive 12, issued in 2004, new identity cards must replace the standard employee flash-card badges by Oct. 27, 2008. The credentials, which include biometric information such as fingerprints, will provide a common identification standard to allow employees and contractors to access federal buildings and computer networks.

The Office of Management and Budget set a number of milestones to drive adoption, but progress has been slow so far. By the 2007 deadline, about 1 percent of the 1.9 million federal employees and 591,358 contractors had been issued cards. That leaves many agencies scrambling.

"Everyone is viewing milestones as the target dates-as if when they hit those dates, they're done," says Karen Evans, administrator of OMB's Office of Electronic Government and Information Technology. "But HSPD-12 activities and implementation are never going to be done. Milestones are just output indicators. Our goal is to get all processes ingrained so agencies can be cranking out credentials on a daily basis. That's what done means."

To get there, agencies first need to evaluate where they stand. As of the October 2007 deadline, 97 percent of federal employees and 79 percent of contractors had completed the required background checks. Much of the holdup in the second piece of the mandate-issuance of cards-was due to technical challenges in integrating with support systems. Those systems must maintain the data and provide interface with enrollment and issuance functions.

Many of the technical issues have since been remedied, Evans says. Still, before any mass production of cards, agencies should ensure that the issuance process is the least disruptive to employees and daily operations. Those steps could vary among agencies.

"Are they using the managed service from GSA or did they grow an issuance process in-house? Are they geographically dispersed or concentrated in relatively few geographic areas? Do they have a program in place to use the cards or will usage come later? The business process has to be well thought out in order to minimize the length of the interaction with each employee," says Robert Brandewie, senior vice president for public sector solutions at ActivIdentity, a Fremont, Calif.-based identity assurance product vendor. As former director of the Pentagon's Defense Manpower Data Center, Brandewie was architect of the Common Access Smart Card system.

So, who stands out as an example for agencies? Aside from the Defense Department, which was able to leverage the infrastructure and processes already in place from its smart card program, Evans says the Labor Department is making the most progress. By the first deadline, more than 60 percent of Labor employees and contractors had been issued cards; that percentage presumably has gone up in the months since, though current numbers have not yet been released.

Labor's success is due largely to a gradual rollout among the 19,000 employees and contractors eligible for credentials, located at 571 facilities in more than 400 cities. The department deployed infrastructure to nine regional centers first, issuing badges to staff within a 10-mile radius, followed by eligible personnel who traveled to the centers on official business, and finally contractors. Labor now is focusing on finishing enrollment and issuance at the national office in Washington as well as integrating the new credential management system with the access control system already in place.

The Education Department also is taking a gradual approach to rolling out HSPD-12. In 2005, the department developed plans for conducting background checks on its 4,452 employees and 1,004 contractors, though technical issues with existing networks slowed progress on issuing cards. For example, the department could not complete the certification and accreditation of the computer systems that would store the data, says Winona Varnon, director of security services at Education. Theoretically, the department could have moved forward without the official mark of approval to avoid delays, but she says, that was never an option-deadline or no deadline.

"Certification and accreditation was time-consuming, but well worth it," Varnon says. "If agencies are housing information, they have to make sure it's accurate and protected." The department juggled funding until all components could be procured, and then had to retrofit and upgrade identity access systems to meet HSPD-12 standards. Other delays occurred in June 2007, when guidelines for the information stored on the cards changed.

Despite such holdups, Education managed to issue cards for nearly all employees and contractors at headquarters, and plans to issue all remaining cards-including 987 for workers in field offices-between January and March 2008. While not quite on schedule, the department has had an easier time handling the challenges because it prioritized groups of employees.

Beyond a gradual approach, agencies need to streamline implementation for the long term.

Procedures should be clear, and involve various offices within the agency. HSPD-12 can't rest solely in the laps of chief information officers. "The major hurdles are no longer [about] technology," Brandewie says. "Planning the logistics of the implementation and involving executive management in both resourcing and guidance that will encourage employees to enroll. This is a challenge that can no longer be limited to involvement of the technology [group]. It must involve other communities, perhaps with a tiger team approach."

Human resources could perform background checks and maintain a central database of employee information, for example, while the procurement group manages logistical support and card purchasing, and the technology office-perhaps with help from industry-oversees integration and upkeep of systems.

The Veterans Affairs Department, for example, tapped EDS to support the implementation and deployment of HSPD-12 cards to more than 200 medical and benefit sites nationwide. EDS also provides training for the VA officials issuing cards, and establishes warehouse, staging and shipping facilities.

"As long as the focus remains on the card issuance, it [will be] much harder for information technology executives to get their arms around all the activities that have to happen to reach the goal," Brandewie says. "We have to move beyond issuance to usage-now."

Of course, no plan will succeed without employee cooperation. Agencies should provide adequate information and respect people's time by making card issuance as painless as possible. Results will improve as the process becomes more ingrained. When Evans first registered for her card, it took more than 30 minutes; now, OMB employees can complete the process in half that time.

"The credibility of this program is going to [depend on] trust from the contractors and employees that the card has meaning," she says. "If you make the process efficient, customer-oriented and convenient, they won't mind. And then they'll ask questions. 'How do I use it? And what's the next step?' "

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.