Topics:
IG: SEC has 'deficiencies in nearly every aspect' of HSPD-12 implementation
Compliance at the Securities and Exchange Commission with a governmentwide mandate to issue employees and contractors smart identity cards has been lacking, finds the SEC inspector general.
In a report dated March 31, auditors found "deficiencies in nearly every aspect" of SEC implementation for the mandate, instigated by Homeland Security Presidential Directive-12, signed by President George W. Bush in 2004.
The SEC has missed virtually every deadline imposed by Office of Management and Budget HSPD-12 guidance, the report says, including the one that required new employees and contractors to receive HSPD-12 cards after going through a background check starting by Oct. 27, 2005. Only in April 2010 did the SEC start doing that, the report says--and as of Dec. 31, 2010, it had yet to complete required background checks on 1,263 existing employees.
As for completing background check on existing contractors, "SEC is currently unable to determine the actual number of contractors who are employed by the SEC," the report states.
Auditors also say that SEC field offices generally aren't registering the HSPD-12 cards to the extent that employees and contractors do receive them into their physical access control systems. Only 37 percent of regional offices say that employee badges are enrolled in the physical access system and only 46 percent say that contractor badges are enrolled, the report states.
The report also criticizes the SEC for having granted 26 employees access to classified information without having gained authority from the office of the director of national intelligence to do so. Executive Order 13467 (.pdf), signed by Bush on Oct. 1, 2008, tasks the ODNI with making determination of whether agency security policies are sufficiently robust to grant clearance--but the SEC's office of executive director told auditors they never heard of the executive order.
For more:
- download the report, No. 481 (.pdf)
Related Articles:
SEC slow with patch management, says IG report
VA drops HSPD-12 ball
Schapiro: The SEC will never match private sector tech
Comments