Network access continues to be elusive use of HSPD-12 cards


Most major federal agencies have issued to a majority of employees the personal identity verification smartcards required by the 2004 Homeland Security Presidential Directive 12, but their utilization for network access remains mostly an exception.

As of the first quarter of fiscal 2013 (October through December 2012), only the departments of Defense and Health and Human Services, plus the General Services Administration, have a majority of employees carrying the cards and utilizing them for logical access.

That's according to a White House update of agency cybersecurity efforts posted (.pdf) online; cybersecurity is one of the cross-agency priority goals identified by the Office of Management and Budget in February 2012.

The update also says that 19 agencies have met a target goal of 80 percent consolidation of external network connects required under the Trusted Internet Connection effort, and 15 of those have achieved 95 percent consolidation.

Version 2 of the TIC architecture requires agencies to deploy EINSTEIN 2, a real-time intrusion detection system that scans Internet traffic to and from federal agencies for malware signatures, and also to make network changes to support Internet protocol version 6.

TIC capability scores "dropped slightly as federal agencies move from the 51 security requirements of TIC 1.0 to the 76 requirements of TIC 2.0," the update states.

For more:
- download the report, "Cross Agency Priority Goal: Cybersecurity FY2013 Q1 Status Update" (.pdf)

Related Articles:
IRS two-factor authentication system nearly 2 years behind schedule, finds TIGTA
DOE cites cost concerns in not fully meeting HSPD-12 mandate
Obstacles forestall HSPD-12 cards in logical access
DHS continuous monitoring can't automatically track devices or connections