http://www.fips201.com/articles/2008/07/15/dod-not-complying-with-hspd-12 en-us 40 <p>An audit by the U.S. Department of Defense’s Inspector General’s office shows that the agency is not complying the HSPD-12 and FIPS 201. The White House Office of Management and Budget and the President’s Council on Integrity and Efficiency requested the audit. </p> <p>The report shows that the DOD is lacking in six specific areas with its credentialing project. These include:</p> <ul> <li><p>Failing to meet government-wide milestones for completing background checks.</p></li> <li><p>Staff at stations that issue the Common Access Card cannot electronically verify whether card applicants have initiated or completed a National Agency Check with Written Inquiries.</p></li> <li><p>DOD displays full Social Security number on the Geneva Conventions credential, increasing the risk of identity theft. </p></li> <li><p>Purchasing equipment that is not compliant with HSPD-12.</p></li> <li><p>Using bar code technology on the Defense Biometric Identification System credential that is not equivalent to mandatory HSPD-12 security features. </p></li> <li><p>DOD’s current PIV credential does not meet interoperability requirements.</p></li> </ul> <p>The Inspector General recommends that the DOD issue HSPD-12 implementation guidance within 90 days; revise and update DOD Directives and Instructions to incorporate FIPS requirements; and submit proposed end-state PIV credential to GSA for conformance testing. </p> <p>The Inspector General is requesting comments on the final report by July 30, 2008.</p> <p>The full 90-page report can be downloaded <a href="http://www.dodig.mil/Audit/reports/fy08/08-104.pdf">here</a>.</p> Tue, 15 Jul 2008 09:26:00 -0400 urn:uuid:784059e9-6cba-4df7-9f7e-294be224afd9 FIPS 201 Administrator http://www.fips201.com/articles/2008/07/15/dod-not-complying-with-hspd-12 News