“Due to weak program management, including insufficient funding and resources, and a change in its implementation strategy, the department is well behind the deadline for fully implementing an effective HSPD-12 program,” the report states. “In addition, the department faces significant challenges in meeting HSPD-12 directive requirements for logical access to its information systems. Furthermore, system security and account management controls are not effective in protecting personally identifiable information collected and stored from unauthorized access. Existing security issues must be addressed to allow for the deployment of a robust, efficient, and secure interoperable identity card and issuance system department-wide.”

The report makes 15 recommendations for the agency to make in order to get credential issuance on track. Following are some of those recommendations:

• Ensure that the program management office has the staffing and funding necessary to effectively coordinate and oversee the department-wide implementation of HSPD-12.

• Develop a regional implementation plan that includes detailed information about how the program management office will centrally manage the department-wide deployment of its HSPD-12 program. The plan should identify milestone dates and define program measures to track HSPD-12 implementation progress.

• Discuss and coordinate with OMB on the department’s updated milestones and implementation of HSPD-12 requirements.

• Estimate the department-wide cost to comply with HSPD-12 and FIPS 201-1 requirements and prioritize the department’s costs to ensure that physical and logical access interoperability requirements will be met. The estimate should cover the funding and other resources necessary to support HSPD-12 over a period of no less than five years.

• Identify the facility access points and information systems that will require the use of PIV cards.

The full report can be downloaded here.