In August 2000, President George W. Bush enacted the Homeland Security Presidential Directive 12. HSPD-12 was created to help mitigate increasing security threats related to personnel identity verification. As promptly as possible, but no later than eight (8) months after the date of promulgation, executive departments and agencies are required to use the standard for identification issued to Federal employees and contractors in gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems.   

As a result of HSPD-12, FIPS Publication 201 was created to define the architecture and technical requirements for a common identification standard for Federal employees and contractors. The overall goal is to achieve appropriate security assurance by efficiently verifying the claimed identity of an individual seeking physical access to Federally-controlled Government facilities and electronic access to Government information systems. The standard identifies the problems to be solved, defines common identity verification architecture, and describes the components.

What federal agencies must comply with HSPD-12?

All federal departments and agencies and their contractors requiring access to federal facilities and systems must comply. HSPD-12 does not apply to identification associated with national security systems.

"Non-compliance may include a range of consequences from negative audit reports to budgetary impacts."

- Dept. of Commerce Press Release 2/25/2005

HSPD-12 Quick Facts

•  Sound criteria for verifying an individual's identity
•  Strongly resistant to identity fraud, tampering and terrorist exploitation
•  Rapid electronic authentication using smart card and biometric methods
•  Identity credentials issued by an official accreditation process

HSPD-12 Part I

•  Requires compliance with HSPD-12 Control Objectives:

•  Strong, consistent identity validation processes
•  Reliable issuance process
•  Rapid electronic verification of identity
•  Tamper resistant

•  Establishes requirements for:

•  Identity Token (ID Card) Application process
•  Agency Identity Source Document Verification process
•  Identity Registration and ID Card Issuance process

HSPD -12 2005 Timeline

•  2/25/2005 - FIPS -201 defining standards for Personal Identity Verification (PIV) approved
•  6/27/ 2005 - Federal departments and agencies must submit plans for meeting compliance
•  10/ 27 /2005 - Pilot deployment completed to meet compliance with HSPD-12 standard

How can Security Workplace help?

•  Assess current security controls relating to identity management for physical and logical access
•  Conduct technology evaluation and selection according to FIPS 201 and other requirements
•  Create HSPD-12 compliance plan to meet 6/27/2005 deadline

•  HSPD-12 Pilot Implementation

•  Develop project plan for deployment
•  Install/configure smart card readers and biometric hardware
•  Install software components and configure with systems
•  Configure and issue smart cards
•  Administrator training

HSPD-12 is divided into two parts so agencies can make an orderly migration. Part I focuses on "identity proofing" and must be implemented within 8 months of the standard's issuance. Part II focuses on the common technical interoperability requirements and will take longer to implement.

HSPD-12 PART II

•  Requires Smart Card-based ID Badge
•  Specifies minimum mandatory technical implementation for interoperability
•  Provides basis for issuer accreditation and host system validation requirements
•  Provides the basis for specification of ID card, database infrastructure, protocols, and interfaces to card.
•  Supports Biometric Specifications in Special Publication 800-77
•  Supports Integrated Circuit Card Specifications in Special Publication 800-73
•  Supports cryptographic requirements of Federal Common Policy Framework