According to an independent survey released by INPUT, the authority on government business, and commissioned by CA, one of the world`s largest information technology management software companies, nearly half of federal IT security executives do not have an integrated plan to help their agency meet the Office of Management and Budget (OMB) imposed 27 October 2006 deadline for compliance with the Homeland Security Presidential Directive (HSPD-12).
HSPD-12 calls for a mandatory, government-wide standard for secure and reliable forms of personal identity verification (PIV) to be issued by the federal government to its employees and contractors. The survey results will be released today at CA`s HSPD-12 and Identity and Access Management Symposium in Washington, DC.
"There appears to be considerable confusion in the industry as 46% of survey respondents do not feel that OMB is providing enough clarity for HSPD-12 compliance," said Bruce Brody, vice-president, information security at INPUT.
"Federal IT security executives cite a noticeable lack of guidance as to how to actually define success with the compliance efforts and how funding and budgetary issues would be addressed. There is even more grey area with regards to the deadline itself since 37% of respondents either do not believe or are unsure that OMB will hold fast to the HSPD-12 compliance deadline."
When asked if their organisation had implemented an identity and access management (IAM) solution, 56% of respondents reported having not implemented one or just being in the initial stages of implementation. Of those organisations that have implemented IAM, most are leveraging either smart cards or ID badges as the primary means to authenticate users.
Fifty-six percent of respondents indicated they had seven or more physical access control (PAC) systems and 58% indicated there had been no decision made on whether to standardise these systems. Because HSPD-12 involves utilising a single smart card for authentication and authorisation of both physical and logical access, PAC systems must be integrated into a single identity and access solution. The research indicates the vast majority of agencies are not in a position to be compliant by the October 2006 deadline because of the proliferation of PAC systems and their lack of progress on deciding to standardise on a system.
"While these findings may be a cause for concern, 74% of respondents indicated that they have established an HSPD-12 task force, suggesting that agencies have realised the impact and complexity that HSPD-12 will have on their security infrastructures," added Brody.
"Agencies are clearly struggling with HSPD-12 compliance," said Christopher Michael, federal technology strategist at CA. "This compliance deadline, however, does present an opportunity for agencies to address their larger identity management issues and thereby improve the speed and efficiency with which they manage their growing user base and their access to an increasingly complex portfolio of IT services."
Share
INPUT is the authority on government business. Established in 1974, INPUT helps companies develop federal, state, and local government business and helps public sector organisations achieve their objectives. Over 1 200 members, including small specialised companies, new entrants to the public sector, and the largest government contractors and agencies, rely on INPUT for the latest and most comprehensive procurement and market information, consulting, powerful sales management tools, and educational and networking events. For more information about INPUT, visit http://www.input.com or call (703) 707 3500.
CA
CA (NYSE: CA), one of the world`s largest information technology (IT) management software companies, unifies and simplifies the management of enterprise-wide IT. Founded in 1976, CA is headquartered in Islandia, New York, and serves customers in more than 140 countries. For more information, please visit http://ca.com.
Editorial contacts