CIO Council - Chief Information Officers Council - Beta

Identity Management (HSPD-12)

People value working in a safe environment where their individual identity is protected. To convey that level of confidence, the U.S. government issued the Homeland Security Presidential Directive-12 (HSPD-12) to set policy for a common, reliable, and secure identification standard for federal employees and contractors. HSPD-12 requires that all agencies issue interoperable credentials to all federal employees and contractors.

On August 27, 2004, the President signed Homeland Security Presidential Directive 12 (HSPD-12), entitled “Policy for a Common Identification Standard for Federal Employees and Contractors.” HSPD-12 is a strategic initiative intended to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy. It requires the development and implementation of a government-wide standard for secure and reliable forms of identification for Federal employees and contractors. The interoperable structure enables

In February of 2011, the Office of Management and Budget (OMB) issued memorandum M-11-11 providing guidance to Executive Departments and Agencies regarding the continued implementation of HSPD-12. It requires each agency to develop and issue an implementation policy requiring the use of Personal Identity Verification (PIV) credentials as the common means of authentication for access to that agency’s facilities, networks, and information systems as well as provided requirements to ensure the full benefits of a government-wide public key infrastructure using interoperable PIV credentials are captured.

In early 2015, OMB launched a 30-day Cybersecurity Sprint, building upon the Administration’s whole-of-government strategy, to assess and improve the health of all Federal information technology (IT) assets and networks, both civilian and military.  As part of the Sprint, OMB directed agencies to immediately patch critical vulnerabilities, identify high-value assets, review and tightly limit the number of privileged users with access to authorized systems, and dramatically accelerate the use of Personal Identity Verification (PIV) cards or an alternative form of strong authentication for accessing networks and systems.  Significant progress was made in these areas. During the course of the Sprint, Federal Civilian agencies increased their use of strong authentication for all users from 42 percent to 72 percent – an increase of 30 percent. As of October of 2015, agencies had increased their use of strong authentication to more than 80%.

Resources
Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors (August 27, 2004)