Veterans Affairs Years Behind Smart Card Mandate

Only 9% of VA employees and contractors had been issued smart ID cards by June, an audit finds, two years after the compliance deadline for complete distribution.

Two years after a government-imposed deadline for compliance with an IT security mandate for federal agencies to issue identity credentials to employees and contractors, the Department of Veterans Affairs has only issued about 9% of the necessary smart cards to its workforce, the agencys assistant inspector general found in a newly released
audit
.
The requirements, part of Homeland Security Presidential Directive 12, signed by President Bush in 2004, aimed to protect government facilities and information networks by having agencies issue smart cards to all federal employees and contractors by October 2008. While VA is not alone in failing to meet that deadline, its one of the worst laggards of all the federal agencies, and the farthest behind among major agencies.
Overall, 59% of federal employees and contractors have obtained their smart cards, but VA has fallen far behind because, the audit says, the agency failed to make the effort a priority, and then later failed to provide a project management office tasked with issuing the cards with the necessary resources and management tools.
As a result, the report says, the agency not only risks not meeting a deadline imposed by VAs chief of staff of finishing credential issuance by October 2011, it risks not issuing all of an estimated 741,000 cards it will need to issue to fully comply with the directive until 2017. To meet the 2011 deadline, VA would have to increase its rate of issuance of the credentials six-fold, the report says.
Furthermore, the report says, the agency hasnt done a good enough job at testing the underlying systems in place to read and validate the cards. If the PIV System is not load tested, certified and accredited, and other unaddressed system requirements are not defined and/or resolved, VA cannot ensure that system performance will be reliable and effective and meet the requirements of HSPD-12, the report says.
In fact, a number of system requirements have yet to be met. For example, the report says, the program lacks effective controls for safeguarding personally identifiable information, while the current system lacks the functional capability to interface with other systems to verify applicant information electronically, has yet to get required security certifications, and doesn’t create standard access reports that management could use to identify inappropriate access or attempts to access information or facilities. The report also notes that some smart card holders have been issued smart cards without undergoing the required routine background check.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Veterans Affairs Years Behind Smart Card Mandate