The Defense Department has failed in a number of ways to comply with Homeland Security Presidential Directive 12, according to a report released today by the department’s inspector general.

The IG found that the department has not complied with HSPD-12 and Federal Information Processing Standard 201-1, has not issued comprehensive guidance to its various components on how to implement the requisite credentialing process, and has not met specific milestones for completing the background checks necessary for the credentials. The report is dated June 23.

In the course of its investigation, the IG’s office uncovered a half-dozen missteps. For example, DOD components have bought equipment that does not comply with the directive. Furthermore, the department uses bar code technology that lacks the security features designated in the directive and has failed to meet mandated interoperability requirements.

The IG recommended that DOD:

• Issue comprehensive HSPD-12 implementation guidance within 30 days.
• Revise and update DOD directives and instructions to incorporate FIPS requirements.
• Submit personal identity verification credentials to the General Services Administration for conformance testing.

DOD’s undersecretary for personnel and readiness, undersecretary for intelligence and assistant secretary for networks and information integration reviewed the report.

Although they did not agree with all of the IG’s recommendations, the secretaries pledged to take action. For example, the undersecretary for personnel and readiness agreed to work with DOD offices to identify milestones to incorporate in the department’s plan, and the undersecretary for intelligence plans to require all new access controls to comply with FIPS 201-1.

President Bush signed HSPD-12 in August 2004. It established a governmentwide standard for agencies to use in issuing secure and reliable forms of identification for government and contractor employees.