As de facto federal CIO and administrator of e-government and IT at the White House's Office of Management and Budget (OMB), Karen Evans is one of those responsible for ensuring that federal agencies meet the requirements of Homeland Security Presidential Directive-12 of August 2004. HSPD-12 requires federal agencies to issue new tamper-proof smartcard identity credentials called Personal Identity Verification (PIV) cards to all employees and contractors by October 2008.
That didn't happen. Four years into the effort, many agencies are struggling with implementation deadlines. A majority missed an 27 October milestone that required them to have completed employee background checks and to have issued PIV cards to all employees with less than 15 years' experience. Evans explained what is going on and why.
What is your message to those that say HSPD-12 implementation deadlines are unreasonably aggressive?
Everybody thinks my deadlines are aggressive regardless of the programme. When I hear the question about HSPD deadlines and whether they are realistic or unrealistic, the way I answer it really is to put it in the context of what the goal of the HSPD project is and what we are trying to accomplish.
HSPD-12 was released as one of six [directives] from the president in response to the 9/11 Commission's recommendations. So when you look at that, and you look at how long it has been since 9/11, I don't believe the deadlines are too aggressive.
If you look at how we laid out the programme, if you look at the result it is intended to do and the problem it is fixing, and when you look at what we were responding to you would ask why weren't we doing it sooner, why weren't we getting it done faster. ...
Are you satisfied with the progress being reported by federal agencies on HSPD-12, considering that a lot of agencies appear to have missed the 27 October deadline for completing background checks and issuing smart ID cards to employees with less than 15 years of service?
We did a conference call to give everybody a heads-up about the October deadline and what we were going to make and what we weren't going to make. The piece that we asked agencies to hold back on [during that call] was the actual credentials themselves. [We told them] what we were going to do is the real critical piece, and you have to really step back and take a look at what you are doing and making sure you are running and have all the background checks in place.
Now also remember the other goal [for the new credential] is interoperability of the credential and the certificates and the information on the cards. We want to make sure that once you got a card issued that it would be truly interoperable.
One of the problems we had was there were actual technical challenges with the certificate itself. So agencies could have issued all of the cards and made the goal, but they would have missed the overall piece, which was ensuring the cards were also interoperable. You don't want to have everyone run out and be compliant and then have everyone turnaround and have to reissue all the cards, so they had the interoperability piece.
So we thought it makes sense [for agencies] to continue working on all the other pieces that need to be in place as we were dealing with this last technical piece with the certificates itself. So when you asked me if I am satisfied with the progress of the agencies, the answer is yes because now I expect to see a dramatic increase in the number of cards that have been issued when we issue this [status] report in December.