Time to Make PIV Cards Universal in Federal Facilities

Second of a three-part series

By Mohammed Murad

Getting into a federal building or gaining access to a logical device isn’t as easy today as in the early 2000s. Now, more than five million federal employees and contractors carry high-security Personal Identity Verification (PIV) cards at many departments and agencies.  The cards, featuring embedded biometrics, enable workers to access doors and elevators and allow employees to sign onto their workstations.

Some departments, including the State Department, Social Security Administration and Nuclear Regulatory Commission, report 100% of their employees carry the high-tech cards, while others fall short. According to recent estimates, 20% of federal employees and 24% of contractors still use less secure access control systems.

HSPD-12

The requirement for PIV cards resulted from the 2004 Homeland Presidential Directive 12, which required the National Institute of Standards and Technology to create card specifications and the General Services Administration to oversee the provision of the credentials. HSPD-12 didn’t include a constant and specific source of funding for the massive access control update.

Through the years and administrations of different political stripes, some agencies continue blaming a lack of funding for largely or entirely ignoring the HSPD-12 requirements. Some continue to use the 40-year-old weak Weigand protocol with proximity cards that have significant security flaws. Hackers can use inexpensive and readily available devices to intercept transmissions between the access cards and readers to clone a working credential.

Time to act

It’s time for all agencies to consider implementing HSPD-12. Agency heads must make difficult budget choices or convince Congress and the president to allocate additional funding to adopt HSDP-12. Imagine the damage an external or internal terrorist group could wreak, gaining access to even a low-level federal facility or network.

The PIV model is the result of years of government and private industry input. It works.

In the final blog of this series, we’ll look at how biometrics, particularly iris recognition, greatly enhance federal access control.

(Mohammed Murad is vice president, global development and sales for Iris ID, a global provider of iris recognition solutions. IrisAccess^® is the world’s leading deployed iris recognition platform and is used in thousands of locations, authenticating millions of people’s identities daily.)