How will HSPD-12 affect authentication?

Ask the Expert

How will HSPD-12 affect authentication?

How will the government's Homeland Security Presidential Directive-12 mandate affect authentication?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

The Homeland Security Presidential Directive-12 (HSPD-12) was designed to standardize physical access to government facilities. President George W. Bush signed the directive in 2004 in an effort to eliminate the current hodgepodge of different systems that government employees used to get into their offices.

The program is supposed to eventually create a standardized ID badge for all government employees, but is currently only in a pilot stage for selected facilities around the country. The badge is supposed to be tamperproof and not susceptible to counterfeiting.

The badge is essentially a smart card that contains a photo and biometric information, or in this case, a fingerprint, from the user. In addition, users will need to enter a PIN number into the device where they insert the card. The system is a textbook three-factor authentication system. It consists of something you know (the PIN), something you have (the card) and something you are (the fingerprint).

Optionally, any system meeting the standard can also support public key infrastructure (PKI) and digital certificates (DC).

Although the HSPD-12 directive states it also covers logical access to IT systems -- since technologically speaking, physical and logical access is slowly converging -- the current rollout is only for physical access to federal sites.

With that in mind, there might not be an immediate impact on authentication. However, you can expect that the same three-factor authentication system and smart card will be needed to access government IT systems down the road; probably within the next five years.

For specific information, consult the Federal Information Processing Standard Publication 201 (FIPS 201) on the National Institute of Technology Web site, which details implementing the HSPD-required Personal Identity Verification (PIV) cards.

More information:

  • Make sure your smart cards are tamper-proof.
  • Learn about other infosec-related regs.
  • This was first published in December 2006