Progress Has Been Slow in Meeting Homeland Security Presidential Directive-12 Requirements

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Progress Has Been Slow in Meeting Homeland Security Presidential Directive-12 Requirements

Issued on June 20, 2007

Highlights

Highlights of Report Number: 2007-20-110 to the Internal Revenue Service Chief, Mission Assurance and Security Services.

IMPACT ON TAXPAYERS

The Internal Revenue Service (IRS) has been experiencing delays in issuing new identification cards to employees and contractors that enhance security, reduce identity fraud, and protect the personal privacy of employees and contractors. Initially, the IRS was developing its own system for issuing the cards rather than joining with other Federal Government agencies that had already incurred much of the upfront costs associated with this effort. Consequently, the IRS was at risk of wasting taxpayer funds and delaying the implementation of this Presidential mandate.

WHY TIGTA DID THE AUDIT

This audit was initiated to determine whether the IRS took the necessary actions to comply with Homeland Security Presidential Directive-12 (HSPD-12) requirements. On August 27, 2004, President Bush signed HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors. The Directive, which is to be implemented in several phases, established a new standard for issuing and processing Federal Government identification cards for entering Federal Government facilities and for accessing computer systems.

WHAT TIGTA FOUND

In the first compliance phase of HSPD-12, Personal Identity Verification (PIV) I, the Office of Management and Budget required agencies to develop procedures no later than October 2005 for registering employees, issuing cards, and maintaining the card system. In the second phase, PIV II, the Office of Management and Budget required agencies to demonstrate their ability to issue the identification cards and be capable of issuing new cards to all new employees and contractors no later than October 2006.

To satisfy the requirements of PIV I, the IRS completed its PIV I Procedures Manual on October 27, 2005. This manual contains step-by-step instructions that address PIV I requirements.

However, the IRS has been experiencing delays in meeting the requirements of PIV II. Initially, the IRS was attempting to produce its own identification cards but had not demonstrated the ability to issue them. Despite assigning 68 employees and contractors to this effort, the IRS had not yet purchased the hardware and software necessary to produce the identification cards and did not expect to complete the program until September 2010, 2 years after the Office of Management and Budget mandated deadline.

The IRS stated, however, that it met the PIV II milestone because it contracted with the General Services Administration (GSA) for 100 identification cards to meet the Office of Management and Budget deadline, even though it did not plan to use the GSA to issue additional identification cards after the PIV II milestone. The GSA is making its solution available to all Federal Government agencies and, due to economies of scale, TIGTA believes the GSA should be able to issue the cards less expensively than agencies that produce their own cards.

WHAT TIGTA RECOMMENDED

TIGTA recommended the Chief, Mission Assurance and Security Services, consider the benefits of using shared solutions such as the one offered by the GSA for issuing identification cards to IRS employees and contractors. Rather than spending resources on developing its own system, TIGTA recommended the IRS coordinate with the GSA to resolve concerns and customize the GSA solution to meet IRS needs.

In their response to the report, IRS officials stated the Department of the Treasury HSPD-12 Program Management Office, with concurrence from the Department of the Treasury HSPD-12 Executive Steering Committee and the Bureau Advisory Board, agreed with the recommendation. The HSPD-12 Program Office has discontinued development efforts for a Department of the Treasury-wide enterprise HSPD-12 solution. On May 18, 2007, a letter was issued to the GSA stating the IRS’ intention to use their services to the extent possible.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:

http://www.treas.gov/tigta/auditreports/2007reports/200720110fr.html.

Email Address: Bonnie.Heald@tigta.treas.gov

Phone Number: 202-927-7037

Web Site: http://www.tigta.gov