Skip Navigation Change Font Size

Audit (A-18-12-30410)

07-16-2014
Security Controls Over the Implementation of Personal Identity Verification Cards (PIV) at the Department of Health and Human Services (HHS) Were Inadequate Due to Lack of Some Essential Information Security Requirements

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.

Summary

We evaluated the HHS implementation of the Homeland Security Presidential Directive 12 (HDSP-12) and the security controls over a sample of its critical HSPD-12 systems to determine whether the guidance had been followed. Specifically we assessed (1) whether the HHS PIV card application and issuance processes were effective and complied with HHS guidance and regulations and (2) whether information security controls over critical HHS PIV systems complied with Federal information security standards.

We found that HHS did not always comply with Federal guidance when implementing its HSPD-12 system.

We recommended that HHS implement necessary corrective actions to resolve the reportable findings that we identified in this audit.

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201