Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

U.S. Flag An official website of the United States government.
Change Font Size

Audit (A-18-12-30410)

Security Controls Over the Implementation of Personal Identity Verification Cards (PIV) at the Department of Health and Human Services (HHS) Were Inadequate Due to Lack of Some Essential Information Security Requirements

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.


We evaluated the HHS implementation of the Homeland Security Presidential Directive 12 (HDSP-12) and the security controls over a sample of its critical HSPD-12 systems to determine whether the guidance had been followed. Specifically we assessed (1) whether the HHS PIV card application and issuance processes were effective and complied with HHS guidance and regulations and (2) whether information security controls over critical HHS PIV systems complied with Federal information security standards.

We found that HHS did not always comply with Federal guidance when implementing its HSPD-12 system.

We recommended that HHS implement necessary corrective actions to resolve the reportable findings that we identified in this audit.

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201