Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Controls Over the Implementation of Personal Identity Verification Cards (PIV) at the Department of Health and Human Services (HHS) Were Inadequate Due to Lack of Some Essential Information Security Requirements

Issued on  | Posted on  | Report number: A-18-12-30410

Report Materials

We evaluated the HHS implementation of the Homeland Security Presidential Directive 12 (HDSP-12) and the security controls over a sample of its critical HSPD-12 systems to determine whether the guidance had been followed. Specifically we assessed (1) whether the HHS PIV card application and issuance processes were effective and complied with HHS guidance and regulations and (2) whether information security controls over critical HHS PIV systems complied with Federal information security standards.

We found that HHS did not always comply with Federal guidance when implementing its HSPD-12 system.

We recommended that HHS implement necessary corrective actions to resolve the reportable findings that we identified in this audit.

Report Type
Audit
HHS Agencies
Office of the Secretary
Issue Areas
-
Target Groups
-
Financial Groups
-

Notice

This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.