U.S. Department of the Treasury

DATE: September 28, 2011

SUBJECT: Homeland Security Presidential Directive 12 Policy

1. PURPOSE. This Directive sets policies and defines responsibilities for Homeland Security Presidential Directive 12 (HSPD-12) compliance in the Department of the Treasury. This Directive also authorizes the issuance of Treasury Directive Publication (TD P) 71-12, “Treasury Guide for Homeland Security Presidential Directive 12”, relating to identity management.
2. SCOPE. This Directive applies to all bureaus, offices, and organizations in the Department of the Treasury, including the offices of Inspectors General within the Department. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Department’s Inspectors General.
3. POLICY. It is the policy of the Department that all Treasury Offices and Bureaus:
   1. Ensure the security and safety of all Treasury facilities, information systems and their occupants and users, by verifying that all persons entering Treasury facilities and using Federal information resources are authorized to do so;
   2. Obtain Personal Identity Verification (PIV) II compliance through the use of an approved service provider designated by the department. The service provider will produce compliant and interoperable Federal credentials. The solution will meet all applicable Federal standards and requirements for PIV II, including an official accreditation process;
   3. Shall use an accredited PIV process for individuals who require physical access to federally controlled government facilities or leased space for six months and longer or any electronic access to government information systems;
   4. Ensure Treasury’s PIV credentials be interoperable among Treasury Bureaus. Treasury Bureaus shall accept only valid activated government-issued PIV credentials. Procedures will be in place to support authorized physical and logical access for Treasury PIV credential holders;
   5. Ensure proper guidelines are followed in cases of lost or stolen PIV credentials;
   6. Maintain proper procedures for Special PIV credential designations such as those for Federal Emergency Response Officials and Weapons Carriers;
   7. Ensure a bureau-level implementation plan that coincides with the Treasury Implementation Plan is in place for physical and logical access; and
   8. Comply with collective bargaining obligations in implementing this Directive.
4. RESPONSIBILITIES.
   1. The Deputy Assistant Secretary for Departmental Offices Operations, Heads of Bureaus, and the offices of Inspectors General within the Department, as it relates to their respective bureaus and offices, shall:
      1. 1) designate role administrators within the bureaus to assign proper PIV role holders within their respective bureaus;
      2. 2) comply with HSPD-12 related directives such as National Institute of Standards and Technology (NIST), Federal Information Processing Standard (FIPS) 201-1, and Office of Management and Budget (OMB) Memoranda such as OMB M-05-24, M-08-01, and M-11-11 which provide guidance for implementing HSPD-12; including the following:
         1. a) All new systems under development must be enabled to use PIV credentials, in accordance with NIST guidelines, prior to being made operational.
         2. b) Existing physical and logical access control systems must be upgraded to use PIV credentials, in accordance with NIST guidelines, prior to the agency using development and technology refresh funds to complete other activities.
         3. c) Procurements for services and products involving facility or system access control must be in accordance with HSPD-12 policy and the Federal Acquisition Regulation. In order to ensure government-wide interoperability, OMB Memorandum 06-18, “Acquisition of Products and Services for Implementation of HSPD-12” requires agencies to acquire products and services that are approved as compliant with Federal policy, standards and supporting technical specifications.
         4. d) Agency processes must accept and electronically verify PIV credentials issued by other federal agencies.
         5. e) The government-wide architecture and completion of agency transition plans must align as described in the Federal Chief Information Officer (CIO) Council’s “Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance.
      3. 3) plan and report the status of PIV credential use for physical and logical access to the Treasury Enterprise Identity Credential and Access Management (TEICAM) Program Executive Office.
5. AUTHORITIES.
   1. Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004.
   2. NIST Federal Information Processing Standard (FIPS) 201-1.
   3. OMB Memorandum M-05-24, Implementation of HSPD-12 – Policy for a Common Identification Standard for Federal Employees and Contractors.
   4. OMB M-07-06, Validating and Monitoring Agency Issuance of PIV Credentials.
   5. OMB Memorandum M-08-01, HSPD-12 Implementation Status.
   6. OMB Memorandum M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors.
   7. FICAM Roadmap and Implementation Guidance, dated November 10, 2009.
   8. Additional NIST, OMB, DHS and GSA documents apply as issued/amended.
6. REFERENCES.
   1. GSA Federal Acquisition Service HSPD-12 Shared Services Provider II, Solicitation No. TQ-PLB-07-002, RFQ #186901, Amendment 04, 02/08/2007.
   2. GSA Ready Guide, version 1.5, dated October 22, 2007.
   3. Personal Identity Verification Card Issuer (PCI) Operations Plan, version 1.0, dated August 1, 2007.
   4. Special Publication (SP) 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS), National Institute of Standards and Technology, dated November 2008.
   5. Additional NIST, OMB, DHS and GSA documents apply as amended/issued.
7. CANCELLATION. Treasury Directive 71-12, “Homeland Security Presidential Directive 12 Policy,” dated April 28, 2010, is superseded.
8. OFFICE OF PRIMARY INTEREST. The Deputy Assistant Secretary for Departmental Offices Operations and Treasury Enterprise Identity, Credential & Access Management, Treasury Office of the Chief Information Officer, Office of the Assistant Secretary for Management and Chief Financial Officer.