Weekly Compilation of Presidential Documents Volume 40 Issue 35 (Monday, August 30, 2004)

[Weekly Compilation of Presidential Documents Volume 40, Number 35 (Monday, August 30, 2004)]
[Pages 1709-1710]
[Online from the Government Publishing Office, www.gpo.gov]

<R04>
Directive on Policy for a Common Identification Standard for Federal 
Employees and Contractors

August 27, 2004

 Homeland Security Presidential Directive/HSPD-12


Subject: Policy for a Common Identification Standard for Federal 
Employees and Contractors

    (1) Wide variations in the quality and security of forms of 
identification used to gain access to secure Federal and other 
facilities where there is potential for terrorist attacks need to be 
eliminated. Therefore, it is the policy of the United States to enhance 
security, increase Government efficiency, reduce identity fraud, and 
protect personal privacy by establishing a mandatory, Government-wide 
standard for secure and reliable forms of identification issued by the 
Federal Government to its employees and contractors (including 
contractor employees).
    (2) To implement the policy set forth in paragraph (1), the 
Secretary of Commerce shall promulgate in accordance with applicable law 
a Federal standard for secure and reliable forms of identification (the 
``Standard'') not later than 6 months after the date of this directive 
in consultation with the Secretary of State, the Secretary of Defense, 
the Attorney General, the Secretary of Homeland Security, the Director 
of the Office of Management and Budget (OMB), and the Director of the 
Office of Science and Technology Policy. The Secretary of Commerce shall 
periodically review the Standard and update the Standard as appropriate 
in consultation with the affected agencies.
    (3) ``Secure and reliable forms of identification'' for purposes of 
this directive means identification that (a) is issued based on sound 
criteria for verifying an individual employee's identity; (b) is 
strongly resistant to identity fraud, tampering, counterfeiting, and 
terrorist exploitation; (c) can be rapidly authenticated electronically; 
and (d) is issued only by providers whose reliability has been 
established by an official accreditation process. The Standard will 
include graduated criteria, from least secure to most secure, to ensure 
flexibility in selecting the appropriate level of security for each 
application. The Standard shall not apply to identification associated 
with national security systems as defined by 44 U.S.C. 3542(b)(2).
    (4) Not later than 4 months following promulgation of the Standard, 
the heads of executive departments and agencies shall have a program in 
place to ensure that identification issued by their departments and 
agencies to Federal employees and contractors meets the Standard. As 
promptly as possible, but in no case later than 8 months after the date 
of promulgation of the Standard, the heads of executive departments and 
agencies shall, to the maximum extent practicable, require the use of 
identification by Federal employees and contractors that meets the 
Standard in gaining physical access to Federally controlled facilities 
and logical access to Federally controlled information systems. 
Departments and agencies shall implement this directive in a manner 
consistent with ongoing Government-wide activities, policies and

[[Page 1710]]

guidance issued by OMB, which shall ensure compliance.
    (5) Not later than 6 months following promulgation of the Standard, 
the heads of executive departments and agencies shall identify to the 
Assistant to the President for Homeland Security and the Director of OMB 
those Federally controlled facilities, Federally controlled information 
systems, and other Federal applications that are important for security 
and for which use of the Standard in circumstances not covered by this 
directive should be considered. Not later than 7 months following the 
promulgation of the Standard, the Assistant to the President for 
Homeland Security and the Director of OMB shall make recommendations to 
the President concerning possible use of the Standard for such 
additional Federal applications.
    (6) This directive shall be implemented in a manner consistent with 
the Constitution and applicable laws, including the Privacy Act (5 
U.S.C. 552a) and other statutes protecting the rights of Americans.
    (7) Nothing in this directive alters, or impedes the ability to 
carry out, the authorities of the Federal departments and agencies to 
perform their responsibilities under law and consistent with applicable 
legal authorities and presidential guidance. This directive is intended 
only to improve the internal management of the executive branch of the 
Federal Government, and it is not intended to, and does not, create any 
right or benefit enforceable at law or in equity by any party against 
the United States, its departments, agencies, entities, officers, 
employees or agents, or any other person.
    (8) The Assistant to the President for Homeland Security shall 
report to me not later than 7 months after the promulgation of the 
Standard on progress made to implement this directive, and shall 
thereafter report to me on such progress or any recommended changes from 
time to time as appropriate.
                                                George W. Bush

Note: An original was not available for verification of the content of 
this directive.