Closing the Access Revocation Gap: Solutions for the 6 OIG recommendations within the DHS

A recent report found that the Department of Homeland Security (DHS) hasn’t always terminated Personal Identity Verification cards or security clearance for ex-employees. And that many issues around access management still remain. Although the Office of Inspector General (OIG) identified these weaknesses and offered clear recommendations back in 2018, many of these issues remain unresolved; others won’t be implemented until 2024. Of further concern, due to questionable record keeping, the exact magnitude of the problem can’t be determined.  

Let’s explore how the AlertEnterprise Guardian Physical Identity Access Management (PIAM) specifically addresses the six most recent OIG recommendations and can help the DHS and companies across all industries digitally transform their identity security, credentialling and access management program. 

Here’s what the OIG recommends:

 

  1. Require managers to notify security officials to revoke PIV cards and withdraw security clearances within a specific timeframe after individuals separate from DHS.  

    Guardian’s automated workflows allow managers to easily initiate the revocation process, automate notifications and track the progress of the request through to completion, ensuring compliance with the specified timeframe.
      
  2. Strengthen internal processes to ensure accountability and oversight for all PIV cards that are collected and destroyed when individuals separate from DHS. 

    Guardian’s built-in reporting and auditing capabilities allow managers to track the collection and destruction of PIV cards, providing: 

    Increased visibility and control of potential access risks
    Prove compliance quickly with automated reporting

    Reduce complexity and human error with consistent controls and policies


  3. Implement additional controls to ensure PIV card revocation and card destruction are completed and recorded when individuals separate from DHS. 

    Guardian provides out-of-the box content packs that implement industry best practices and regulatory compliance automation and active enforcement with a configurable rules engine. The platform creates a complete electronic record of all PIV cards, revocations and destructions, which can be used for auditing and compliance purposes.  

    Guardian’s Asset Governance feature can manage the entire asset lifecycle, in real-time including PIV cards, from the moment they’re assigned to end-of-life.
      
  4. Implement controls to ensure security clearance withdrawal dates are recorded in the Integrated Security Management System when individuals separate from DHS. 

    Guardian’s integration framework provides easy connection with the DHS’s existing systems, allowing for controls and tracking of security clearance withdrawal dates throughout the entire identity lifecycle. Guardian also provides a running migration path from existing legacy Physical Access Control Systems (PACS) to newly selected systems without the risk of disruption or outage. 

  5. Implement a solution to verify/validate the PIV card access termination process across the Department and a mechanism to monitor its effectiveness. 

    When an off-boarding event occurs, Guardian deactivates badges and building access across all physical access control systems with a single click. You can define multiple termination scenarios based on your business processes and policies. 

  6. Implement a solution to verify/validate the security clearance withdrawal process across DHS and a mechanism to monitor its effectiveness. 

    Guardian provides an automated, centralized process to manage security clearance revocation, ensuring that all withdrawals are valid and in compliance with the DHS’ policies. 

Tying it all together

A major overhaul in their off-boarding process will certainly go a long way in creating a safety net and revoking access. However, that’s still not the be-all and end-all solution. If systems and departments operate in siloes, a major gateway to security attacks will remain. Because when systems don’t operate congruently, attacks can’t effectively be monitored or stopped in their tracks. And that’s exactly what the Cybersecurity and Infrastructure Security Agency (CISA) warned against in their recent Cybersecurity and Infrastructure Security Convergence Action Guide.  

As the only true cyber-physical security SaaS provider, we offer hundreds of out-of-the-box connectors to help converge physical security with IT, OT and HR systems. Whether its workplace access, visitor management, insider threat protection or anything in-between, digital transformation and security convergence are the only ways forward—and what should be the first and foremost recommendation to the security challenges the Department of Homeland Security has been facing.   

Contact us to learn how we can help you improve your security posture and connect your current infrastructure with our future-proof security solutions. P.S. No coding required.   

David Cassady

Chief Strategy Officer

David Cassady has been selling and leading teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions. 

As Chief Strategy Officer, David leverages his extensive experience helping software businesses drive growth through deep and impactful partnerships with the world’s most successful SaaS providers like ServiceNow, Microsoft and SAP. 

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to AlertEnterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of AlertEnterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before AlertEnterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at AlertEnterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As AlertEnterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of AlertEnterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining AlertEnterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of AlertEnterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching AlertEnterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.