Investigators found numerous cases in which former employees retained their passes long after they had left the agency.
I wonder if this means that they just never returned the passes and they were inactive or if the passes they had would still work? I wonder if the connection has been made between the physical access system and the IDM system? (Does an IDM system even exist?)
In 73 cases, officers left TSA jobs, but offices that monitor airport security passes were not properly notified.
No workflow or notification exists between systems obviously. Or, maybe one does exist and it simply isn't being responded to in a timely fashion. Sometimes, automation can only take you so far. (I've even seen cases where the workflow was being sent to an unmonitored or disabled mailbox.)
One security officer had an active pass to the airport's secure areas for 827 days after leaving the agency.
Ouch, more than two years? Proof positive that there either isn't an IDM system in place or that the TSA's implementation of an IDM system did not connect the physical and logical access systems together.
I was asked during a presentation last week how you justify an IDM implementation based on security. There's an answer above!
identity management, security, provisioning