HSPD-12, “Policies for a Common Identification Standard for Federal Employees and Contractors,” was signed in August 2004 and is one of three major federal personnel security programs. The other two programs encompass national security clearances and federal employment suitability/fitness. For most federal employees and many contractor employees HSPD-12 requirements and processing are nearly invisible, because the issuance of an HSPD-12 compliant Personal Identity Verification (PIV) card occurs almost automatically when there is a favorable security clearance or employment suitability/fitness determination. It was estimated that HSPD-12 compliant cards would have to be issued to 4.3 million federal employees and 1.2 million contractors. According to OMB as of March 2010 only 64% of PIV cards have been issued.
HSPD-12 requires development and agency implementation of a mandatory, government-wide standard for secure and reliable forms of identification for federal employees and contractors requiring physical access to federally controlled facilities and logical access to federally controlled information systems. The Directive has three principle implementing documents:
- Office of Management and Budget (OMB), Memorandum M-05-24, August 5, 2005;
- Federal Information Processing Standards Publication (FIPS PUB) 201-1, March 2006; and
- Office of Personnel Management (OPM) Memorandum, July 31, 2008, Subject: “Final Credentialing Standards for Issuing Personal Identity Verification Cards under HSPD-12.”
For many contractor employees HSPD-12 is the only federal personnel security program they will encounter. Before any applicant can be issued a PIV card (also referred to as a credential), they must be sponsored by a federal agency or contractor, and the credential must be requested by proper authority. The applicant must personally appear at the appropriate registration office with two identity source documents, at least one of which must be a valid federal or state government issued picture ID, and the applicant must be fingerprinted. Acceptable forms of identification are listed on page 5 of INS Form I-9. The applicant must also submit either a Standard Form 85—SF85 (Questionnaire for Non-Sensitive Positions) or a Standard Form 85P—SF85P (Questionnaire for Public Trust Positions) in paper form or using OPM’s Electronic Questionnaire for Investigations Processing (eQIP). A National Agency Check with Written Inquiries (NACI) investigation must be conducted. Once favorable advanced results from the FBI National Criminal History (fingerprint) Check portion of the NACI are received, the applicant can be issued an interim credential. Issuance of a final credential takes place after the favorable adjudication of the completed NACI investigation. Adjudication can be done at either the personnel or security office of the requesting government authority using OPM’s Final Credentialing Standards.
Become a Certified Ethical Hacker
An NACI consists of a National Agency Check (NAC) plus written inquiries and record searches covering:
- Employment, 5 years
- Education, 5 years and verification of highest degree
- Residence, 3 years
- Law Enforcement, 5 years
A standard NAC consists of a search of the OPM Security/Suitability Investigations Index (SII) and the Defense Clearance and Investigation Index (DCII), as well as an FBI Name Check and FBI National Criminal History (fingerprint) Check. An NAC can include checks of other federal agency records when appropriate (i.e. military records when an applicant lists military service). Written inquiries are sent to current and past employers, schools attended, and references. Local law enforcement authorities can also be sent letter inquires, but most of these checks are done electronically using the National Law Enforcement Telecommunications System (NLETS). (Note: By special agreement with OPM all NACIs requested by Department of Defense agencies include a credit check.)
Individuals applying for employment with a federal agency or a federal contractor for jobs that are subject to employment suitability/fitness or national security clearance determinations are processed in accordance with the procedures required for those programs. A favorable determination under either program can be used as the basis for issuing a PIV credential without any further investigation or adjudication. Individuals who previously received favorable employment suitability/fitness or national security clearance determination can also be issued a PIV credential without any further investigation or adjudication, regardless of how long ago the last investigation took place, provided they have not had a break-in-service of more than 2 years since their last background investigation.
PIV credentials are valid for no more than 5 years, but must be surrendered or cancelled when access is no longer officially required. Currently there is no requirement for a periodic reinvestigation to maintain a PIV credential.
When applicants, who are not subject to either of the other two personnel security programs, are denied a PIV credential, agencies must provide a procedure for appealing the denial. Applicants subject to either of the other two personnel security programs have no right to appeal the denial of a PIV credential. However, the programs covering federal employment suitability (but not fitness) and national security clearances have their own rebuttal and appeal procedures. A final adverse employment suitability/fitness or national security clearance determination can be used as the basis for denying a PIV credential. Applicants subject to federal employment fitness determinations are without any government-wide right to rebut or appeal an adverse fitness determination or the denial of a PIV credential. Federal employment fitness determinations apply to applicants for federal jobs designated as “excepted service” or “temporary” appointments and all federal contractor employees applying for jobs designed as Public Trust positions. Federal employment suitability determinations apply to applicants for federal jobs designated as “competitive service” appointments and career appointments in the Senior Executive Service.
At least one federal agency appears to continue to have its own facility access program that is not in compliance with HSPD-12. Department of Navy (DON) SECNAV M-5530.10 specifies that “Contractor employees who require access to DON controlled/restricted areas, NOT involving sensitive information or IT equipment and not involving access to classified information will be processed under the DON Facility Access Determination (FAD) program.” FAD requires only an NAC rather than an NACI. FAD adjudications use the Adjudicative Guidelines for Determining Eligibility for Access to Classified Information rather than OPM’s Final Credentialing Standards. The FAD program gives commanding officers of naval facilities and activities final authority for access determinations and no due process (rebuttal or appeal) procedures are required. Under the FAD program it is possible for a contractor to be denied access to a DON facility based solely on an unfavorable review of the SF85P without an investigation or an opportunity to explain or mitigate unfavorable information. Navy commands must provide the contractor written notification of the FAD decision, but they are not required to given any reason for access denial.
Copyright © 2010 Last Post Publishing. All rights reserved.