ADVISORY ISSUED: April 26, 2006
REVISION 01 ISSUED: October 15, 2007
REVISION 02 ISSUED: April 28, 2009
AGAR ADVISORY
UNITED STATES DEPARTMENT OF
AGRICULTURE
OFFICE OF PROCUREMENT AND
PROPERTY MANAGEMENT
AGAR
ADVISORY NO. 81, Revision 02.
Common Identification Standard for
Contractors
INTRODUCTION: This Agriculture Acquisition
Regulation (AGAR) Advisory supersedes AGAR Advisory 81, Revision 01, dated
October 15, 2007 and updates information concerning part of the USDA Homeland
Security Presidential Directive (HSPD-12), “Policy for a Common Identification
Standard for Federal Employees and Contractors,” and Federal Information
Processing Standards Publication (FIPS PUB) 201, “Personal Identity
Verification (PIV) of Federal Employees and Contractors,” credentialing
process. This AGAR Advisory has been
prepared to supplement the Federal Acquisition Regulation (FAR) final rule (FAR
Case 2005-15), “Common Identification Standard for Contractors,” published in the Federal Register on November 22, 2006, that addresses
contractor personal identification requirements.
SUMMARY: HSPD-12, dated August 27, 2004,
requires the development and agency implementation of a mandatory
Government-wide standard for secure and reliable forms of identification for
Federal employees and contractors, including contractor employees. As directed
by HSPD-12, on February 25, 2005, the Department of Commerce issued FIPS PUB
201, which is a Federal standard for secure and reliable personal identity
verification (PIV) for routine physical access to Federally-controlled
facilities or information systems. Office of Management and Budget (OMB)
memorandum M-05-24 dated August 5, 2005, provides instructions for implementing
HSPD-12 according to FIPS PUB 201. FIPS PUB 201 has two phases, PIV I and PIV II. This Advisory addresses implementation of PIV
II for USDA acquisitions; namely, the procedures and terms needed for contracts
or orders awarded, or options exercised, on or after October 27, 2005. In
accordance with requirements in HSPD-12, by October 27, 2005, agencies must:
(a) Adopt and accredit a registration
process consistent with the identity proofing, registration, and accreditation
requirements in section 2.2 of FIPS PUB 201-1 and associated guidance issued by
the National Institute for Standards and Technology. This registration process
applies to all new identity credentials issued to contractors;
(b) Begin the required identity
proofing requirements for all current contractors that do not have successfully
adjudicated investigation (i.e., completed National Agency Check with Written
Inquires (NACI) or other Office of Personnel Management or National Security
community investigation) on record. (By October 27, 2007, identity proofing
should be verified and completed for all current contractors);
(c) Complete and receive notification
of results of the FBI National Criminal History Check prior to credential
issuance;
(d) Include language implementing the
Standard in applicable solicitations and contracts that require contractors to
have routine physical access to a Federally-controlled facility or routine
access to a Federal information system; and
(e) Complete the applicable privacy
requirements listed in section 2.4 of FIPS PUB 201-1 and the OMB guidance
M-05-24.
SPECIFIC
ISSUES:
USDA
Directives
For copies of
Departmental Regulation (DR) 4620-002, Common Identification Standard for U.S.
Department of Agriculture Employees and Contractors, and Departmental Manual
(DM) 4620-002, Common Identification Standard for U.S. Department of
Agriculture Employees and Contractors, as well as other information related to
USDA implementation of HSPD-12, visit http://hspd12.usda.gov.
Attached for your information is guidance concerning the PIV II process.
FAR
Requirements
Certain PIV
language must be implemented in all contracts. Please refer to FAR Subpart
4.13, Personal Identity Verification of Contractor Personnel. HSPD-12 clauses
include FAR Clause 52.204-9 and AGAR Clause 452.204-71.
Contracting
Officer Representatives (CORs; also known as Contracting Officer Technical
Representatives) or other designated program/project officers will serve as PIV
Sponsors for contractor personnel. When issuing the appointment memorandum to
the COR (or other designated program/project officer) the Contracting Officer
(CO) will ensure that the memorandum includes the PIV Sponsor duties.
USDA contract
statements of work must indicate that all applicable contractor employees
requiring routine physical access to Federally-controlled facilities or routine
access to Federally-controlled information systems must go through the identity
proofing and registration process, must have been successfully identity
proofed, and have a successfully adjudicated National Agency Check with
(Written) Inquiries (NACI) or Office of Personnel Management (OPM)/National
Security (NS) Background Investigation (BI) to serve on the contract.
Contractor ID
credentials will be issued after successful identity proofing of the contractor
employee applicant and upon a successfully adjudicated NACI or OPM/NS BI. All
contracts must detail periods of performance. Contractors must renew their
credentials at the end of their period of performance.
Solicitations and Contracts Affected by this Advisory
Solicitations
and contracts that require the contractor’s employees to have routine physical
access to a Federally-controlled facility and/or routine access to a
Federally-controlled information system are covered by this Advisory. FAR
Subpart 2.101 defines “Federally-controlled facilities” and
“Federally-controlled information system” as follows:
“Federally-controlled facilities” means—
(1) Federally-owned buildings or leased space, whether for
single or multi-tenant occupancy, and its grounds and approaches, all or any portion
of which is under the jurisdiction, custody or control of a department or
agency;
(2) Federally-controlled commercial space shared with
non-government tenants. For example, if a department or agency leased the 10th
floor of a commercial building, the Directive applies to the 10th floor only;
(3) Government owned, contractor-operated facilities,
including laboratories engaged in national defense research and production
activities; and
(4) Facilities under a management and operating contract,
such as for the operation, maintenance, or support of a Government-owned or
Government controlled research, development, special production or testing
establishment.
“Federally-controlled information system” means an
information system (44 U.S.C. 3502(8)) used or operated by a Federal agency, or
a contractor or other organization on behalf of the agency.
Solicitations
and contracts for supplies or services where the contractor’s employees will
have routine physical access to a Federally-controlled facility or routine
access to a Federally-controlled information system may be excluded from
coverage by this Advisory based on the LincPass
Distribution Risk Assessment, which will be conducted by a USDA Sponsor as part
of the PIV II registration, identity proofing, and credential issuance
procedures. Examples of probable exclusions are couriers, express mail and
package or other delivery persons.
Contracts that
when originally awarded did not include the PIV requirements, but will be
modified to include them, are covered by this Advisory.
Sponsors from
the requiring office (and the site security officer) shall determine the
applicability of the requirements of HSPD-12, FIPS PUB 201, OMB Memorandum
M-05-24, and this Advisory. Details on
applicability of these requirements are covered in the next section of this
Advisory.
Questions
Regarding Applicability of PIV Requirements to a Solicitation or Contract
If there is a
question concerning applicability of the PIV requirements or other HSPD-12,
FIPS PUB 201, or OMB Memorandum M-05-24 requirements, Sponsors may contact the
Office of Security Services, Personnel and Document Security Division (
If the
requiring office determines that performing contractor employees will require a
LincPass based on the requirements set forth by
HSPD-12, FIPS PUB 201, OMB Memorandum M-05-24, and this Advisory, the Sponsor
shall notify the CO in writing. Upon
notification of an HSPD-12 requirement for performing contractors, COs should do the following:
1.
Insert
a clause that contains language similar to that in 452.204-71 in all covered
solicitations and contracts that include FAR clause 52.204-9.
2.
When
issuing an appointment memorandum to the COR (or other designated
program/project officer), detail PIV Sponsor duties to be delegated.
3.
Provide
any contract information necessary for the PIV enrollment process (such as
contract number, period of performance, and contractor name) to the Sponsor or
designated coordinator.
4.
Should
the results of the PIV process require exclusion of a contractor’s employee,
the CO shall notify the contractor in writing of the exclusion without specific
detail regarding the reasons for exclusion.
Procedures
for the Employees of the Contractor
The procedures
to be followed by contractors and contractor employees are specified in DM
4620-002.
Protection
of Information
Privacy of PIV
information must be maintained in accordance with the Privacy Act of 1974. For information on the Privacy Act of 1974,
visit http://www.usdoj.gov/oip/privstat.htm.
Clause
for Solicitations and Contracts
FAR Subpart
4.13, Personal Identify Verification of Contractor Personnel, establishes the
policy and use requirements for FAR clause 52.204-9, Personal Identify
Verification of Contractor Personnel (JAN 2006).
Insert a
clause that contains language similar to that in 452.204-71 in all covered
solicitations and contracts which include FAR clause 52.204-9.
COs should
amend covered solicitations prior to contract award to the maximum extent
practicable to ensure that FAR Clause 52.204-9 and the appropriate AGAR clause
are included to minimize the number of subsequent modifications that will be
required.
452.204-71 PERSONAL IDENTITY
VERICATION OF CONTRACTOR EMPLOYEES (Oct 2007)
(a) The contractor shall comply with the personal identity
verification (PIV) policies and procedures established by the Department of
Agriculture (USDA) Directives 4620-002 series.
(b) Should the results of the PIV process require the
exclusion of a contractor’s employee, the contracting
officer will notify the contractor in writing.
(c) The contractor must appoint a representative to manage
compliance with the PIV policies established by the USDA Directives 4620-002
series and to maintain a list of employees eligible for a USDA LincPass required for performance of the work.
(d) The responsibility of maintaining a sufficient workforce
remains with the contractor. Employees may be barred by the Government from
performance of work should they be found ineligible or to have lost eligibility
for a USDA LincPass. Failure to maintain a sufficient
workforce of employees eligible for a USDA LincPass
may be grounds for termination of the contract.
(e) The contractor shall insert this clause in all
subcontracts when the subcontractor is required to have routine physical access
to a Federally-controlled facility and/or routine access to a
Federally-controlled information system.
(f) The PIV Sponsor for this contract is a designated program
point of contact, which in most cases is the Contracting Officer Representative
(COR), unless otherwise specified in this contract. The PIV Sponsor will be
available to receive contractor identity information from * (hours and
days) to * (hours and days) at * (office address for
registration). The Government will notify the contractor if there is a change
in the PIV Sponsor, the office address, or the office hours for registration;
however, it is the contractor’s responsibility to meet all aspects of
paragraphs (c), (d), and (e).
(End of clause)
*Contracting
Officer shall insert the appropriate information.
Orders Against Other Agency Contracts
Other agency
contracts, including Federal Supply Schedules, may not have similar terms
included in the contract. Before placing covered orders against such contracts,
the Contracting Officer must review the terms, and if the contract does not
include the necessary terms, either not use the contract or include these terms
in the order placed against the contract.
Access
to Classified National Security Information is Covered
Elsewhere
When a
proposed solicitation is likely to require access to information that is
safeguarded pursuant to Executive Order 12958, Classified National Security
Information, the requirements official shall follow AGAR Advisory 61,
“Safeguarding National Security Information,” the requirements identified in
the National Industrial Security Program Operating Manual, and DM 4620-002,
Appendix D. Contracting Officers or CORs should consult with OPPM, PDSD
regarding the procedures to be followed.
QUESTIONS:
Questions that
Contracting Officers and CORs have about DR or DM 4620-002, including any
security requirements addressed in this Advisory, should be addressed to Susan Gulbranson, Personnel and Document Security Division, by
telephone at 202-720-7373, by fax at (202) 720-1689, or by email to susan.gulbranson@usda.gov.
If you have questions regarding
this advisory, please contact Todd Repass, Chief, PPD
via email at Todd.Repass@da.usda.gov or by phone at (202) 690-1060; or send an email to procurement.policy@da.usda.gov.
This Advisory
is available at http://www.usda.gov/procurement/policy/advisories.html.
EXPIRATION
DATE: This advisory will remain in effect until cancelled.
[END]