OCCUPATIONAL SAFETY AND HEALTH OSHRC OA 101 REVIEW COMMISSION October 27, 2005

Personal Identity Verification of

Occupational Safety and Health Review Commission

Employees and Contractors

I. PURPOSE

This directive provides policies and procedures to be followed by the Occupational Safety and Health Review Commission (Review Commission or OSHRC) to meet requirements established through Homeland Security Presidential Directive (HSPD)-12 and Government-wide standards and requirements. Specifically, it addresses Part I - Common Identification, Security and Privacy Requirements, which is the minimum requirement for a Federal personal identity verification (PIV) system that meets the control and security objectives of HSPD-12. It includes the personal identity proofing, registration, and issuance process for employees and contractors.[1]

II. AUTHORITY

· Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors, dated

August 27, 2004.

· U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, dated

February 25, 2005.

· OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD)-12 Policy for a Common Identification Standard for Federal Employees and Contractors, dated August 5, 2005.

III. BACKGROUND

HSPD-12 requires that all government agencies develop specific and consistent standards for both physical and logical identification systems. NIST's FIPS 201 establishes detailed standards on implementing processes and systems to fulfill the requirements of HSPD-12.

FIPS 201 specifies a PIV system within which common identification credentials can be created, and later used to verify a claimed identity. It also defines a reliable, government-wide PIV system for use in applications such as access to federally controlled facilities and information systems. FIPS 201 outlines two phases to implementing an HSPD-12 program. Phase I (PIV I) describes the registration, identity proofing, and issuance procedures, and Phase II (PIV II) describes the technical and interoperability requirements of an HSPD-12 compliant system. PIV II includes card elements, systems interfaces, and security controls required to securely store and retrieve data from the card.

IV. APPLICABILITY

The FIPS 201 standard applies to individuals employed by, detailed to, or assigned to the Review Commission and all individuals under long-term (six months or longer) contract to the Review Commission. The standard is applicable to credentials that the Review Commission issues to its employees and contractors for gaining physical access to federally controlled facilities and logical access to federally controlled information systems.

PIV I requires the implementation of registration, identity proofing, and issuance procedures in line with the requirements of FIPS 201. PIV I does not require the implementation of any new systems or technology. It applies to new long-term (six months or longer) employees and contractors who begin work at the Review Commission on or after October 27, 2005. These individuals will have to follow the procedures outlined in section IX (B) below to apply for and receive their credentials. The Review Commission will continue to issue existing credentials under PIV I, but the process for application and issuance will be different.

It is not required that temporary employees and “occasional visitors” to the Review Commission facilities be subject to PIV requirements. Therefore, temporary employees and contractors (less than six months), will not be subject to PIV requirements under FIPS 201; however they may be required to undergo a limited reference check, following an agency risk-based assessment of the need for such.[2]

V. SCHEDULES AND DEADLINES

The agency must create and implement a PIV I compliant process no later than

October 27, 2005. The agency will apply the PIV I credential process to all new Review Commission employees and contractors who begin working for the Review Commission on or after October 27, 2005.

All current Review Commission employees and contractors should be identity proofed no later than October 27, 2007 and all employees will be issued a FIPS 201 compliant card as their sole identification card for the Review Commission by October 27, 2007.

By October 27, 2007, the agency will verify and/or complete background investigations for all current employees, contractors and other applicable individuals.

The agency must create and implement a PIV II compliant system no later than

October 27, 2006.

VI. DEFINITIONS

Access control - the process of granting or denying requests to access physical facilities or areas, or logical systems (i.e., computer networks or software applications). See also "logical access control system" and "physical access control system."

Authentication - the process of establishing an individual's identity and determining whether individual Federal employees or contractors are who they say they are.

Authorization - process of giving individuals access to specific areas or systems based on their authentication.

Biometric - a measurable physical characteristic used to recognize the identity of an individual. Examples include fingerprints and facial images. A biometric system uses biometric data for authentication purposes.

Contractor - an individual under contract to a department or agency requiring routine access to federally controlled facilities and/or federally controlled information systems to whom Federal agency identity credentials would be issued, consistent with the agency’s securities policies.

e-OIP Tracking Number - number assigned by the Electronic Questionnaire for Investigations Processing (e-QIP) to each SF-85 application. This tracking number

must be written on the fingerprint card when it is submitted to OMB in order to bind the fingerprint card to the proper applicant.

FBI Fingerprint Check - fingerprint check of the FBI fingerprint files. This check is an integral part of the NACI, and is the minimum requirement for provisional card issuance.

FD-258 - fingerprint chart to accompany the NACI request when the individual to be investigated is a contractor (neither a Federal employee nor an applicant for Federal employment), or when agreed to by the Office of Personnel Management (OPM) Federal Investigations Processing Center (FIPC).

Identity Proofing - the process of providing sufficient information (e.g., driver's license, proof of current address, etc.) to a registration authority, or the process of verifying an individual's information that he or she is that individual and no other.

Logical Access Control System (LACS) - protection mechanisms that limit users' access to information and restrict access on the system to only what is appropriate for them. These systems may be built into an operating system, application, or an added system.

National Agency Check (NAC) - is part of the National Agency Check with Written Inquiries. Standard NACs consist of searches of the Security/Suitability/Investigations Index (SSI), Defense Clearance and Investigation Index (DCII), FBI Name Check, and FBI National Criminal History Fingerprint Check.

National Agency Check with Written Inquiries (NACI) - the basic and minimum investigation required for all new Federal employees and contractors consisting of searches of the OPM Security/Suitability Investigations Index (SII), the Defense Clearance and Investigations Index (DCII), the Federal Bureau of lnvestigation (FBI) Identification Division's name, fingerprint files, and other files or indices when necessary. A NACI also includes written inquiries and searches of records covering specific areas of an individual's background during the past five years (inquiries sent to current and past employers, schools attended, references, and local law enforcement authorities). Coverage includes: employment (five years); education (five years and highest degree verified); residence (three years); references; law enforcement (five years); and NACs.

Physical Access Control System (PACS) - protection mechanisms that limit users' access to physical facilities or areas to only what is appropriate for them. These systems typically involve a combination of hardware and software (e.g., a card reader), and may involve human control (e.g., a security guard).

PIV II Credential - a government-issued credit card-sized identification that contains a contact and contactless chip. The holder's facial image will be printed on the card along with other identifying information and security features. The contact chip will store a PKI certificate, the CHIUD, and a fingerprint biometric, both of which can be used to authenticate the user for physical access to federally controlled facilities and logical access to federally controlled information systems.

Public Key Infrastructure (PKI) - A service that provides cryptographic keys needed to perform digital signature-based identity verification, and to protect communications and storage of sensitive data.

SF-87 - fingerprint chart to accompany the NACI request when the individual to be investigated is a Federal employee or applicant for Federal employment.

Submitting Office Number (SON) - number assigned by OPM to identify the office that submitted the NACI request.

VII. PRlVACY POLICY

HSPD-12 explicitly states that "protect[ing] personal privacy" is a requirement of the PIV system. As such, the Review Commission shall implement the PIV system in accordance with the spirit and letter of all privacy controls specified in FIPS 201, as well as those specified in Federal privacy laws and policies. This includes, but is not limited to, the E-Government Act of 2002; the Privacy Act of 1974; OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, dated September 26, 2003; and OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSDP) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors, dated August 5, 2005.

Background investigation records are subject to the Privacy Act. The Review Commission must ensure those records are:

· Secured against unauthorized access;

· Accessed by only those whose official duties require such access; and

· Stored in a locked metal file cabinet or secure room.

The Review Commission will also:

· Establish procedures to allow employees or their designated representatives access to their records, while ensuring that the records remain subject to agency control at all times;

· Ensure that those authorized to access personnel records subject to the Privacy Act understand how to apply the Act's restrictions on disclosing information from a system of records;

· Oversee privacy-related matters associated with implementing the agency’s HSPD-12 program, and submit to OMB and make publicly available a comprehensive privacy impact assessment (PIA) of the program, including an analysis of any information technology systems used to implement this directive;

· Review and update the PIA periodically; and

· Complete the actions required in OMB guidance.[3]

VIII. NACI/OPM/NS BI REQUIREMENTS

A NACI is the minimal background investigation that must be performed for all individuals to whom this directive applies, except when the position requires a higher-level OPM/NS BI. In such cases, the OPM/NS BI shall be scheduled in lieu of the NACI.

These requirements may also be satisfied by locating and referencing a completed and successfully adjudicated NACI or other higher level OPM/NS BI. To locate and reference an already completed and successfully adjudicated NACI, contact the Human Resource Specialist. If the Applicant indicates that he/she has already been awarded a specified level of security clearance based on a NACI/Other BI from previous employment, the previous employer's human resources or personnel security office should be contacted to obtain a copy of the certificate or the original. The certificate from the previous employer must be current from the date of inquiry. OPM may also be contacted to verify the level of security.

The Office of Administration, in consultation with the Office of General Counsel, is responsible for determining the position sensitivity designation for all positions and for ensuring that employees have the appropriate investigation that corresponds to that determination. It must also ensure that periodic reinvestigations are scheduled as required. The Human Resource Specialist or the Executive Officer will submit the NACI SF-85, Questionnaire for Non-Sensitive Positions directly to OPM.

Before issuing a credential, the agency should receive notification of the results of the National Agency Check. If the agency has not received the results within five days, the identity credential can be issued based on the FBI National Criminal History Fingerprint Check (FBI fingerprint check). The Registrar may issue a credential approval after the successful completion of a fingerprint check; however, the completion and successful adjudication of a full NACI is still required for all Applicants. Refer to section IX (b) below and Appendix B for specific instructions on completing and adjudicating the NACI.

IX. REGISTRATION, IDENTITY PROOFING AND CREDENTIAL ISSUANCE

The agency will use a manual Role-Based Model specified below to register, identity proof, and credential applicants. This process uses inspection of identity source documents and background checks to establish assurance of identity. All actions taken for approval/denial of requests by all participants in the process shall have an auditable trail, which is a critical control component in establishing the chain of trust for PIV issuance and management.[4] Auditing identity proofing and registration records may take place periodically.

A. Role Based System

The PIV I process contains critical roles associated with the identity proofing,

registration, and issuance process. These roles are ancillary roles assigned to agency personnel who have other primary duties. No single individual may assume more than one of these roles in the process, with the exception of the Adjudicator role. (An individual may assume the role of Adjudicator and Sponsor or Adjudicator and Registrar.) The following roles shall be employed for registering and identity proofing an Applicant, and issuing an Applicant a credential.

1. Roles and Responsibilities

(a) PIV Applicant

The Applicant is the individual to whom a PIV credential needs to be issued. The Applicant will:

· Complete required forms;

· Appear in person during various stages of the process;

· Provide two forms of identity source I-9 documents (OMB No. 1115-0136 Employment Eligibility Verification) in original form to Registrar, one of which must be a valid State or Federal government-issued picture identification to prove claimed identity.

(b) PIV Sponsor

The Sponsor is the individual who substantiates the need for a PIV credential

to be issued to the Applicant and provides sponsorship to the Applicant. The Sponsor will:

· Authorize the request for a PIV credential;

· Coordinate initial registration activities; and

· Serve as intermediary between Applicant and Registrar, if necessary.

The Registrar is the entity or individual responsible for identity proofing the Applicant, coordinating NACI activities, and ensuring the successful completion of the background checks. The PIV Registrar provides the final approval for issuance of a PIV credential to the Applicant. The Registrar is a role that may be performed by more than one person.

The Registrar will:

· Compare Applicant’s information contained in the PIV Request (e.g., full name, date of birth, contact information) with the information provided by Applicant;

· Retain copies of required information in a personnel security file (e.g., a facial image and fingerprints of Applicant, completed and signed PIV Request, completed and signed SF-85 or equivalent form received from Applicant, information related to the checked identity source documents, results of the required background check, and other materials used to prove the identity of Applicant);

· Require Applicant to be fingerprinted at a facility referred to Applicant (e.g., a designated DOI facility or other secured location);

· Initiate a NACI on Applicant as required by Executive Order 10450 by forwarding the information to OPM by overnight/FedEx or by certified mail, return receipt requested;

· Approve or Deny Issuance of PIV card;

· Notify the PIV Sponsor and PIV Issuer that Applicant has been approved or denied the issuance of PIV credential; and

· Provide required information to PIV Issuer through a secure process.

(d) Office of Personnel Management (OPM)

The OPM is responsible for conducting the NACI and FBI Fingerprint Check.

(e) PIV Adjudicator

The PIV Adjudicator is responsible for determining whether or

not the Applicant is eligible to receive a PIV Card, based on results obtained from OPM. The Adjudicator will:

· Confirm fingerprint check results;

· Adjudicate NACI and attempt to resolve issues; and

· Notify Registrar of results.

(f) PIV Issuer

The PIV Issuer is an individual or entity that performs credential personalization operations and issues the identity credential to the Applicant after all identity proofing, fingerprint checks, and related approvals have been completed. The Issuer will:

· Confirm Applicant identification source documents;

· Capture photo, validate that the appearance of the individual matches the picture being printed on the PIV credential, and store duplicate photo in the personnel security file;

· Issue provisional or new PIV credential;

· Obtain a signature from Applicant (now PIV credential holder) attesting to Applicant’s acceptance of the PIV credential;

· Notify PIV Sponsor and designated PIV Registrar of the successful or unsuccessful personalization and issuance of the credential;

· Maintain records (completed and formally authorized PIV Request, approval notice from PIV Registrar, name of PIV credential holder, credential identifier, expiration date of the PIV credential, and signed acceptance form from PIV credential holder); and

· Control PIV credential stock to ensure stock is only used to issue valid credentials.

B. Registration, Identity Proofing, and Issuance Procedures

The following is a sequential list of steps to be followed when applying for and issuing a credential that is compliant with the Review Commission's PIV I identity proofing and registration process.

(1) Sponsor - Send new hire package to Applicant with PIV registration instructions. Simultaneously notify Registrar of the request for PIV credential. Complete Sponsor section of Personal Identity Verification Request for OSHRC Credential (OSHRC PIV Request Form). See Appendix A.

· Federal Employee New Hire Package includes: OF-306 (Declaration of Employment) and SF-87 (fingerprint chart) with instructions on where to obtain fingerprints; and instructions for accessing and completing SF-85 online and downloading it as a hard copy.

· Contractor New Hire Package includes: OF-306 (Declaration of Employment) and FD-258 (fingerprint chart) with instructions on where to obtain fingerprints; and instructions for accessing SF-85 online and downloading it as a hard copy.

(2) Registrar - Confirm the validity of the PIV request. Confirm registration requirements with Applicant.

(3) Applicant - Complete OF-306, SF-85 form, and fingerprint card per agency instructions in new hire package. OPM questionnaire is located at http://www.opm.gov/forms/pdf_fill/SF85.pdf

(4) Applicant - Appear in person in front of Registrar with completed forms from new hire package, résumé, and two identity source documents in original form. The identity source documents must come from the list of acceptable documents shown on Form 1-9, OMB No. 1115-0136, Employment Eligibility Verification. At least one document should be a valid State or Federal government-issued picture identification (ID) card.

(5) Registrar - Inspect and validate the identity source documents, OF-306, résumé, and fingerprint card from Applicant. Verify that Applicant is the individual pictured in the government-issued picture identification. Complete Registrar section of OSHRC PIV Request Form and record information from the identity source documents.

(6) Registrar - Copy OF-306, résumé, and fingerprint chart and attach to Applicant's SF-85 to send to OPM to initial a NACI on behalf of Applicant.

(7) Registrar - Send Applicant’s completed package and fingerprint chart by secure method to OPM.

(8) OPM - Run fingerprint check based on fingerprint card. Send results to

Adjudicator.

(9) Adjudicator -Verify that fingerprint check results received from OPM are successfully/unsuccessfully adjudicated and notify Registrar.

(10) Registrar - Review results of fingerprint check from Adjudicator. If approved, complete Registrar section of OSHRC PIV Request Form. (Applicants may be issued a provisional credential after the FBI Fingerprint Check portion of the NACI is successfully completed.) Send approval notification to Sponsor and Issuer to issue provisional credential; go to step 12. If denied due to unusable fingerprints or incorrect identity, notify Sponsor; go to step 11.

(11) Registrar - If fingerprint check was unsuccessful (unusable fingerprints,

incorrect identity), determine whether to proceed with another fingerprint

check or terminate the process.

(12) Registrar - Contact Applicant after approval and inform Applicant to appear in person in front of Issuer with identification source documents to receive credential.

(13) Applicant - Appear in person in front of Issuer and present State or

Federal ID.

(14) Issuer - Confirm Applicant's identity in person by verifying State or

Federal ID with source document information on OSHRC PIV Request Form received from Registrar.

(15) Issuer - Photograph Applicant or send Applicant to a designated location to obtain a photograph and issue credential (provisional credential if the NACI has not been completed). Complete Issuer section of OSHRC PIV Request Form.

(16) Applicant - Complete Applicant section of OSHRC PIV Request Form acknowledging acceptance of credential.

(17) Issuer - Forward completed OSHRC PIV Request Form to Registrar to maintain in the personnel security file.

(18) Registrar - Receive completed OSHRC PIV Request Form from Issuer and update personnel security file with original completed OSHRC PIV Request Form.

NACI completion

(19) OPM - Conduct NACI and send final results to Adjudicator. Step 19 follows Step 8 and can be completed concurrently with the activities in steps 9 through 18.

(20) Adjudicator - Adjudicate NACI according to the adjudication criteria listed in Appendix B and 5 C.F.R. pt. 731. Notify Registrar and Sponsor of successful NACI.

(21) Adjudicator - Attempt to resolve any issues directly with Applicant.

(22) Adjudicator - If NACI adjudication is successful, notify Registrar, complete OFI-79A, store copy of OFI-79A in the personnel security file and Letter of Adjudication in the OPF, and forward original OFI-79A to OPM; go to step 23. If NACI adjudication is unsuccessful, notify Registrar and Sponsor; go to step 24.

(23) Registrar - If a successful NACI is received from Adjudicator, remove provisional status from credential and update personnel security file.

(24) Registrar - If NACI is unsuccessful, update personnel security file and revoke credential.

(25) Sponsor - Notify Applicant of unsuccessful NACI, recover credential, and advise Applicant of appeal rights.

(26) Applicant - Appeal an unsuccessful adjudication (optional).

X. APPEAL PROCEDURES FOR DENIAL OF CREDENTIAL

In the event of an unsuccessful adjudication, the appeal procedures noted below will be followed.

A. Appeal Rights for Federal Service PIV Applicants

When the PIV Adjudicator determines that a PIV Applicant has not provided his or her true identity during the registration process or is otherwise found unsuitable, and the determination results in a decision by the agency to withdraw an employment offer, or remove the employee from the federal service, the appeals rights of either 5 C.F.R. pt. 315, subpart H (probationary employees); 5 C.F.R. pt. 731, subparts D and E (suitability); or 5 C.F.R. pt. 752, subparts D through F (adverse actions), will be followed, depending on the employment status of the federal service applicant, appointee, or employee. And to the extent required by these provisions, the procedures of 5 C.F.R. pt. 1201 (practices and procedures of Merit Systems Protections Board) will be followed.

Employees who are removed from Federal service are entitled to dispute this action using applicable grievance, appeal, or complaint procedures available under Federal regulations, or Review Commission directives.

B. Appeal Rights for Contract PlV Applicants

Notice of Proposed Action - A notice of proposed action will be given when the PIV Adjudicator determines that a PIV Applicant has not provided his or her true identity or is otherwise not suitable to be employed in the current or applied-for position, i.e., after an unsuccessful adjudication. The PIV Adjudicator will provide the individual reasonable notice of the determination, including the Adjudicator’s reason(s) for determining that the individual has not provided his or her true identity or is otherwise unsuitable. The notice will state the specific reasons for the determination, and that the individual has the right to answer the notice in writing. The notice will inform the individual of the time limits for response, as well as the address to which such response should be made.

Answer - The individual may respond to the determination in writing and, in support of the response, furnish documentation that addresses the validity, truthfulness, and/or completeness of the specific reasons for the determination.

Decision - After considering the PIV Adjudicator’s rationale and any documentation submitted by, or on behalf of, the PIV Applicant, the Chairman or his/her designee will issue a final written decision that either affirms or reverses the PIV Adjudicator’s decision, and informs the PIV Applicant of the reasons for the decision.

XI. EXPIRATION DATE REQUIREMENTS

All credentials issued by the Review Commission will have an expiration date printed on the card. The expiration date for all credentials must be five (5) years or less from the date of issuance.

All existing Review Commission credentials must be replaced with PIV II credentials by October 27, 2007.

XII. REPLACEMENT AND TEMPORARY CREDENTIALS

The PIV I process does not need to be followed to secure replacement or temporary credentials. Replacement credentials are to be issued when an employee’s or contractor’s credential is lost, damaged, stolen, or expired. In such cases, Sponsors are required to complete the Sponsor section of the OSHRC PIV Request Form and check the replacement card box. Sponsor and Applicant will follow pre-existing credential issuance procedures for obtaining a replacement credential.

In addition, should a long-term employee or contractor forget his/her credential on a particular day, this individual will be issued a temporary credential after his/her identity is confirmed.

XIII. CONTRACTING REQUIREMENTS

All contractors must follow the identity proofing and registration requirements outlined in Section IX (B) above. The Review Commission’s contracts must indicate that: 1) all long-term contractor employees must go through the identity proofing and registration process, and 2) all incumbents must be successfully identity-proofed and have a successfully adjudicated NACI or OPM/NS BI to serve on the contract.

XIV. TRAINING

Agency specific training will be conducted for those processes and procedures that are unique to the Review Commission. PIV specific training is required for various roles that must be assumed to implement HSPD-12. The Department of Interior has developed computer-based training to meet the requirements for HSPD-12. There are several modules that address the standardized PIV roles and responsibilities involved in the secured process. All sponsors, registrars, adjudicators and issuers will receive training prior to assuming such roles. The DOI computer-based training can be viewed at www.vodium.com/goto/blm/hspd12.asp. The OPM USA Learning website http://www.usalearning.gov/USALearning must be used to obtain the password to complete the required training and receive a certificate of completion.

XV. REPORTING REQUIREMENTS

FIPS 201 and OMB guidance requires the agency to report the number of agency-issued credentials. Therefore, a report including the following information will be submitted to the Executive Officer within 15 days of the end of each quarter and the fiscal year to ensure that controls are in place for tracking all PIV credentials:

A. The number of PIV credentials issued during the quarter or the fiscal year, and the name, card identifier, issuance date, and expiration date associated with each issued credential.

B. The number of PIV credentials cancelled during the quarter or the fiscal year, and the name, card identifier, cancellation date, and reason for cancellation associated with each canceled credential.

C. The number of PIV credentials replaced during the quarter or the fiscal year, and the name, old card identifier, new card identifier, replacement date, and reason for replacement associated with each replaced credential.

XVI. GENERAL

This newly adopted directive will be placed in the Master File of OSHRC Directives subject to annual review and will be posted under “Publications” on OSHRC’s website.

OFFICIAL SEAL:

/s/ /s/

PATRICIA A. RANDLE W. SCOTT RAILTON

EXECUTIVE OFFICER CHAIRMAN

Appendix A

PERSONAL IDENTITY VERIFICATION (PIV) REQUEST FOR OSHRC CREDENTIAL

_____________________________________________________________________________________________

Privacy Notice: Public Law 93-579 permits collection of the data requested on this form. The information is used to determine suitability for the issuance of OSHRC credentials. The information will be used to identity proof and register applicants as part of the Personal Identity Verification process. Providing this information is voluntary; however, failure to submit this information may result in denial of a OSHRC credential.

____________________________________________________________________________________________________________________

A. PIV Request & Source Document Confirmation (To be completed by Sponsor)

1. Replacement Card? ⁫Yes ⁫No 1a. Reason for Replacement:__________________________

2. B1* Application Complete? ⁫ Yes (Required for new cards only) [*“B1” is a generic reference to all investigations for federal employment purposes.]

3. U. S. Citizen ⁪ Yes ⁪ No: 3a. Country of Citizenship_______________________________

4. Contractor Company:___________________________Contract Number:_________________

5. Application Information ⁫Contractor ⁫Employee

Name: __________________________________________________________

Phone: __________________________________________________________

Birth date (mm/dd/yyyy): _____________/____________/_________________

Hair Color______Eye Color_________Height_______Weight____ Gender____

Position: __________________________________________________

Organization: __________________________________________________

Work Address: __________________________________________________

City: __________________________________________________

Zip: __________________________________________________

Email: __________________________________________________

6. Sponsor Information

Name: __________________________________________________

Organization: __________________________________________________

Phone: __________________________________________________

Email: __________________________________________________

I agree to sponsor the above application for a PIV credential and certify that the information is accurate to the best of my knowledge.

Sponsor Signature: ___________________________________________

Date (mm/dd/yyyy): ______________/_______________/_____________

B. Source Document Confirmation and Issuance Approval (To be completed by Registrar for new cards only, after Section A is completed.)

1. Identity Source Document 1 (Attach copy)

Name: _________________________________________________

Doc.#: _________________________________________________

Doc. Title: _________________________________________________

Issuer: _________________________________________________

Doc. Expiration Date (mm/dd/yyyy): ___________/__________/___________

2. Identity Source Document 2 (Attach copy)

Name: _________________________________________________

Doc. #: _________________________________________________

Doc. Title: _________________________________________________

Issuer: _________________________________________________

Doc. Expiration Date: (mm/dd/yyyy): ___________/___________/__________

3. FBI Fingerprint Check Results

Date Completed (mm/dd/yyyy): ___________/____________/___________

Successful? ⁫Yes ⁫No

Comments: _____________________________________________________________________ _______________________________________________________________________________

4. Adjudication

Completed

⁫Yes ‌ ⁫No

Successful

⁫Yes ‌ ⁫No

5. Registrar Information

Name: ____________________________________________________________________________

Organization: _____________________________________________________________________

Phone: ____________________________________________________________________________

Email: ____________________________________________________________________________

I hereby certify that the information regarding the above applicant is accurate to the best of my knowledge and approve this application for credential issuance.

Registrar Signature: _________________________________________________

Date (mm/dd/yyyy): _____________/________________/__________________

C. Credential Details (To be completed by Issuer, after Section A [and B, if required] is completed.)

1. Credential Issuance

Name on Credential: ________________________________________________________

Credential Identifier: ________________________________________________________

Credential Expiration Date (mm/dd/yyyy): ______________/______________/_____________

Picture Taken ⁪ Yes ⁪ No

2. Credential Information

Name: ______________________________________________________________________

Organization: _______________________________________________________________

Phone: ______________________________________________________________________

Email: ________________________________________________________________________

I hereby acknowledge issuance of a credential to the applicant identified above based on verification of the applicant’s identity and verification of the above Registrar’s issuance approval.

Issuer Signature: ____________________________________________________

Date (mm/dd/yyyy): ________________/________________/________________

D. Applicant Acknowledgement (To be completed by Applicant, after Section C is completed.)

I, the Applicant, confirm receipt of the PIV credential identified above and that the information is accurate to the best of my knowledge, and agree to abide by all rules and responsibilities associated with the credential.

Applicant Signature: ________________________________________________

Date (mm/dd/yyyy)): ________________/________________/_______________

Appendix B

Adjudication Criteria

The Adjudicator will adjudicate the Applicant’s NACI according to the criteria listed below which are consistent with OPM requirements:

(a) When adjudicating initial and continued eligibility to possess a credential, the Adjudicator shall make his or her determination based on the results of the FBI Fingerprint Check, NACI, other OPM/NS BI, or agency inquiry into misconduct.

(b) When making a PIV determination under (a) above, the Adjudicator must find out whether or not the identity provided to the Sponsor and Registrar during the registration process is the Applicant's true identity. For applicants for employment and current Federal employees, the Adjudicator will consult with the applicant or employee's servicing Human Resources staff before making a final determination as to whether to deny or withdraw a credential.

(c) If the adjudication confirms the individual's true identity, but reveals unfavorable information that involve criteria 1 through 8 below, adjudication under 5 C.F.R. pt. 731 shall be conducted. Part 731 criteria are:

1. Misconduct or negligence in employment;

2. Criminal or dishonest conduct;

3. Material, intentional false statement or deception or fraud in examination or appointment;

4. Refusal to furnish testimony as required by 5 C.F.R. § 5.4;

5. Alcohol abuse of a nature and duration, which suggests that the applicant or appointee would be prevented from performing the duties of the position in question, or would constitute a direct threat to the property or safety of others;

6. Illegal use of narcotics, drugs, or other controlled substances, without evidence of substantial rehabilitation;

7. Knowing and willful engagement in acts or activities designed to overthrow the U.S. Government by force; or

8. Any statutory or regulatory bar which prevents the lawful employment of the person involved in the position in question.

(d) When making a suitability determination under 5 C.F.R. pt. 731, the following factors should be considered to the extent that they are deemed pertinent to the individual case:

1. The nature of the position for which the person is applying or in which the person is employed;

2. The nature and seriousness of the conduct;

3. The circumstances surrounding the conduct;

4. The recency of the conduct;

5. The age of the person involved at the time of the conduct;

6. Contributing societal conditions; and

7. The absence or presence of rehabilitation or efforts toward rehabilitation.

[1] This directive will be supplemented to incorporate the requirements under PIV Part 2 - Government-wide Uniformity and Interoperability by September 30, 2006.

[2] Temporary employees and contractors employed for six months or less will have limited and controlled access to agency facilities and information systems. They will receive clear documentation on the rules of behavior and consequences for violations before being granted access to the agency’s facilities and/or systems. Any security violation that may occur involving these employees will be documented and reported to appropriate authority within 24 hours. Any identity credential issued to these individuals must be visually and electronically distinguishable from identity credentials issued to employees covered by FIPS 201 standard. Occasional visitors are subject to the agency’s visitor policies.

[3] The Office of General Counsel will provide advice on any legal issues that may arise in implementing the agency’s HSDP-12 program.

[4] Federal regulations for security, privacy and records archival will be followed in the storage and access control mechanisms used to maintain data.