In response to President Bush’s August 2004 Homeland Security Presidential Directive 12 (“HSPD 12”), the Office of Management and Budget (“OMB”) last month issued a memorandum discussing specifications for personal identity verification (“PIV”) cards to be used by both government employees and government contractors.
The OMB publication relies on standards for the cards that were introduced by the National Institute of Standards and Technology (“NIST”) Computer Security Division. According to the NIST website, while getting the PIV system up and running properly, “the personal privacy of all subscribers of the PIV system” must be protected. However, the card issuers must be able to determine “the correct legal name of the person applying for a PIV ‘card’; electronically obtain and store required biometric data (e.g., fingerprints, facial images) …; assure appropriate levels of security for all applicable Federal applications; and provide interoperability among Federal organizations using the standards.”
For government contractors, these guidelines have a number of important implications. According to HSPD 12, Attachment A, all government contractor employees who have “routine access to federally controlled facilities and/or federally controlled information systems to whom [an agency] would issue Federal agency identity credentials” must have a PIV card. Attachment A also states that October 27, 2007 is the deadline to “[v]erify and/or complete background investigations for all current employees and contractors.”
However, the HSPD 12 contains important exceptions and clarifications, and contractors are advised to seek guidance on complying with these requirements if necessary.
This update is published by Venable LLP. Venable publications are not intended to provide legal advice or opinion. Such advice may only be given when related to specific fact situations. © Copyright by Venable LLP 2005.