credentialing
(CT:DS-436; 04-03-2025)
(Office of Origin: DS/C/ST)
12 FAM 521 GENERAL
12 FAM 521.1 Purpose
(CT:DS-436; 04-03-2025)
This subchapter establishes standards for the Department to determine eligibility and issue Personal Identity Verification (PIV) credentials for physical and/or logical access to Department facilities and/or information systems. Although this subchapter provides standards for domestic and overseas Department facilities and information systems, access to overseas facilities is subject to Chief of Mission (COM) authority. Nothing in this subchapter limits COM authority.
12 FAM 521.2 Applicability
(CT:DS-436; 04-03-2025)
a. This subchapter applies to any person applying for or holding a PIV credential from the Department. This includes anyone who performs or who seeks to perform work for, or on behalf of, the Department, or otherwise interacts with the Department such that the individual must undergo vetting and requires logical and/or physical access to Department facilities or information systems. While this subchapter does not apply to short-term employment, it does apply to intermittent and seasonal employment.
b. This subchapter does not apply to:
(1) identity credentials associated with national security systems as defined by 44 U.S.C. § 3552(b)(6);
(2) law enforcement identification media described in 12 FAM 372 Official DS Identification Media;
(3) identification credentials provided to family members and other eligible beneficiaries;
(4) short-term employees or occasional visitors to Department facilities to whom the Department would issue a temporary identification.
c. This subchapter does not limit the responsibility or the authority of the Department to deny, suspend, or terminate access to its facilities and information systems in the interest of national security, nor does this subchapter limit personnel or administrative actions the Department may take pursuant to workplace management responsibilities that limit access.
12 FAM 521.3 Definitions
(CT:DS-436; 04-03-2025)
Bureau security officer (BSO): A Diplomatic Security professional assigned to the Office of Information Security Program Applications Division (DS/SI/APD), who is the principal security adviser on detail to one or more bureaus within the Department. Bureau executive directors within the Department may request that DS/SI/APD assign a BSO in lieu of appointing a principal unit security officer (PUSO).
Central Verification System (CVS) or any successor system: The CVS is the Defense Counterintelligence Security Agency's (DCSA) centralized database supporting reciprocity and information sharing within the Federal Government. The CVS captures and maintains information on all types of investigations and adjudications.
Derived PIV credential: A credential issued based on proof of possession and control of a PIV card. Derived PIV credentials are typically used in situations that do not easily accommodate a PIV card, such as in conjunction with mobile devices. Derived PIV credentials are issued in accordance with the requirements of NIST SP 800-157.
Domestic security officer (DSO): A Diplomatic Security professional assigned to the Office of Domestic Facilities Protection (DS/DO/DFP) who oversees the security program for domestic Department facilities.
Intermittent employment: Employment without a regularly scheduled tour of duty.
One Badge: The Department of State’s secure ID card, issued to all Department employees, contract employees, other agency personnel, and others who have an official need to enter DOS facilities and/or logical access to the Department's unclassified network (OpenNet). One Badge is the standard for Department badges. It encompasses Personal Identity Verification (PIV) cards, as well as Facility and Logical Access Cards (FLAC) and Facility Access Cards (FAC). PIV applicants meet the investigative requirements directed by FIPS 201-3 and OMB M-05-24 for a PIV credential to be issued.
Personal Identity Verification (PIV): The process of creating and using a Government-wide secure and reliable form of identification for Federal employees and contractors, pursuant to HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors and OPM Memorandum for Heads of Executive Departments and Agencies regarding Credentialing Standards Procedures for Issuing Personal Identification Cards under HSPD-12 and New Requirement for Suspension or Revocation of Eligibility for Personal Identity Verification Credentials (December 15, 2020). The PIV card contains four PKI enabled digital certificates (e.g., PIV Authentication, Encryption, Digital Signature, and Card Authentication).
PIV card: The physical artifact (e.g., identity card, “smart” card) issued to an applicant by an issuer that contains stored identity markers or credentials (e.g., a photograph, cryptographic keys, digitized fingerprint representations) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).
PIV credential: A credential that authoritatively binds an identity (and additional optional attributes) to the authenticated cardholder that is issued, managed, and used in accordance with the PIV standards. These credentials include public key certificates stored on a PIV card, as well as other authenticators bound to a PIV identity account as derived PIV credentials.
Principal unit security officer (PUSO): A managerial-level Department employee who a bureau executive director or equivalent designated, in writing, to administer the security program in that bureau or organization and maintain liaison with DS/SI/APD. PUSOs may designate any number of unit security officers to assist in performing security duties. Bureaus with assigned BSOs are not required to designate a PUSO.
Regional security officer (RSO): The RSO is a member of the U.S. Foreign Service and a Diplomatic Security Service special agent serving at an overseas post. RSOs are responsible for implementing and managing the Department’s security and law enforcement programs at their assigned post and constituent post(s), if applicable. The lead officer in a regional security office is designated the RSO, and additional special agents are either deputy regional security officers (DRSOs), assistant regional security officers (ARSOs), supervisory overseas criminal investigators (SOCIs), or overseas criminal investigators (OCIs).
Revocation: A permanent state in which tokens and credentials do not allow facility and logical access.
Seasonal employment: Recurring periods of work of less than 12 months each year. Seasonal employees are permanent employees who are placed in nonduty/unpaid status and recalled to duty in accordance with preestablished conditions of employment.
Short term employment: Temporary appointments of less than six continuous months.
Suspension: A temporary state in which tokens and credentials do not allow facility and logical access.
12 FAM 522 AUTHORITIES AND RESPONSIBILITIES
12 FAM 522.1 Authorities
(CT:DS-436; 04-03-2025)
Relevant national policies, orders, directives, memoranda, and publications include:
(1) OPM Memorandum for Heads of Executive Departments and Agencies, Credentialing Standards Procedures for Issuing Personal Identity Verification Cards under Homeland Security Presidential Directive (HSPD-12) and New Requirement for Suspension or Revocation of Eligibility for Personal Identity Verification Credentials, dated December 15, 2020.
(2) OMB Memorandum for Heads of Executive Departments and Agencies, Enabling Mission Delivery through Improved Identity, Credential, and Access Management (M-19-17), dated May 21, 2019;
(3) Action Memorandum for DS Assistant Secretary Evanoff, Homeland Security Presidential Directive (HSPD-12) Responsibilities, dated July 1, 2019;
(4) Performance Accountability Council (PAC) Memorandum to Heads of Executive Departments and Agencies, Guidance on Executive Branch-Wide Requirements for Issuing Personal Identity Verification (PIV) Credentials and Suspension Mechanism, dated March 2, 2016;
(5) Presidential Memorandum for the Heads of Executive Departments and Agencies, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, dated November 21, 2012;
(6) Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, dated October 7, 2011;
(7) Memorandum to All Assistant Secretaries, Homeland Security Presidential Directive-12, dated September 23, 2011;
(8) OPM Memorandum for Heads of Executive Department and Agencies, Final Credentialing Standards for Issuing Personal Identity Verification Cards under HSPD-12, dated July 31, 2008;
(9) Executive Order 13467, as amended, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information, dated June 30, 2008;
(10) HSPD-12, Policies for a Common Identification Standard for Federal Employees and Contractors, dated August 27, 2004;
(11) National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3 Digital Identity Guidelines, dated June 2017;
(12) NIST SP 800-156, Representation of PIV Chain-of-Trust for Import and Export, dated May 2016;
(13) NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials, dated December 2014;
(14) NIST Federal Information Processing Standards Publication (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors, dated January 2022; and
(15) Department of State, Bureau of Diplomatic Security, DOS One Badge PIV Card Issuer (PCI) Operations Plan, Version 1.25, dated February 2019.
12 FAM 522.2 General Responsibilities
(CT:DS-436; 04-03-2025)
a. PIV credentialing eligibility determinations are inherently governmental functions that must be performed only by U.S. Government personnel or the appropriate automated government procedures approved by the U.S. Office of Personnel Management (OPM) Director as the Suitability and Credentialing Executive Agent.
b. The Bureau of Diplomatic Security (DS), in accordance with the specific responsibilities outlined in 12 FAM 522.3, manages all PIV credentialing eligibility determinations for the Department.
c. To the maximum extent possible, DS will align PIV eligibility determinations with other personnel vetting determinations made by trained federal adjudicators.
d. Individuals making PIV eligibility determinations must be investigated and adjudicated at a level commensurate with the responsibilities of the position as determined through application of the Position Designation System.
e. DS is responsible for making risk determinations in the decision to accept and issue a FLAC or FAC at posts overseas, and DS must ensure this process is not used to circumvent the PIV eligibility and issuance process. FLAC or FAC One Badges are Department of State specific PIV alternatives that can be issued to applicants that do not fall under PIV requirements or have a current PIV issued by the applicant's home agency.
12 FAM 522.3 Specific Responsibilities
(CT:DS-436; 04-03-2025)
a. The Department structured its PIV Card Issuer (PCI) organization into three separate management components: Functions and Services; IT and Automation Services; and Privacy. This structure distributes the responsibilities of the PCI organization to the Department bureaus and offices charged with the various activities and functions necessary to implement and maintain a PIV IT infrastructure, vet and enroll applicants, and issue Department of State Personal Identification Cards. These cards include the PIV card along with its FLAC and FAC variants, collectively referred to as the One Badge.
b. Functions and Services
(1) The Assistant Secretary for Diplomatic Security is the Senior Authorizing Official (SAO) for Functions and Services, and is responsible for all PIV operations. The SAO for Functions and Services has budgetary control, provides oversight, develops policy, and has authority over all functions and services provided by the IDM Program as required by Federal Information Processing Standards Publication (FIPS) 201-3.
(2) The Deputy Assistant Secretary (DAS) for Countermeasures (DS/C) is the Designated Authorizing Official (DAO), with the authority to review all assessments from the Department’s PIV Card Issuing Facility (PCIF) and ensure accreditation of the PCIF.
(3) The DS/C DAS determines, with advice from the PIV Credentialing Panel, whether to suspend and/or revoke one's PIV credential and all associated technical features enabling access to facilities and information systems in accordance with the requirements outlined in 12 FAM 526.
(4) The DAS for Cyber and Technology Security (DS/CTS) is the Assessor, serving as the Accreditation and Assessment (A&A) Agent, and is responsible for performing a comprehensive and independent assessment of the PCIF.
(5) The Director for the Office of Security Technology (DS/C/ST) is the Organization Identity Management Official (OIMO), responsible for implementing Department PIV policies, assuring all PIV processes are being performed reliably by the issuer, and providing guidance and assistance to the PCI organization.
(6) The DS/C/ST Director is also the PIV Card Issuing Facility Manager (PCIF Manager), who supervises the day-to-day operations of the PCIF.
(7) The Office of Domestic Facilities Protection (DS/DO/DFP) and RSOs are the PIV Card Issuing/Approval Authorities with the responsibility for PIV approval, and issuance activities at domestic locations and overseas missions, respectively. The PIV Issuing/Approval Authorities manage the total scope of the chain of trust established in all functional process areas and ensure all identity proofing, background checks, and related approvals are complete before a PIV credential is issued to an applicant. The DS/DO/DFP Security Support Division (DS/DO/DFP/SSD) is responsible for domestic oversight of the PIV card enrollment process for all eligible Department applicants.
(8) Human Resource (HR) offices with designated hiring authority are the PIV Card Enrollment Officials, responsible for enrolling General Schedule (GS), Foreign Service (FS), Personal Services Contractor (PSC), and When Actually Employed (WAE) employees as well as government employees detailed from other federal agencies.
(9) The Office of Personnel Security and Suitability (DS/SI/PSS) is responsible for determining an individual's access to classified information and manages CVS access.
(10) The Office of the Insider Threat Program (DS/SI/ITP) is responsible for deterring, detecting, and mitigating actions by employees who may represent a threat to national security, including potential workplace violence and unauthorized disclosure of classified or sensitive information. Part of those mitigating actions involves referring information to an appropriate action or investigative office (e.g., DS/DO/CI, DS/DO/OSI, DS/TIA/PII, and DS/SI/PSS) and maintaining communication with those offices.
c. IT and Automation Services
(1) The Chief Information Officer (CIO) and Assistant Secretary-level head of Diplomatic Technology (DT) is the Senior Authorizing Official (SAO) for Information Technology and Automation Services, responsible for the establishment, budget, and oversight of the PIV IT and Automation Services.
(2) The Deputy CIO for Cyber Operations is responsible for the IT Systems A&A, which involves testing and evaluating the technical and non-technical security features of the IDMS to determine its compliance with a set of specified security requirements. Once completed, this information is provided to the DAO for authority to operate the Identity Management System (IDMS) for a specific purpose using a defined set of safeguards at an acceptable level of risk.
d. IT Design and Operations Authority
(1) The Deputy CIO for Enterprise Services has responsibility for the design and operations authority for all IT systems required to support the PIV program. This includes the A&A activities and those systems related to network access; however, the HSPD-12 and physical access control system ownership and responsibility resides with DS.
e. Privacy
(1) The Deputy Assistant Secretary of the Bureau of Administration, Global Information Services (A/GIS) is the Senior Agency Official for Privacy and oversees privacy-related matters in the PIV program and issues policy guidelines with respect to collection and handling of PII from applicants in a manner that ensures the issuer is compliant with all relevant directives of applicable privacy laws.
(2) DS/DO/DFP is the PIV Applicant Representative, with the responsibility to represent the privacy concerns of current or prospective applicants domestic and overseas, assist an applicant who is denied a PIV Card because of missing or incorrect information, ensure all applicants obtain useful information and assistance when needed, and act as a surrogate for an applicant that is unavailable for performing required actions.
12 FAM 523 ELIGIBILITY
(CT:DS-436; 04-03-2025)
DS will apply the adjudicative guidelines provided in the 2008 Final Credentialing Standards, or any successor document, and the Performance Accountability Council (PAC) memorandum to Heads of Executive Departments and Agencies, Guidance on Executive Branch-Wide Requirements for Issuing Personal Identity Verification (PIV) Credentials and Suspension Mechanism, of March 2, 2016, to determine whether to find an individual eligible for a federal PIV credential permitting physical and logical access to federally controlled facilities and federally controlled information systems.
12 FAM 523.1 Determination
(CT:DS-436; 04-03-2025)
a. In its decision to issue a PIV credential (in accordance with applicable laws, regulations, guidelines, policies, and procedures), the PIV Card Issuing/Approval Authorities (DS/DO/DFP domestically or the RSO overseas) determine whether:
(1) There is proof that the person is who they say they are;
(2) Terrorism or information technology security concerns exist; and
(3) There are any other issues that indicate issuance of a PIV credential to an individual would pose an unacceptable risk to any of the following:
(a). The life, safety, property, or health of employees, contractors, vendors, or visitors to federal facilities;
(b). The U.S. Government's National Security sensitive assets or information systems;
(c). Records, including privileged, proprietary, financial, or medical records; or
(d). The privacy of the individuals whose data the U.S. Government holds in its systems.
b. The Department will not waive, modify, or replace the above determination guidelines, which OPM established in its December 15, 2020 memorandum.
c. An individual must already be eligible for a PIV credential and have possession of such credential before being eligible for a Derived PIV.
12 FAM 523.2 Timing of PIV Adjudication Decisions
(CT:DS-436; 04-03-2025)
The PIV Card Issuing/Approval Authorities make PIV eligibility determinations based on an official adjudicative determination repository using the following eligibility determination process:
a. Personal Services Contractors, third party contractors, direct hires, and other Department personnel must not be onboarded until completion and favorable adjudication of the prerequisite investigation. Under this process, the individual must not have access to Department physical space or information systems until the investigative and adjudicative processes are complete or a temporary determination is made.
b. Once the investigation is completed, the following Department offices make corresponding adjudicative decisions as required:
(1) DS/SI/PSS for national security eligibility;
(2) DS/SI/PSS and RSO for contractor fitness;
(2) GTM for suitability; and
(3) DS/DO/DFP or RSO for credentialing.
c. Once the adjudication is made, PIV Card Issuing/Approval Authorities complete the identity source verification that requires the appointee or employee to present two identity source documents, at least one of which is a federal of state government-issued picture identification, and proceed with card issuance processes.
(1) A favorable determination of suitability/fitness for appointment or national security eligibility will result in a favorable PIV eligibility determination; no further credentialing adjudicative action is necessary.
(2) If it is decided to place the individual in a non-sensitive position (either because DS/SI/PSS does not grant a favorable national security eligibility determination or because neither a suitability/fitness determination nor a national security eligibility determination is required), the PIV Card Issuing/Approval Authorities will make a credentialing eligibility determination by applying the credentialing standards for issuing PIVs under HSPD-12 in OPM's July 31, 2008 memorandum.
d. The DS/DO/DFP Security Support Division will record PIV eligibility determinations (favorable or unfavorable) in CVS or an applicable successor database prior to credential issuance.
12 FAM 524 RECIPROCITY
(CT:DS-436; 04-03-2025)
a. The PIV Card Issuing/Approval Authorities will not request DS/SI/PSS to re-investigate or re-adjudicate individuals visiting or temporarily or permanently transferring from another federal agency provided a final favorable PIV eligibility determination exists based on an investigation that is at an appropriate tier, as determined by the Federal Investigative Standards or a successor document, of the new position. The PIV Card Issuing/Approval Authorities exercise reciprocity and accept previous PIV eligibility determinations under the following conditions:
(1) The PIV eligibility determination was a favorably adjudicated final (not interim) determination (including a favorable suitability or national security determination recorded in CVS) at the appropriate tier for the new position based on a completed Tier 1 or equivalent or higher level of investigation;
(2) There has been no break in service (or in a contractor's association with U.S. Government contract work) exceeding 24 months following the favorable adjudication of the previously conducted investigation; and
(3) DS is not in possession of any new information that calls into question the person's eligibility for a PIV credential.
b. The PIV Card Issuing/Approval Authorities will consult DCSA's CVS to determine the credentialing status of any prospective employee or contractor to determine eligibility for PIV credential reciprocity.
12 FAM 525 SUSPENDING OR REVOKING PIV ELIGIBILITY
(CT:DS-436; 04-03-2025)
a. All Department personnel must report credible adverse information that indicates a person may pose an unacceptable risk to the life, safety, or health of persons at a Department facility; to Department property or information systems; to privileged, proprietary, financial, or medical records; or to the privacy of the individuals whose data the Department holds in its possession.
b. Such reports must be made in a timely manner to any of the following: the RSO, post security officer (PSO), BSO/PUSO, DSO, DS/SI/PSS, DS/SI/ITP, and/or the Industrial Security Division (DS/IS/IND). The receiving security office provides any reported adverse information to the appropriate action office or investigative authority (e.g. DS/TIA/PII, DS/DO/OSI, DS/DO/DFP, and/or local law enforcement if emergent) and DS/C DAS to assess the nature of the risk.
12 FAM 525.1 Risk Indicated as Imminent
(CT:DS-436; 04-03-2025)
a. When the information received suggests that a person presents an imminent risk to facilities, information systems, or is an imminent danger to the occupants and visitors to a Department facility or to the public, the RSO, PSO, BSO/PUSO, or DSO must take immediate action to safeguard facilities and employees and should immediately call the DS/TIA/PII duty agent through the DS Command Center at 571-345-3146. If the nature of the risk requires, the RSO, PSO, BSO/PUSO, or DSO may remove an individual's PIV credential from the credential holder's possession.
b. After ensuring any immediate threat is removed from a Department property, DS/DO/DFP or the RSO (or PSO, if there is no RSO at post) must temporarily disable the technical features of the credentials that enable access to facilities and information systems and deny the individual access to facilities and information systems. The RSO, PSO, BSO/PUSO, or DSO must immediately inform DS/TIA/PII, and local police, if applicable, of the perceived risk.
c. The RSO, PSO, BSO/PUSO, or DS/DO/DFP must suspend access to all access points at facilities where the covered individual has been granted access and provide a physical description or picture of the person to access control personnel when there may be an imminent risk or safety concern, if possible.
d. DS/DO/DFP or the RSO or PSO must promptly notify the employee's bureau EX and the Office of the Legal Adviser (L) of the temporary removal of the PIV credential. Bureau EX must consult L and the appropriate hiring or contracting office for guidance on personnel or administrative actions, including, if appropriate, placement of the employee on administrative leave.
e. The DS/C DAS must be promptly notified in every situation when a PIV credential is removed due to imminent risk. The DS/C DAS, in consultation with the PIV Credentialing Panel and L, as appropriate, determine whether the individual's PIV credential should remain suspended. If the DS/C DAS decides not to suspend the credential, the RSO or DS/DO/DFP must re-enable the credential and allow access pending further determinations outlined in 12 FAM 526.2. If the imminent risk is substantiated, the individual's PIV eligibility and credentials will be suspended pending such determinations unless otherwise decided by the DS/C DAS.
f. The following examples of reporting may warrant immediate suspension of credentials. They are provided for illustrative purposes and are not intended to be exhaustive. They do not replace the DS/C DAS’s measured judgment and consideration of all circumstances surrounding the issue.
(1) Known or reasonable suspicion of terrorist activities or involvement.
(2) Known or reasonable suspicion of activities demonstrating that the individual has used or intends to use their PIV credential or credential tokens to permit access to a U.S. Government facility or information system to do harm or permit others to do harm to the facility, its occupants, or its systems.
(3) Known activities, or reasonable suspicion or threat of activities, designed to corrupt, destroy, or otherwise affect the operating status and availability of critical U.S. Government information systems.
(4) Gaining, attempting to gain, or assisting others in their efforts to gain unauthorized access to classified documents, information protected by the Privacy Act, information that is proprietary in nature, or other sensitive or protected information with intent to compromise the information, commit identity fraud, or to otherwise use the information in a malicious or harmful way.
(5) Violent actions or the threat of violent actions at a federal workplace.
(6) Bringing, or attempting to bring, an unauthorized weapon into a federal workplace.
(7) The credential holder’s expression of their intent to harm or kill themselves or others.
(8) The credential holder’s behavior or statements that allow a reasonable inference that they intend to harm or kill themselves or others.
12 FAM 525.2 Suspension & Revocation of PIV Eligibility
(CT:DS-436; 04-03-2025)
The DS/C DAS has authority to suspend, reinstate, or revoke an individual's PIV eligibility and credentials, based on his/her assessment of the risk. The DS/C DAS may convene the PIV Credentialing Panel and consult with the Office of the Legal Adviser (L) to provide advice on such decisions, as needed. The PIV Credentialing Panel consists of representatives from DS/C, DS/DO, DS/SI, and DS/TIA.
a. Suspension of a PIV Credential: When circumstances show an unacceptable risk to life, Department property, or Department information, and/or where information is received potentially affecting an individual's eligibility for a PIV credential, the DS/C DAS may suspend the PIV credential on an interim basis pending further investigation. The RSO, PSO, BSO/PUSO, or appropriate DS office investigates potentially derogatory information relevant to PIV eligibility. The DS/C DAS determines whether to remove the suspension or to revoke PIV eligibility and associated credentials at the conclusion of the investigation.
b. Revocation of a PIV Credential: The DS/C DAS may revoke the PIV credential when they determine that an individual no longer meets the eligibility criteria for a PIV card.
c. If the DS/C DAS suspends or revokes a PIV credential, the following steps must be taken:
(1) The RSO, PSO, BSO/PUSO, or DSO must collect and secure the PIV credential, if possible. For domestic employees, the officer must return the PIV credential to DS/DO/DFP/SSD. The RSO, PSO, BSO/PUSO, or DSO must alert DT to revoke the certificates corresponding to the PIV credential.
(2) The RSO, PSO, BSO/PUSO, or DSO, as applicable, must notify the employee's bureau EX and L of the suspension or revocation of PIV eligibility.
(3) The employing bureau's EX must coordinate with the following offices to ensure that the individual does not have access to Department facilities and information:
(a) GTM for civil service or foreign service employees
(b) DS/SI/IND for third-party contractors
(c) The employing bureau's Personal Services Contractor (PSC), Retired Employed Annuitant (REA), or Other Government Agency (OGA) hiring authority for these categories of employees.
(4) The RSO or DS/DO/DFP/SSD must report the individual’s PIV credential eligibility as “suspended” or "revoked" in CVS.
(5) Bureau EX should coordinate with L and GTM/ER or other appropriate offices on personnel or administrative actions to manage employees whose credentials are suspended and/or revoked.
12 FAM 526 UNFAVORABLE DETERMINATIONS
(CT:DS-436; 04-03-2025)
12 FAM 526.1 UNFAVORABLE DETERMINATIONS RESULTING IN LOSS OF NEED FOR PIV ELIGIBILITY
(CT:DS-436; 04-03-2025)
When the Department makes an unfavorable suitability, fitness, contractual, employment, or national security determination that results in the loss of employment or change in position, the need for PIV eligibility may be eliminated. In such cases, there is no need for a separate credentialing adjudication, and the PIV credential will be collected and access disabled. DS/DO/DFP must document the elimination of PIV eligibility in CVS.
12 FAM 526.2 UNFAVORABLE CREDENTIALLING DETERMINATIONS
(CT:DS-436; 04-03-2025)
a. When the PIV Card Issuing/Approval Authorities deny an application for a PIV credential, or when the DS/C DAS revokes a PIV credential, RSO or DS/DO/DFP must:
(1) Furnish the individual a comprehensive written explanation of the basis for the denial or revocation of PIV eligibility to the degree that the national security interests of the United States and other applicable law permits, and
(2) Afford the individual a response opportunity (oral or written) and 30 days to provide information or documentation that may refute or alleviate the concerns.
b. The PIV Card Issuing/Approval Authorities (in the case of a denial) or the DS/C DAS (in the case of a revocation) must evaluate the individual's response, and if the concerns are not eliminated or adequately addressed, notify the individual in writing of the final unfavorable determination, and apprise the individual of the appeals process outlined in 12 FAM 528.
c. The RSO, PSO, or DS/DO/DFP must notify the Bureau Executive Director and, as applicable, GTM, of the decision. For contract personnel, RSO or DS/DO/DFP must also notify DS/IS/IND and the Contracting Officer's Representative (COR).
d. DS/DO/DFP must also report the derogatory information that resulted in the unfavorable PIV eligibility determination to other DS entities, e.g., DS/SI/PSS, DS/DO/CI, DS/SI/ITP, pursuant to 12 FAM 270, Security Executive Agent Directive 3, and E.O. 13587.
e. Individuals found ineligible for a PIV credential under this chapter may not access Department facilities and information systems for which a PIV credential is required and may not be issued an alternative PIV credential for these purposes.
(1) In all cases, as soon as PIV credential access is no longer needed, access must be withdrawn for the PIV credential and any pertinent systems and databases must be updated to revoke PIV credential tokens and terminate access.
(2) Any facility or system access previously granted must be immediately withdrawn for the PIV credential and any databases showing current PIV credential eligibility, to include CVS, must be immediately updated.
12 FAM 527 APPEALS PROCESS
(CT:DS-436; 04-03-2025)
Any individual who has been denied PIV eligibility or whose PIV eligibility has been revoked, has the right to appeal that decision.
a. In the case of denied PIV eligibility, the original determination was made by the PIV Card Issuing/Approval Authorities (RSO or DS/DO/DFP). As such, all appeals should be directed to the DS/C DAS. The individual has 30 calendar days from the time they are notified of the denial to provide information (oral or written) to the DS/C DAS that may refute or alleviate the concerns. The individual must be notified in writing of the results of the appeal determination. The determination of the DS/C DAS is final, and no further appeal will be permitted.
b. In the case of revoked PIV eligibility, the determination was made by the DS/C DAS. As such, all appeals should be directed to the DS Principal Deputy Assistant Secretary (PDAS). The individual has 30 calendar days from the time they are notified of the revocation to provide information (oral or written) to the DS PDAS that may refute or alleviate the concerns. The individual must be notified in writing of the results of the appeal determination. The determination of the DS PDAS is final.
12 FAM 528 SPECIAL CONSIDERATIONS
(CT:DS-436; 04-03-2025)
a. Special considerations apply to the requirements for determining credentialing eligibility of non-U.S. nationals who work as employees or contractors for the Department or others who require long-term logical or physical access to Department facilities whether overseas or in the United States. This is due to limitations that apply to the employment of non-U.S. nationals and the ability to collect background investigation information in locations outside the United States.
b. In circumstances where investigative standards cannot be met to issue a PIV credential, OPM credentialing standards allow, but do not require, agencies to issue alternative identity credentials. The alternative identity credentials for the Department are the FLAC and FAC. Reciprocity rules do not apply to these alternative identity credentials.
c. Confirming applicant identity and biometrics is a federal requirement for issuing PIV and FLAC credentials.
d. In overseas locations, the FLAC and FAC enrollment and issuance process is as follows:
(1) The applicant provides post HR with two approved identity source documents, DS-7783 Form or Automated Badge Request (ABR) number, and their fingerprints.
(2) A DOS US Citizen Direct Hire signs DS-7783 or approves ABR.
(3) The applicant provides, in-person, to the RSO their original identity documentation that was initially provided to post HR.
(4) The enroller performs identity proofing, initiates IDMS record, collects biometrics, and uploads PII.
(5) The RSO reviews the request, matches the applicant's identity with scanned documents, and validates the security record in the database. The RSO then issues a badge to applicant.
(6) The RSO confirms the applicant’s identity by conducting a biometric 1:1 match between the applicant and the applicant’s IDMS record, the applicant activates the badge and sets unique 6-digit pin.
(7) The RSO releases the badge to the applicant upon a successful biometric 1:1 match between the FLAC and the applicant.
(8) The RSO presents the applicant with the One Badge User Agreement.
d. In domestic locations, employment eligibility should be verified through E-Verify.
e. In U.S. Territories (Other than American Samoa), immigration status should be verified through the USCIS' Systematic Alien Verification for Entitlements (SAVE) system).