GSA's handbook provides road map to PIV I compliance

With the third iteration of its Identity Management Handbook, the General Services Administration has made it easier for agencies to meet the quickly approaching first requirement of Homeland Security Presidential Directive 12.

Heeding the calls for a fillable form, GSA officials issued the Personal Identity Verification I checklist in Microsoft Word format instead of just Portable Document Format.

This is one of a handful of major changes to the handbook, said Judy Spencer, GSA's chairwoman of the Federal Identity Credentialing Committee, which reissued the handbook last month.

'We went through all the documentation available and asked what agencies needed to become PIV I-compliant,' Spencer said. 'Making the checklist available separately was a recommendation from the agencies after we issued the second version of the handbook in July.'

Agencies have until Oct. 27 to make sure their processes for issuing credentials and registering employees meet the criteria laid out in Federal Information Processing Standard 201. Karen Evans, Office of Management and Budget's administrator for e-government and IT, recently said she expects every agency to meet the deadline.

'The checklist gives agencies the opportunity to identify gaps in their processes and how they will implement the new processes on Oct. 28,' Spencer said.

Spencer said the handbook, which GSA also issued in March and July, still is in a draft stage and that agencies can comment on it. The most recent version contains 202 pages, up from 179.

'We will not go final until sometime early next year,' Spencer said. 'The big hole right now is the biometric question. We will wait until there is a final decision on what type of biometric fingerprint they will use. But even after we issue the final document, it always will be updated.'

In addition the PIV I checklist, the handbook includes recent OMB guidance on implementing HSPD-12 and FIPS-201. GSA also included recent acquisition guidance on buying FIPS-201-compliant products and services, Spencer said.

'One of the things we tried to do with this handbook is make it a Web document,' she said. 'Whenever there is a reference to a term or guidance, it is highlighted and the user can click on it and go to the part in the handbook or on the Web and find more information about it.'


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected