GSA Access Card FAQs
The GSA Access Card is a secure, smart card ID credential. It uses technology such as an embedded microchip and antenna to verify the user's identity by matching the information stored on the card with the information a user provides to obtain the card.
The Homeland Security Presidential Directive - 12 (HSPD-12) requires federal agencies to use a standard smart credential to verify the identities of all employees and contractors accessing federal buildings and information systems. The directive mandates that all government personnel obtain Personal Verification Identification (PIV) cards, which enhance security, increase government efficiency, reduce identity fraud and protect personal privacy. GSA branded the PIV credential it issues to its employees and contractors as the "GSA Access Card."
All employees must obtain a GSA Access Card. Contractors who need access to GSA information systems or network or need long-term access (more than six months) to GSA buildings and assets also must obtain a GSA Access Card.
After the completion of a preliminary background check and the Access Card enrollment process, it takes an average of two weeks for the employee or contractor to be issued their GSA Access Card for activation.
A short-term card such as Temporary Badge may be issued at some GSA locations to enable unescorted access to a GSA building. Employees should check with their Human Resources Officer, and contractors should check with their Requesting Official for the procedures to obtain a short-term card for access to their GSA facility, if the option is available at that facility.
A favorable result on a fingerprint check and the initiation of a personnel security investigation at the level of the National Agency Check with written Inquiries (NACI) or higher is required to obtain a GSA Access Card. If the final adjudication of the personnel investigation results is unfavorable, the Access Card is revoked. The employee’s or contractor’s position may require a higher investigation than the minimum investigation requirements to obtain a GSA Access Card.
GSA personnel use the GSA Access Card to access federal buildings. If the building has a Physical Access Control System (PACS), the cardholder may be required to have their GSA Access Card electronically scanned and enter their card Personal Identification Number (PIN) to gain access to the building. GSA personnel also use the GSA Access Card to log into their GSA computer and IT network, and may use the card to log into some GSA IT applications.
GSA will request the following checks for contractors who have been a U.S. resident for at least three consecutive years but do not have U.S. citizenship:
- FBI Fingerprint and Name Check
- National Crime Information Center (NCIC)/Interstate Identification Index (III)/National Law Enforcement Telecommunications System (NLETS)/Wanted Person Check
- Citizen and Immigration Services Check (CIS)/e-Verify
Non-U.S. citizens who do not meet the three-year resident requirement and receive a favorable result on the required checks for initial access or entry of duty (enter on duty) determination will receive a GSA Access Card. Once the three-year residency requirement has been met, a NACI will be performed.
Found GSA Access Cards should be given to the security personnel at a GSA work location or dropped in any mailbox to be mailed to the address printed on the back of the card.
The GSA Access Card is encrypted to protect the data stored on the card, which includes the employee’s or contractor’s:
- full name
- facial photograph
- organization affiliation
- digital representation of biometric identifiers (fingerprints)
- cryptographic keys (digital signature)
GSA Access Cards do not contain personal information, such as a social security number, date of birth, or personal address.
GSA has taken strong steps to maintain security for Personally Identifiable Information (PII) through review, transmission, storage, and destruction procedures using the following methods:
- Transparency: All card holders are informed of exactly what data has been collected to verify their identities.
- Securing IT Systems: All GSA IT systems must store and transmit data securely and must have received a completed a Privacy Impact Assessment (PIA) filed with the Privacy Office. The PIA ensures that the IT system complies with federal and GSA privacy regulations.
- Securing Paper Forms: All paper forms containing PII data must be stored and transmitted in accordance with the GSA IT Security Policy and are protected from any unauthorized disclosure.
- Designating Staff Roles: All staff members who handle GSA Access Cards and related PII have carefully designated roles, marked by clearly defined parameters on who can access private information and what they are authorized to do with it.
Contact the GSA Access Card Point of Contact (POC) or Regional Credentialing Officer (RCO) for the employee’s or contractor’s GSA office or region.
GSA Access Card POCs and RCOs serve as the primary points of contact for questions related to the credentialing process and personnel investigation requests, and can provide advice on how to proceed.
For general information, email the ICAM Division at firstname.lastname@example.org.
- your supervisor,
- the security office and
- your Regional Credentialing Officer or Access Card Point of Contact (POC).
They will notify the appropriate people for a replacement card. You will NOT need to go through the enrollment process again to receive an updated card. Until you receive your replacement card, you will follow the local visitor access policy to enter agency buildings.
The Identity, Credential and Access Management (ICAM) Division will be notified by your POC to terminate your lost card to prevent others from using it. No one can access your limited encrypted information on the card after it is terminated.
All GSA contractors must return GSA Access Cards to their GSA Requesting Official or Vendor POC on or before their last day of work for any of the following conditions:
When the contract is completed or terminated,
When the individual GSA Access Card holder is no longer required by the contract vendor for contract performance,
If the individual GSA Access Card holder’s employment is completed or terminated by the contract vendor, or
If an unfavorable suitability determination has been made for any contractor
No, you may not do so without written authorization from the GSA Requesting Official responsible for your new project. GSA Access Cards are issued to contractors on a per-contract basis to ensure that adequate levels of risk screening have been performed. If you will transition to a new contract or are working on multiple contracts within GSA, you should request that your Vendor POC contact the GSA Requesting Official to determine if your GSA Access Card can be used for multiple contracts. You may be required to fill out a new Contractor Information Worksheet (CIW). You may ultimately be able to keep your GSA Access Card as you transition to a new project, but that decision must be made by your GSA Requesting Official.