GSA Access Card FAQs
GSA Access Card
The GSA Access Card is a secure, smart card ID credential. It uses technology such as an embedded microchip and antenna to verify the user's identity by matching the information stored on the card with the information a user provides to obtain the card.
The Homeland Security Presidential Directive - 12 (HSPD-12) requires federal agencies to use a standard smart credential to verify the identities of all employees and contractors accessing federal buildings and information systems. The directive mandates that all government personnel obtain Personal Verification Identification (PIV) cards, which enhance security, increase government efficiency, reduce identity fraud and protect personal privacy. GSA branded the PIV credential it issues to its employees and contractors as the "GSA Access Card."
All employees must obtain a GSA Access Card. Contractors who need access to GSA information systems or network or need long-term access (more than six months) to GSA buildings and assets also must obtain a GSA Access Card.
After the completion of a preliminary background check and the Access Card enrollment process, it takes an average of two weeks for the employee or contractor to be issued their GSA Access Card for activation.
A short-term card such as Temporary Badge may be issued at some GSA locations to enable unescorted access to a GSA building. Employees should check with their Human Resources Officer, and contractors should check with their Requesting Official for the procedures to obtain a short-term card for access to their GSA facility, if the option is available at that facility.
A favorable result on a fingerprint check and the initiation of a personnel security investigation at the level of the National Agency Check with written Inquiries (NACI) or higher is required to obtain a GSA Access Card. If the final adjudication of the personnel investigation results is unfavorable, the Access Card is revoked. The employee’s or contractor’s position may require a higher investigation than the minimum investigation requirements to obtain a GSA Access Card.
GSA personnel use the GSA Access Card to access federal buildings. If the building has a Physical Access Control System (PACS), the cardholder may be required to have their GSA Access Card electronically scanned and enter their card Personal Identification Number (PIN) to gain access to the building. GSA personnel also use the GSA Access Card to log into their GSA computer and IT network, and may use the card to log into some GSA IT applications.
GSA will request the following checks for contractors who have been a U.S. resident for at least three consecutive years but do not have U.S. citizenship:
- FBI Fingerprint and Name Check
- National Crime Information Center (NCIC)/Interstate Identification Index (III)/National Law Enforcement Telecommunications System (NLETS)/Wanted Person Check
- Citizen and Immigration Services Check (CIS)/e-Verify
Non-U.S. citizens who do not meet the three-year resident requirement and receive a favorable result on the required checks for initial access or entry of duty (enter on duty) determination will receive a GSA Access Card. Once the three-year residency requirement has been met, a NACI will be performed.
Found GSA Access Cards should be given to the security personnel at a GSA work location or dropped in any mailbox to be mailed to the address printed on the back of the card.
The GSA Access Card is encrypted to protect the data stored on the card, which includes the employee’s or contractor’s:
- full name
- facial photograph
- organization affiliation
- digital representation of biometric identifiers (fingerprints)
- cryptographic keys (digital signature)
GSA Access Cards do not contain personal information, such as a social security number, date of birth, or personal address.
GSA has taken strong steps to maintain security for Personally Identifiable Information (PII) through review, transmission, storage, and destruction procedures using the following methods:
- Transparency: All card holders are informed of exactly what data has been collected to verify their identities.
- Securing IT Systems: All GSA IT systems must store and transmit data securely and must have received a completed a Privacy Impact Assessment (PIA) filed with the Privacy Office. The PIA ensures that the IT system complies with federal and GSA privacy regulations.
- Securing Paper Forms: All paper forms containing PII data must be stored and transmitted in accordance with the GSA IT Security Policy and are protected from any unauthorized disclosure.
- Designating Staff Roles: All staff members who handle GSA Access Cards and related PII have carefully designated roles, marked by clearly defined parameters on who can access private information and what they are authorized to do with it.
Contact the GSA Access Card Point of Contact (POC) or Regional Credentialing Officer (RCO) for the employee’s or contractor’s GSA office or region.
GSA Access Card POCs and RCOs serve as the primary points of contact for questions related to the credentialing process and personnel investigation requests, and can provide advice on how to proceed.
For general information, email the ICAM Division at email@example.com.