USAID-31 - HSPD-12 PIV Lifecycle Management.


System name:

HSPD-12 PIV Lifecycle Management. - (77 FR 11063).

Security classification:

Sensitive But Unclassified.

System location(s):

United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Categories of individuals covered by the system:

This system contains records of current employees, contractors, consultants, and partners.

Categories of records covered by the system:

This system contains USAID organizational information. The covered record, which has already been collected by the Department of State for issuance of the current USAID PIV badge, are as follows: name; employee digital photo; two digital fingerprints; organizational affiliation; Agency; 3-4 Public Key Infrastructure (PKI) certificates; and expiration date. In order to access the data on the chip, the cardholder must create a Personal Identification Number (PIN).

Authority for maintenance of the system:

Privacy Act of 1974 (Pub. L. 93-579), sec. 552a(c), (e), (f), and (p).


Records in this system will be used:

(1) To update current USAID Direct Hire employees' card data in order to comply with OMB M-11-11 for physical and logical access to USAID networks and facilities.

(2) To issue PIV compliant cards to eligible contractors.

Disclosure to consumer reporting agencies:

These records are not disclosed to consumer reporting agencies.

Routine Use of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

USAID may disclose relevant system records in accordance with any current and future blanket routine uses established for its record systems. These may be for internal communications or with external partners.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:


Data records are located at the hosting environment, and maintained in user-authenticated, password-protected systems. All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties.


Records are retrievable by name, PIN number or any other identifier listed in the categories of records cited above.


Additional administrative safeguards are provided through the use of internal standard operating procedures in accordance with the FIPS-201, and NIST 800-53 standards.

Retention and disposal:

Records are retained using the appropriate, approved National Archives Records Administration—Schedules for the type of record being maintained.

System manager(s) and address:

Jeffrey Anouilh, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Notification procedures:

Individuals requesting notification of the existence of records on them must send the request in writing to the Chief Privacy Officer, USAID, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202. The request must include the requestor's full name, his/her current address and a return address for transmitting the information. The request shall be signed by either notarized signature or by signature under penalty of perjury and reasonably specify the record contents being sought.

Record access procedures:

Individuals wishing to request access to a record must submit the request in writing according to the “Notification Procedures” above. An individual wishing to request access to records in person must provide identity documents, such as government-issued photo identification, sufficient to satisfy the custodian of the records that the requester is entitled to access.

Contesting record procedures:

An individual requesting amendment of a record maintained on himself or herself must identify the information to be changed and the corrective action sought. Requests must follow the “Notification Procedures” above.

Record source categories:

The records contained in this system will be provided by and updated by the individual who is the subject of the record.

Exemptions claimed for the system: