PERSONAL IDENTITY VERIFICATION (PIV) OF FEDERAL EMPLOYEES AND CONTRACTORS
12
registration process if the issuer has access to the applicant’s chain-of-trust record and the applicant can
be reconnected to the chain-of-trust record.
12
When issuing a PIV Card under the grace period, the card issuer shall verify that PIV Card issuance has
been authorized by a proper authority and that the employee’s or contractor’s background investigation is
valid. Re-investigations shall be performed if required, in accordance with OPM guidance. At the time
of issuance, the card issuer shall perform a 1:1 biometric match of the applicant to reconnect to the chain-
of-trust. The 1:1 biometric match requires either a match of fingerprint(s) or, if unavailable, other
optional biometric data that are available. On successful match, the new PIV Card shall be released to the
applicant. If the match is unsuccessful, or if no biometric data is available, the cardholder shall provide
two identity source documents (as specified in Section 2.7), and an attending operator shall inspect these
and compare the cardholder with the facial image retrieved from the enrollment data record and the facial
image printed on the new PIV Card.
2.9 PIV Card Maintenance Requirements
The PIV Card shall be maintained using processes that comply with this section.
The data and credentials held by the PIV Card may need to be updated or invalidated prior to the
expiration date of the card. The cardholder may change his or her name, retire, or change jobs; or the
employment may be terminated, thus requiring invalidation of a previously issued card. In this regard,
procedures for PIV Card maintenance must be integrated into department and agency procedures to
ensure effective card maintenance. In order to maintain operational readiness of a cardholder's PIV Card,
agencies may require PIV Card update, reissuance, or biometric enrollment more frequently than the
maximum PIV Card and biometric lifetimes stated in this Standard. Shorter lifetimes may be specified by
agency policy collectively, or on a case-by-case basis as sub-par operation is encountered.
2.9.1 PIV Card Reissuance Requirements
Reissuance is the process by which a new PIV Card is issued to a cardholder without the need to repeat
the entire identity proofing and registration procedure. The reissuance process may be used to replace a
PIV Card that is nearing expiration, in the event of an employee status or attribute change, or to replace a
PIV Card that has been compromised, lost, stolen, or damaged. The cardholder may also apply for
reissuance of a PIV Card if one or more logical credentials have been compromised. The entire identity
proofing, registration, and issuance process, as described in Sections 2.7 and 2.8, shall be repeated if the
issuer does not maintain a chain-of-trust record for the cardholder or if the reissuance process was not
started before the old PIV Card expired.
If the expiration date of the new PIV Card is later than the expiration date of the old card, or if any data
about the cardholder is being changed, the card issuer shall ensure that a proper authority has authorized
the issuance of the new PIV Card. The issuer shall ensure that the proper authority has verified that the
employee’s or contractor’s background investigation is valid before reissuing the card and associated
credentials.
13
If the expiration date of the new PIV Card is later than the expiration date of the old card
then re-investigations shall be performed if required, in accordance with OPM guidance.
The issuer shall perform a 1:1 biometric match of the applicant to reconnect to the chain-of-trust. The 1:1
biometric match requires either a match of fingerprint(s) or, if unavailable, other optional biometric data
12
For the purposes of this section, a lapse is considered to be brief if it is not long enough to require that a new background
investigation be performed. OPM currently requires a new background investigation to be performed when there has been a
break in service of greater than two years.
13
The identity management system (IDMS) should reflect the adjudication status of each PIV cardholder.