Dr 4620-002

UNITED STATES DEPARTMENT OF AGRICULTURE
WASHINGTON, DC 20250

DEPARTMENTAL REGULATION
SUBJECT:

Number:
DR 4620-002

DATE:
September 29, 2014

Common Identification Standard for U.S.
Department of Agriculture
OPI:
Office of Homeland Security
and Emergency Coordination
(OHSEC)

Section
1
2
3
4
5
6
7
Appendix A
Appendix B
Appendix C

Page
Purpose
Background
Special Instructions/Cancellations
Policy
Credential Issuance
Credential Utilization
Roles and Responsibilities
Definitions
Acronyms
HSPD-12 Source Documents

1
1
2
3
3
3
3
A-1
B-1
C-1

1. PURPOSE
This regulation prescribes the policies, roles, and responsibilities necessary to
implement and maintain Homeland Security Presidential Directive (HSPD) 12,
Common Identification Standard for Federal, Non-Federal Employees and
Contractors within USDA controlled work environments.
2. BACKGROUND
HSPD-12 establishes the general requirements for a common Federal identification
system. The President has mandated that all Federal departments provide a process
for identity proofing and credentialing employees and contractors to increase security
and provide greater interoperability between departments and Federal facilities.

For further information on HSPD-12 and its related requirements and standards,
please see sources in Appendix C.
3. SPECIAL INSTRUCTIONS/CANCELLATIONS
The issuance of the HSPD-12 credential, referred to now as the USDA LincPass, is
mandatory and applies to all employees, as defined in 5 U.S.C §2105 (2014)
“Employee,” within a department or agency. “Employee” means a person, other than
the President and Vice President, employed by, detailed or assigned to, the U.S.
Department of Agriculture (USDA), including members of the Armed Forces; an
expert or consultant to USDA; an industrial or commercial contractor, licensee,
certificate holder, or grantee of USDA, including all subcontractors; or any other
category of person who acts on behalf of an agency as determined by the agency
head. In addition, all contractors requiring routine access to federally controlled
facilities and/or federally controlled information systems will be subject to HSPD-12
requirements.
No provision in this regulation shall have the effect of nullifying or limiting
protections for equal employment opportunity as provided in Title VII of the Civil
Rights Act, 42 U.S.C. § 2000e, et seq. (2014), and Executive Order (EO) 11478.
USDA prohibits discrimination in all its programs and activities on the basis of race,
color, national origin, age, disability, and where applicable, sex, marital status,
familial status, parental status, religion, sexual orientation, genetic information,
political beliefs, reprisal, or because all or a part of an individual's income is derived
from any public assistance program. (Not all prohibited bases apply to all programs.)
Persons with disabilities who require alternative means for communication of
program information (Braille, large print, audiotape, etc.) should contact USDA's
TARGET Center at (202) 720-2600 (voice and TDD). To file a complaint of
discrimination write to USDA, Director, Office of Civil Rights, 1400 Independence
Avenue, S.W., Washington, DC 20250-9410 or call 1-800-795-3272 (voice) or (202)
720-6382 (TDD). USDA is an equal opportunity provider and employer.
The only other authorized badge and credentials issued by USDA will be for law
enforcement; investigations; food inspection; Plant, Protection and Quarantine;
animal care; and physical security use. This authority will remain in the control of
Agencies such as the Office of the Inspector General, the Forest Service, the
Secretary’s Personal Protection Team, the Food Safety & Inspection Service, the
Animal Plant Health Inspection Service, the Office of Operations, and the Office of
Homeland Security and Emergency Coordination.
This policy conforms with Federal Information Security Management Act of 2002
(FISMA) 44 U.S.C. § 3541, et seq. (2014) and Federal Information Processing
Standard (FIPS) 201-2 guidelines.
This regulation supersedes DR 4620-002 dated January 14, 2009.
2

4. POLICY
Enhance security, increase Government efficiency, reduce identity fraud, and protect
personal privacy by establishing a mandatory, USDA-wide standard for secure and
reliable forms of identification to its employees and contractors.
a. Departmental agencies must comply with HSPD-12 for all applicable USDA
federal and non-federal employees who work for USDA. Detailed procedures are
described in Departmental Manual (DM) 4620-002.
b. Employees as defined by 5 U.S.C §2105 (2014),and non-federal employees
working for USDA will be required to follow procedures in FIPS 201-2, the NIST
Special Publication (SP) series related to HSPD-12, and DM 4620-002, if they
require routine unaccompanied access to USDA controlled facilities and/or
information systems.
c. Employees who are stationed outside the United States at Government facilities
may be issued a Department of State credential.
5. CREDENTIAL ISSUANCE
All applicable long term (more than one consecutive work year) employees, as
described within this document, must be issued a LincPass as a condition of
employment for unaccompanied access to IT and Facility infrastructure.
Short term personnel (less than one consecutive work year), such as student interns,
volunteers, etc. could be issued an alternate credential as a condition of employment
for limited unaccompanied access to IT and Facility infrastructure. See DM 4620002 for a list of alternate credentials.
For short-term personnel requiring unaccompanied access to necessary IT and
Facility infrastructure, a LincPass must be issued.
6. CREDENTIAL UTILIZATION
For logical access requirements, see DR 3170-001 (logical access requirements),
DR 3640-001 (ICAM), and DM 4620-002 for further clarification.
For physical access requirements, see DM 4620-002, Chapter #3 Physical Access
Control Systems (PACS)
7. ROLES AND RESPONSIBILITIES

3

a. The Chief Information Officer (CIO) will:
(1) Maintain, in consultation with the Office of Homeland Security and
Emergency Coordination (OHSEC), policies, standards, and procedures for
implementing and administering the HSPD-12 program throughout the
Department;
(2) Assist OHSEC with maintaining connectivity to the various enterprise systems
that support HSPD-12 requirements; and
(3) Work with OHSEC to ensure personal information collected for employee and
contractor identification purposes is handled consistent with the Privacy Act of
1974 5 U.S.C. § 552a(2014) and all FISMA requirements see 44 U.S.C. §
3541, et seq. (2014).
b. Director – Office of Homeland Security and Emergency Coordination (OHSEC)
will:
(1) Maintain, in consultation with the Office of the Chief Information Officer
(OCIO), policies, standards, and procedures for implementing and
administering the HSPD-12 program throughout the Department;
(2) Work with Agencies and Staff Offices to maintain policies and procedures to
support the identity proofing, registration and credentialing of employees;
(3) Maintain an enterprise ePACS environment to support agency physical access
control systems;
(4) Oversee and assist with migrating all physical access control systems into
HSPD-12 compliance;
(5) Post to the public Web site a quarterly report on the number of LincPass
credentials issued to employees as required by OMB;
(6) Support role holder training module development; and

(7) Support Agencies with the roles and responsibilities for managing non-federal
employees including the establishment and implementation of the appeal and
removal procedures for those denied a LincPass, in accordance with DM
4620-002.
c. Director – Office of Human Resources Management OHRM) will:
(1) Develop, maintain, and disseminate on-boarding policies and procedures for
agency Human Resources staff.
4

d. Director – Office of Procurement and Property Management (OPPM) will:
(1) Provide HSPD-12 procurement and contracting guidance to the acquisition
workforce through Procurement Advisory 115; entitled Continued
Implementation of LincPass at USDA:
(2) Preparation of guidance and BPAs to ensure that HSPD-12 compliant
equipment is purchased.
e. Chief Financial Officer (CFO) will:
(1) Maintain and update EmpowHR/Person Model in a timely manner; and
(2) Provide financial oversight and management of HSPD-12 funding.
f. Agency Deputy Administrators of Management (DAMs) will:
(1) Comply with all relevant HSPD-12 requirements such as NIST’s FIPS 201-2,
NIST Special Publications, DR 3170-001, DR 3640-001, and Departmental
Manual 4620-002;
(2) Utilize the HSPD-12 risk assessment credential matrix for all federal and nonfederal employees to determine eligibility for LincPass. To access the
credential matrix see DM 4620-002;
(3) Remove from Federal service any employee denied a LincPass. The appeal
process for a removal from federal service is already established in law and
regulation see 5, U.S.C. § 7513(d) (2014); 5, C.F.R. § 752.405 (2014);
employees can appeal to the Merit Systems Protection Board;
(4) Comply with Departmental policies and procedures to support registration,
identity proofing, and issuing LincPasses and other appropriate badges;
(5) Ensure agency applicants’ complete enrollment and activation process for
their LincPasses in a timely manner;
(6) Comply with USDA physical and logical control policies and procedures;
(7) In consultation with OPPM, ensure HSPD-12 products and services are
compliant with FIPS 201-2 and OMB guidance;
(8) Assign a point of contact and alternate to the HSPD-12 Program Office that
can provide outreach to agency personnel;

5

(9) Ensure HSPD-12 role holders are assigned, such roles as Sponsor, Security
Officer, Adjudicator, Role Administrator, etc., to ensure employees receive
their USDA credential in a timely manner; and
(10) Identify all personnel requiring Federal Emergency Response Official (FERO)
designation and ensure that designation is on their LincPass credential by
providing the list of names to the sponsor.
g. The Employees will:
(1) Comply with Departmental policies and procedures related to LincPass
issuance and maintenance. This includes adhering to deadlines for credential
and certificate renewal.

- END -

6

APPENDIX A
DEFINITIONS
a. Access control. The process of granting or denying requests to access physical
facilities or areas, or to logical systems (e.g., computer networks or software
applications). See also “logical access control system” and “physical access
control system.”
b. Access (Limited): A person that is accessing the facility and/ or information
system, but only requires limited access. Limited access to facilities includes
unaccompanied access to general common areas and workspace only. Limited
access to information systems includes access to applications such as USDA
email, Time & Attendance, AgLearn and GovTrip.
c. Access (Accompanied). A person that is accessing the facility and/or information
system under escort and/or continuous monitoring by a USDA official (LincPass
credential holder).
d. Access (Unaccompanied). A person that is accessing the facility and/or
information system without an escort and/or continuous monitoring by a USDA
official. The agency’s determination should be based upon the support to
successfully complete USDA’s mission critical functions/missions. This type of
access requires a mandatory LincPass credential to be issued.
e. Contractor. An individual under contract to USDA (for the purpose of HSPD-12
implementation).
f. Credential. An identity card (“smart card”) also known as LincPass issued to an
individual that contains stored identity credentials so that the claimed identity of
the cardholder can be verified against the stored credentials by another person or
by an automated process. There may be other approved forms of a credential
when applicable.
g. Employee. Defined in 5 U.S.C §2105 (2014) “Employee,” within a department or
agency. “Employee” means a person, other than the President and Vice President,
employed by, detailed or assigned to, USDA, including members of the Armed
Forces; an expert or consultant to USDA; an industrial or commercial contractor,
licensee, certificate holder, or grantee of USDA, including all subcontractors; or
any other category of person who acts on behalf of an agency as determined by
the agency head
h. Federal Facility or Information System Access. Authorization granted to an
individual to physically enter federally controlled facilities, and/or electronically
(logically) access federally controlled information systems for approved purposes.

A-1

i. Identity-proofing. The process of providing sufficient information (e.g., driver’s
license, proof of current address) to a registration authority, or the process of
verifying an individual’s information that he or she is that individual and no other.
j. LincPass. USDA has named their common ID card the LincPass, as it is designed
to link a person’s identity to an identification card and the card to a person’s
ability to access Federal buildings and computer systems. The spelling of
LincPass is a tribute to President Abraham Lincoln, who created the People’s
Department (now USDA) in 1862.
k. Logical Access Control System (LACS). Protection mechanisms that limit a
user’s access to information and restrict their forms of access on the system to
only what is appropriate for them. These systems may be built in to an operating
system, application, or an added system.
l. National Agency Check with Inquiries (NACI). The basic and minimum
investigation required of all new Federal employees and contractors consisting of
searches of the OPM Security/Suitability Investigations Index (SII), the Defense
Clearance and Investigations Index (DCII), the FBI Identification Division’s
name and fingerprint files, and other files or indices when necessary. A NACI
also includes written inquiries and searches of records covering specific areas of
an individual’s background during the past five years (inquiries sent to current
and past employers, schools attended, references, and local law enforcement
authorities).
m. Physical Access Control System (PACS). Protection mechanisms that limit users'
access to physical facilities or areas to only what is appropriate for them. These
systems typically involve a combination of hardware and software (e.g., a card
reader), and may involve human control (e.g., a security guard).
n. PIV-II Compliant Credential. An identity card (“smart card”) also known as
LincPass issued to an individual that contains stored identity credentials so that
the claimed identity of the cardholder can be verified against the stored
credentials by another person or by an automated process.
o. Routine access. A person that is accessing the facility and/or information system
without an escort and/or continuous monitoring by a USDA official. The
agency’s determination should be based upon the support to successfully
complete USDA’s mission critical functions/missions. This type of access
requires a mandatory PIV ID credential to be issued.

A-2

APPENDIX B
ABBREVIATIONS

DM
ePACS
FERO
FISMA
FIPS
GSA
HSPD-12
LACS
LincPass
NACI
NIST
OCIO
OIG
OMB
OPM
OPPM
OHSEC
PACS
USDA

Departmental Manual
Enterprise Physical Access Control System
Federal Emergency Response Official
Federal Information Security Management Act
Federal Information Processing Standard
General Services Administration
Homeland Security Presidential Directive 12
Logical Access Control System
PIV-II Compliant Badge for USDA
National Agency Check with Inquiries
National Institutes of Standards and Technology
Office of Chief Information Officer
Office of the Inspector General
Office of Management and Budget
Office of Personnel Management
Office of Procurement and Property Management
Office of Homeland Security and Emergency Coordination
Physical Access Control System
United States Department of Agriculture

B-1

APPENDIX C
HSPD-12 SOURCE DOCUMENTS
a. Homeland Security Presidential Directive (HSPD) 12, Policy for a Common
Identification Standard for Federal Employees and Contractors, August 27,
2004
b. Computer Security Act of 1987, Pub. L. No. 100-235, 101 Stat. 1724 (1988),
(codified as amended at scattered sections of 15 and 40 U.S.C.)
c. U.S. Department of Commerce, National Institute of Standards and
Technology (NIST), Federal Information Processing Standard Publication
(FIPS) 201-1, Personal Identity Verification, March 2006
d. Office of Management and Budget (OMB) Memorandum, Implementation of
Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common
Identification Standard for Federal Employees and Contractors M-05-24,
August 5, 2005
e. OMB Memorandum, Acquisition of Products and Services for
Implementation of HSPD-12, M-06-18, June 30, 2006
f. OMB Validating and Monitoring Agency Issuance of Personal Identity
Verification Credentials, M-07-06, January 11, 2007
g. OMB M11-11 Continued Implementation of Homeland Security Presidential
Directive (HSPD) 12-Policy for a Common Identification Standard for
Federal Employees and Contractors, February 2011.
h. Privacy Act of 1974, 5 U.S.C. § 552a (2014).
i. U.S. Department of Commerce, National Institute of Standards and
Technology, Special Publications (SP):
(1) 800-37-1, Guide for Applying the Risk Management Framework to
Federal Information Systems, February 2010
(2) 800-53-4, Security and Privacy Controls for Federal Information Systems
and Organizations, February 2012.
(3) 800-63-1, Electronic Authentication Guideline, December 2011.
(4) 800-87-1, Codes for the Identification of Federal and Federally-Assisted
Organizations, April 2008.
(5) 800-104, A Scheme for PIV Visual Card Topology, January 2007.
j. Department Manual (DM 4620-002) Common Identification Standard for U.S.
Department of Agriculture Employees and Contractors

C-1

k. Department Regulation 3640-001 Identity, Credential, and Access
Management
l. Form I-9 (Rev. 10/4/00) – Department of Justice (OMB No. 1115-0136)
m. 5, C. F.R. § 736.101
n. 5 U.S.C §2105 (2014)
o. 5 U.S.C. § 7513(d) 2014
p. 5 C.F.R. § 752.405 (2014)
q. Title VII of the Civil Rights Act, 42 U.S.C. § 2000e, et seq. (2014).
r. Executive Order 11478, Equal Opportunity Employment in the Federal
Government (1969).
s. Federal Information Management Act of 2002 (FISMA), 44 U.S.C. § 3541, et
seq. (2014).

C-2