10.2.5  Identification Card

Manual Transmittal

September 05, 2014

Purpose

(1) This transmits revised IRM 10.2.5, Security, Privacy and Assurance, Physical Security Program, Identification Card.

Material Changes

(1) This IRM was updated to reflect current organizational titles, scope, definitions and authorized use.

(2) New guidance is provided on the use of the HSPD-12 PIV card.

Effect on Other Documents

This IRM supersedes IRM 10.2.5 dated September 30, 2008.

Audience

Servicewide

Effective Date

(09-05-2014)

Kevin Q. McIver
Director, Physical Security and Emergency Preparedness (PSEP)
Agency-Wide Shared Services (AWSS)

10.2.5.1  (09-05-2014)
Scope

  1. This section applies to the control and issuance of Identification (ID) cards. ID cards are an authorized form of identification media that are designed to provide evidence of the bearer’s identity when accessing Agency resources and facilities.

10.2.5.2  (09-05-2014)
Authorized Use

  1. Photo ID cards will be issued to all IRS employees and contractors that have been approved for staff-like access. Cards will be worn at all times while in IRS facilities.

  2. In order to maintain the validity and reliability of the ID card, unauthorized personnel will never have access to the card stock or equipment; employees and contractors will never have more than one ID card in their possession unless approved. See IRM 10.2.5.11 (2) ; and, cards will be recovered from all persons that separate from the IRS.

10.2.5.3  (09-05-2014)
Definitions

  1. Escort Only ID card - Non-Photo Escort Only ID cards are issued to non-governmental personnel visiting IRS controlled facilities, without a background investigation, and not on an access list.

  2. Visitor ID card - Non-Photo Visitor ID cards are issued to non-IRS personnel visiting IRS facilities on official business or contractors who have forgotten or lost their ID card. Such people must be on an access list, must show a picture ID (such as a driver’s license or government issued ID), must sign a visitor register, and must be sponsored by an IRS employee or contractor with current National Background Investigation Center (NBIC) and a staff-life access approval memo from Personnel Security.

  3. Access List - A list of visitors that must be provided to the servicing PSEP office prior to visiting IRS controlled facilities. Local PSEP building access procedures are followed for federal and non-federal visitors.

  4. Visitor Register - Form 12811 or a similar form containing the following data: Name, Signature, Representing Company/Office, Address of Company/Office, Purpose of Visit, Person to be Contacted, Badge Number, Badge Issuance and Return Date and Time. This form must be used to log-in and be signed by non-federal and non-IRS government personnel visiting IRS controlled facilities.

  5. Staff-like access - Staff-like access is given to contractors on an IRS government contract with a favorable background investigation who regularly need to be in a designated work areas without an escort. Examples include janitorial services and mail delivery.

  6. Vendor - Non-IRS personnel visiting an IRS controlled facility to fulfill a service request (i.e., plumber, delivery to the cafeteria/canteen) or perform work in non-work areas.

  7. Temporary ID card - Non-Photo Temporary ID cards are issued to IRS employees who forget or lose ID cards. "Temporary" does not describe employment status; temporary IDs are issued to current IRS employees that have been approved for interim or final staff-like access.

  8. SmartID - The SmartID card contains a certificate in a gold chip and provides access to computer systems and facilities.

  9. Physical Access Control (PAC) - The PAC card will replace the Legacy ID and will be servicewide by June 30, 2014.

  10. Pseudonyms - A pseudonym is a fictitious name. The use of a pseudonym is issued to IRS employees for the protection of personal safety and the prevention of harm or danger. Pseudonyms are processed by the Office of Privacy in accordance with the Federal Service Impasses Panel decision dated May 10, 1992, and under the provisions of Section 3706 of the Restructuring and Reform Act of 1998. The procedures for requesting and approval of pseudonyms are found in IRM 10.5.7, "Use of Pseudonyms by IRS Employees" .

  11. Termination - When an employee leaves the IRS, retires, or becomes deceased while employed by the IRS, the SmartID credential or PAC card will be terminated via Personal Identification Verification (PIV) Data Synchronization (PDS) to include revoking all certificates, access to facilities and systems, and includes the physical destruction of the card (if not lost, stolen, etc.) The SmartID must be terminated in PDS/USAccess within 18 hours of being reported. In addition, managers are responsible to ensure that the Separated Employee Clearance (SEC) records for employees are reconciled according to Human Resources (HR) Guidance and all items are collected and/or returned to respective office. For contractors, Contracting Officer's Representatives (COR) should follow Contractor Security Management (CSM) contractor termination procedures. Contractor SmartIDs must be terminated via USAccess within 18 hours of reporting.

  12. Security Area - A security area is an area to which access is limited to authorized personnel only. A security area refers to limited (formerly restricted) and controlled areas (formerly secured).

    1. Limited - An area to which access is limited to authorized personnel only. Two factor authentication will be required.

    2. Controlled - An area to which only personnel assigned to work in that area and other personnel designated by the responsible Business Unit are authorized to have unescorted access. All visitors shall be escorted by staff personnel authorized unescorted entry into a Controlled Area.

  13. Velocity- The IRS Enterprise Physical Access Control System (ePACS) is primary system used by the IRS for access control to IRS facilities. The system uses the HIRSCH Identiv Velocity suite of Commercial Off The Shelf (COTS) for application data base software.

10.2.5.4  (09-05-2014)
Responsibilities

  1. The Chief, Agency-Wide Shared Services (AWSS), is authorized to prescribe identification media for use within the IRS.

  2. The Director, Physical Security and Emergency Preparedness (PSEP), is responsible for oversight of the planning, developing, implementing, evaluating, and controlling the identification card media program.

  3. The Director, Identity Credential and Access Management (ICAM), is responsible for planning, developing, implementing, evaluating, and controlling the identification card program.

  4. All IRS managers, and Contracting Officer’s Representatives (COR) have a responsibility for:

    1. Ensuring that authorized employees under their supervision are issued ID cards and wear their ID cards properly at all times. See IRM 10.2.5.6

    2. Collecting ID cards of intermittent employees, employees/contractors who separate, employees placed in non-work status (i.e. seasonal, intermittent, leave without pay, suspension, etc.), and employees/contractors on their last workday; and, for immediately sending the recovered ID cards to the local servicing security office for deposition or retention for seasonal employees or employees on Leave Without Pay (LWOP).

    3. Determining that only authorized personnel are in the work area for which they are responsible, and immediately challenging the presence of suspected unauthorized persons in their area.

    4. Requesting replacement ID cards for their employees when worn, reported lost/stolen, or when the photo no longer accurately depicts the employee.

    5. Informing all employees under their control of the importance of good security practices.

    6. Using the automated Separating Employee Clearance (SEC) process to certify recovery and return of ID media from separating employees to the local servicing security office (IRS managers only).

    7. Documenting the recovery and return of ID media on the Form 14604 Contractor Separation Checklist and giving that checklist to CSM when completed (COR only).

  5. All employees and other persons issued an ID card are responsible for:

    1. Safeguarding their ID card.

    2. Wearing their ID card properly at all times during work hours.

    3. Promptly reporting loss of their ID card to their supervisor.

    4. Immediately reporting to their supervisor and the local servicing security office, the presence of unauthorized personnel in the work area.

    5. Returning their ID card to their manager/COR when placed in a non-work status or upon separation from the Service.

    6. Reporting lost/stolen ID media to the local servicing security office and to the Situation Awareness Management Center (SAMC) and Treasury Inspector General for Tax Administration (TIGTA) in accordance with IRM 10.2.8, Incident Reporting.

10.2.5.5  (09-05-2014)
ID Photography

  1. Lens to forehead distance should be approximately 40 inches. Subjects should be seated approximately 45 degrees to the camera and photographed with faces pointed at cameras. Subjects with eye glasses should turn heads slightly right or left to avoid glare. A light blue backdrop will be used.

  2. The function is to identify the authorized wearer’s facial features. Wearing hats, scarves, caps, et cetera may obscure facial features; therefore, these items may not be worn except to observe religion or to promote health. The same discretion used to obtain the subject’s driving license or identification card should be used, i.e., if such items are not present in local government identification, they should not be present in IRS identification.

10.2.5.6  (09-05-2014)
Display of ID Cards

  1. All persons shall wear ID cards when in IRS facilities. ID cards will be worn with an approved clip, fastened to either an item of clothing or to an approved lanyard worn around the neck, or in a card holder approved by the local servicing security office. SmartID cards must be worn in the approved/issued sleeve that is provided with the SmartID, no other cases are permitted.

  2. All cards must be worn above the waist (on the torso) in such a manner that the photo is clearly visible from the front at all times, and so the ID card is readable. No mementos or other items may be attached to the ID card. In instances where the SmartID is being utilized for work processes, i.e. Mandatory SmartID Sign-On, it is allowable to not have the ID card displayed above the waist as long as it is in the employee's physical possession at all times.

  3. Exceptions to these instructions for reasons of health, safety, or religion must be approved by the employee’s supervisor and the local servicing security office. In instances where the SmartID is being utilized for work processes, i.e. Mandatory SmartID Sign-On, it is allowable to not have the ID card displayed above the waist as long as it is in the employee's physical possession at all times.

10.2.5.7  (09-05-2014)
Description of ID Cards

  1. IRS ID media is designed and authorized for use as follows:

    • visual identification for entry control into all IRS offices;

    • entry control to security areas in campuses, computing centers and posts of duty;

    • visual identification of authorized individuals in the work area;

    • SmartID and PAC cards may be loaded onto the IRS electronic access control system to grant and monitor access at the facility or security area.

10.2.5.7.1  (09-05-2014)
SmartID and PAC Cards

  1. All IRS photo ID cards are the same size as a standard plastic credit card. On the SmartID and PAC card, a photograph of the employee is located in the upper left corner, with a blue background, and one of the following "United States Government" "Security Official" ," Law Enforcement Official" or "Critical Operations" printed above the photo. The upper right corner contains the expiration month and year, followed by the agency abbreviation. To the right of the photograph are the agency seal, superimposed by the employee’s affiliation (Employee or Contractor), agency name, and the full expiration date.

  2. The subject’s legal name (or pseudonym) is below the photo, at left, and below that, at right, is the ten-digit number starting with "100" , located above the gold chip (SmartID card only). All employees who have been issued a SmartID or PAC card containing the ten-digit Personal Identification number (PID) should use the entire ten-digits in written or verbal communications with taxpayers. Non-photo PAC cards will have a ten digit numbering scheme beginning with "800". The concealed weapon indicator, and at left, an "R" indicator, if applicable, for access to limited areas. (See IRM 10.2.14 Methods of Providing Protection) The bottom center features microprint reading "US Federal Government Shared Credential"

  3. The back of the SmartID contains the manufacturer name, model, and serial number, a magnetic strip similar to those found on credit cards, microprint reading "US Federal Government Shared Credential" , a warning against misuse, a return address, the subject’s height, eye color, and hair color, a zebra code, a smaller version of the manufacturer serial number, and the alphanumeric digits contained in the zebra code. The back of the PAC card has "Department of the Treasury Internal Revenue Service" printed in blue followed by the card warning, property statement, and return address. The PAC card also has a magnetic strip along the bottom of the card and embedded proximity for access to facilities, when programmed.

  4. Contractor photo ID cards will display the Contractor’s name printed in black lettering and highlighted in green.

  5. Foreign Nationals’ name will be displayed in black lettering and highlighted in blue.

10.2.5.7.2  (09-05-2014)
Non-Photo ID Cards

  1. All IRS non-photo ID cards are the same size as a standard plastic credit card. The non-photo ID cards are white cards with the letter "V" or "E" in a red field or the letter "T" in a blue field in the top left corner of the ID card. The words "Visitor", "Visitor Escort Only", "Visitor Non-Work Area" or "Temporary" will be typed under the highlighted field with the words "United States Government typed above the highlighted field.

  2. The upper right corner contains the expiration month and year, followed by the agency abbreviation, the agency seal, superimposed by the subject’s affiliation (Visitor), agency name, and the full expiration date. The bottom center features a picture of the IRS emblem and followed by "IRS.gov" . The back of the Visitor and Escort Only ID cards have "Department of the Treasury" Internal Revenue Service printed in blue followed by the card Warning, property statement and return address. The back of the ID cards have a magnetic strip along the bottom of the card and embedded proximity for access to facilities, when programmed.

  3. IRS employees or contractors who forget or lose their ID card will be issued a non-photo temporary ID card with a letter "T" in a blue field with the word "Temporary" typed below a blue field.

10.2.5.7.3  (09-05-2014)
Emergency Response Indicator

  1. Persons serving as emergency responders will be issued a Smart ID card or PAC card with text at the bottom of the card stating “Emergency Response Official” highlighted in red that identifies them as an emergency responder.

10.2.5.8  (09-05-2014)
ID Card Issuance

  1. Issuance procedures are outlined in this IRM and no exceptions can be made without advance approval from the ICAM office.

    1. All photo ID cards will be issued by the local servicing security office. A record will be maintained on every ID card issued (see IRM 10.2.5.14).

    2. Unless an exception applies, all IRS employees will be issued a photo ID card. In locations with ID media equipment, all IRS employees will be issued a photo ID PAC card, if a SmartID card has not been received on their first day of duty. Locations without ID media equipment may assign non-photo cards to cards to employees pending the issuance of photo ID cards. Non-photo ID cards may not be removed from the facility.

    3. At IRS controlled facilities, individuals visiting the site will report to the reception desk or control point where the individual’s authority and identity will be verified. At facilities not controlled by IRS, safeguards should be established to ensure that only authorized personnel have access to IRS work areas.

    4. The receptionist, guard, or responsible employee at the reception point will:

    • verify the visitor’s authority and identity,

    • make the necessary entries in the visitor register,

    • issue the appropriate non-photo ID card, and

    • instruct the recipient concerning the proper procedures for wearing, using, and returning the ID card.

  2. Exceptions to entry access screening may only be granted by the PSEP Territory Manager, Area Director, or other authority within AWSS PSEP management, and must be due to extenuating circumstances. Extenuating circumstances, such as screening handicapped personnel, may require special considerations regarding screening. Alternative methods of screening personnel must be considered and implemented with PSEP supervisor/manager approval.

10.2.5.8.1  (09-05-2014)
Employees

  1. IRS federal personnel must be issued a SmartID or PAC card after a background investigation has been initiated, favorable adjudication is granted, and approval for staff-like access has been granted. Employees’ SmartID card sponsorship process must be completed by Human Capital Office (HCO) via PIV Data Synchronization (PDS) and USAccess.

  2. Employee ID cards will indicate their affiliation as "Employee" . PAC cards will be issued via Velocity or a certified access control system by ICAM while employees are awaiting a SmartID card. PSEP will issue employees ID cards.

10.2.5.8.2  (09-05-2014)
Contractors

  1. IRS contractor personnel must be issued a SmartID or PAC card after a background investigation has been initiated, favorable adjudication is granted, and approval for staff-like access has been granted. IRS Contractors’ SmartID card onboarding and sponsorship process must be completed by CSM via USAccess until PDS is implemented for contractors.

  2. Contractor ID cards will indicate their affiliation as "Contractor" . PAC cards will be issued via Velocity or a certified access control system while contractors are awaiting a SmartID card, if required. PSEP will issue cleared Contractors ID cards.

    1. In order to receive a SmartID or PAC card, the contractor must have a favorable staff-like access approval memo with a minimum of interim access from IRS Personnel Security. Contractors working more than 180 days and require facilities and IRS system(s) access or Contractor requires IRS system(s) access only or Contractor requires SmartID to access facility (Facilities where the SmartID is used for access by other federal agencies).

    2. The COR must authorize contractors to have an ID card by signing Form 13716-A. Contractors must present Form 13716-A and a current staff-like access approval memo when requesting an ID card. Form 13716-A and the staff-like access memo may be sent via fax with the COR’s signature or via email with an electronic signature to the local servicing security office. Contractors’ employment status should be verified in USAccess until contractor are entered in PDS before issuing the contractor an ID card.

10.2.5.8.3  (09-05-2014)
Seasonal Employees

  1. SmartID cards, with the affiliation “Employee”, must be issued to seasonal employees in Customer Accounts Service (CAS) - Accounts Employees Management, Compliance and Customer Assistance, Relationship and Education (CARE) - Field Assistance. Seasonal employees in Small Business/Self Employed (SB/SE) and Wage and Investment (W&I) CAS - Accounts Management, Compliance, and CARE - Field Assistance who have started, but not yet completed, the SmartID credentialing process must proceed with their enrollment. Once Seasonal employees are furloughed, their SmartID cards must be returned to the servicing PSEP office and their employment status will be changed to from Active to Suspended in USAccess and PDS. The SmartID card should be stored in a lockable cabinet or container that meets SP-2 security requirements in the servicing PSEP office until the employee returns to duty (RTD). Once the employee RTD, the employee's record will be updated to active.

10.2.5.8.4  (09-05-2014)
Submission Processing Employees

  1. IRS Submission Processing (SP) Seasonal Employees will be issued PAC cards and will indicate their affiliation as “Employee.” Seasonal employees in SP with Organization (ORG) code 934161-69 and work schedule G, J, Q, T, and intermittent employees will not receive SmartID cards. At the end of their tenure, Submission Processing employees are to return their ID card to their manager and the manager must return the card to the local servicing security office and their employment status will be changed to from Active to Suspended in USAccess and PDS to account for the ID and secure the card in a lockable container that meets SP-2 security requirements in the local servicing security office until the employee returns to duty (RTD). Once the employee RTD, the PAC card will be reissued and properly coded in the local access control system at the site.

10.2.5.8.5  (09-05-2014)
International Employees

  1. Currently, GSA does not have a process to issue SmartIDs to international employees and contractors. If an overseas employee has a SmartID that is expiring, they must contact *IRS HSPD-12 ICAM to be issued a PAC card. International employees will need to contact the Information Technology (IT) Help Desk and request to be exempt from mandatory SmartID use with IRS systems. IT will place these employees in an exception group.

10.2.5.8.6  (09-05-2014)
Non-Paid Veteran Interns

  1. Non-paid veteran interns are not required to be issued SmartID cards. Non-paid veteran interns will be issued PAC cards.

10.2.5.8.7  (09-05-2014)
Visitors

  1. Federal employees visiting an IRS facility may be issued a Visitor ID for general access. Visitor ID cards may be issued to non-federal personnel who have a favorable background investigation ONLY and a copy of the staff-like access memo has been received prior to the visit or have a non- expired SmartID that can be validated. Such persons must be on an authorized access list, must be scheduled, show an official, valid picture ID such as a driver’s license or other federal, state, city or local government issued photo identification card to verify identity, sign the visitor's register and be screened where feasible. Visitor ID cards may also be issued to federal IRS employees on non-work status, i.e., NTEU officials and seasonal employees.

  2. Non-federal personnel who have an infrequent need to be at an IRS facility on a continuing basis over a period of time (180 days or more), have a favorable background Investigation and do not require staff-like access may be issued a Visitor ID.

  3. In certain instances, vendors that do not require staff-like access or tax checks may require access to non-work areas, for example, to make deliveries to an IRS controlled facility such as a break room to fill the soda machine. At the discretion of local management, the vendor may be given a non-photo ID with an inscription specifically restricting access to non-work areas (i.e. access limited to public area) as long as the delivery is scheduled, the vendor is in appropriate uniform, a company photo ID is displayed, an IRS employee authorizes access and the individual and delivery is screened. When the service is requested, the name of an individual should be provided by the company and the individual requesting the repair should notify the local servicing security office. Visitors must show a valid picture ID (company photo ID is acceptable) and must sign the visitor register. IRS employees should be reminded that unannounced visitors in an area should be immediately reported to their manager.

  4. Staff-like access may not be given to non-federal personnel who do not work for the IRS, (the IRS has not contracted for their services), do not have a need and are not authorized to access IRS work areas (i.e. child care workers, credit union employees). These individuals require access to non-IRS areas only. Photo badges may not be issued to these non-federal personnel.

  5. Only known IRS NTEU Chapter Presidents assigned to IRS facilities that are not employees or contractors and are properly vetted and have a justified (bona fide) need to access IRS facilities may be issued a Visitor ID card or PAC card with the affiliation listed as "Contractor" , if they have a favorable background investigation to gain access to IRS facilities. The PAC ID card may be retained while performing duties as a NTEU Chapter President. Access to IRS facilities will be monitored thru the local access control system.

  6. Non-IRS U.S. government personnel visiting IRS facilities on official business may be issued Visitor ID cards. Such individuals must be on an access list, must show a picture ID (such as a driver’s license), must sign a visitor register, and must be sponsored by an IRS employee. Although non-IRS U.S. government personnel are not required to be escorted in general access areas, access should be limited to only those areas with a need. At campuses and computing centers, local management shall determine if such individuals shall be escorted. If it is necessary for such individuals to access security areas, security area managers must approve access and visitors must be escorted.

  7. Authorized IRS personnel visiting an IRS facility on an official business will display their own ID card. Authorized IRS visitors requiring access to security areas (controlled or limited) will display a photo ID card with a Limited Area Indicator.

10.2.5.8.8  (09-05-2014)
Escort Only Visitors

  1. Non-federal personnel, visiting an IRS facility, who do not have a verified background check and who are not on the visitor access list, must be issued an "Escort Only" ID card. Such individuals must sign the Visitor’s register and be screened. The Escort Only ID card should only be issued after the individual shows an official, valid picture ID, such as a driver’s license or other federal, state, city or local government issued photo identification card, signs the recovery visitor register and is verified by an IRS employee assigned to the facility. Individuals requiring an "Escort Only" ID card must be escorted by an authorized individual such as an IRS employee or cleared contractor with approved final staff-like access.

  2. At the discretion of local management, Escort Only ID cards may also be issued to other federal employees requiring access to security areas. Such individuals may not be given staff-like access. Access to such areas may be granted only during duty hours when an IRS employee is on site. IRS employees assigned to the work area should be notified that contractors or vendors are working in the area and should be reminded to ensure sensitive information is not discussed, disclosed or displayed. IRS employees should be reminded that unannounced visitors in an area should be immediately reported to managers. IRS and contractor employees should be reminded to ensure sensitive information is not discussed, disclosed or displayed.

  3. At the discretion of the local management, federal employees and non - federal visitors may be issued an "Escort Only" ID card with a Limited Area Indicator if visiting a security area.

  4. Non-photo ID cards cannot be removed from the issuing facility and should never be used as access authorization to a facility. They must be returned when the individual departs the facility or security area. These IDs are intended to identify the wearer’s authority to be in the work area and indicate whether they must be escorted, whether they may have unescorted access to general areas, and whether they are IRS employees.

  5. Individuals issued non-photo ID cards will return them daily before close of business. Issuing points for non-photo ID cards will inventory such cards once every twenty-four hours of each workday, using Form 6662, "Daily ID Card Inventory Report" . If any are missing, immediate action will be taken to attempt recovery, and the local servicing security office will be notified if recovery attempts fail. Frequently, visitors and IRS personnel will attempt to exit a door other than where they were issued an ID card. Local procedures can be established whereby door monitors can collect ID cards and return them to the issuing point. As an example, at a campus or computing center, a guard could return cards to the main guard control, which, in turn, could return cards to the proper control point.

  6. Authorized IRS personnel visiting an IRS facility on official business will display their own ID card. Authorized IRS visitors requiring access to restricted areas will display a photo ID card with a Limited Area Indicator.

  7. In general, access outside of business hours may not be granted to non-IRS personnel if IRS employees or authorized contractors are not present. However, exceptions can occur. For example, in work areas where clean desk policy is being followed and where individuals are scheduled to perform services that do not require access to sensitive areas, systems, or information, access may be authorized, such instances may include janitorial services. Such access may not be authorized at processing or computing centers, their satellite buildings, or to areas unless IRS employees or authorized contractors are present.

10.2.5.8.9  (09-05-2014)
Limited Area

  1. Persons granted access to a Limited Area will be issued ID cards with the letter "R" in black located in the lower left corner.

  2. Access to Limited Areas within campuses, computing centers, and other IRS facilities, must be approved by the appropriate Limited Area manager and access will be controlled as set forth in IRM 10.2.14 Methods of Providing Protection

  3. Employees who require access to a restricted area temporarily, i.e. temporary promotion or detail, will be granted access temporarily in the local control access system with a specific time frame; access to the area will be suspended once the time frame elapses. Employees who require long-term access to Limited Areas should be reissued an ID card with a "R" indicator. If an employee or contractor is temporality promoted or on a detail and no longer requires access to a Limited Area, the employee or contractor may retain their ID card with the R indicator; however, access to the Limited Area must be removed in Velocity or the local access control system by the local servicing security office. The manager of the employee or contractor must notify PSEP and the Limited Area monitor when the employee or contractor no longer requires access to the Limited Area so the local servicing security office can properly remove access to the limited area.

  4. TIGTA employees who are located at an IRS POD and require access to limited areas are authorized to have their SmartID coded with an "R" indicator upon approval by the Limited Area manager. USAccess, Treasury and TIGTA sponsors are authorized to code ID cards for TIGTA employees with an "R" indicator as long as access has been authorized by PSEP and the manager of the Limited Area that is being requested. Justification must be provided and coordinated with the ICAM office and the local servicing security office.

10.2.5.8.10  (09-05-2014)
Pseudonyms

  1. Employees with approved pseudonyms by the Office of Privacy must be issued SmartID or PAC ID cards in their pseudonym name, but not their legal and pseudonym name. If employees already possess ID cards in their legal name and request an ID in their approved pseudonyms, then the ID card with their legal name must first be recovered and destroyed and new ID numbers must be used on the pseudonym ID card. Pseudonym names will generally be last name only; however, in some cases pseudonyms may be first and last name. pseudonym name must match on SmartID and pocket commission, if applicable.

  2. Before issuing pseudonym ID cards, physical security personnel must receive a request signed by the employee’s manager and the Office of Privacy containing the:

    • employee’s legal name,

    • employee’s approved pseudonym name,

    • employee’s standard position title and series,

    • employee’s post of duty and business phone number,

    • manager’s mailing address and business phone number, and

    • business unit.

  3. Pseudonym ID cards name must remain effective until recipients request removal from program, transfer to another location, position, or office, or separate from the IRS, or management substantiates via memorandum that pseudonyms are no longer required. Records of issuance must be maintained under both employee legal names and authorized pseudonym names.

10.2.5.9  (09-05-2014)
Mandatory SmartID Sign-On

  1. Employees and contractors with SmartIDs are required to use their SmartIDs to access IRS computers and IRS Local Area Network (LAN) network. Employees and contractors waiting for SmartIDs will be permitted to use a user name and password to access the IRS LAN network. Mandatory SmartID Sign-On software, drivers, fail to log on and SmartID certificate issues should be addressed through the Enterprise Service Desk. ICAM will continue to manage the maintenance and operations of HSPD-12 and SmartIDs.

10.2.5.10  (09-05-2014)
ID Card Reissuance

  1. Employees, supervisors, and CORs will submit applicable ID card requests (Forms 13716, 13716-A, or other comparable request forms) to the local servicing security office to obtain new photo ID cards if:

    • The current ID card has expired (ID cards must be updated every five years),

    • ID cards are lost (a wait of 5 to 7 workdays is usually appropriate to ensure cards are lost and not merely misplaced),

    • ID cards are stolen,

    • The card holder’s name is changed, or

    • The image of the card holder no longer accurately depicts the card holder.

    Note:

    For name or appearance changes, the ID should be reissued in USAccess or Velocity with the same ID number, providing the ID to be replaced is recovered. Documentation of the name change must be retained in the ID media file for the life of the ID card to ensure accurate audit trails.

10.2.5.11  (09-05-2014)
Lost or Forgotten ID Cards

  1. Employees or contractors that forget or lose ID cards will visit reception desks or control points in IRS facilities where such points have been established. The following steps should be taken:

    1. Have employees or contractors complete Form 4589 Lost or Forgotten ID Card Record. When cards are not located within 5 to 7 workdays, procedures for issuing replacement ID cards will be initiated.

    2. Have employee supervisor or COR verify employee/contractor employment status and sign Form 4589. Only supervisors or designated representatives can sign Form 4589.

    3. Employees’ and contractors’ employment status should be verified in USAccess and local access control systems before issuing the employee or contractor a Temporary ID card.

    4. Forward completed Form 4589 to local servicing security office.

  2. When lost ID cards have been replaced and are subsequently found, they must be returned to the local servicing security office for destruction and the records reconciled. No employee or contractor shall have in their possession more than one ID card, except in areas with a Visitor ID or Escort ID card with "R" indicator where employees have received access to controlled areas after receiving a SmartID card. See IRM 10.2.5.13. No employee or contractor shall have in their possession two photo ID cards.

  3. Employees or contractors at locations where control points do not exist, who lose their ID cards, will complete Form 4589, Lost or Forgotten ID Card Record. Managers or CORs will forward Form 4589, along with application forms for replacement ID cards (Form 13716 or Form 13716-A), to the local servicing security office.

  4. When ID cards are lost, the local servicing security office, TIGTA and CSIRC should be notified immediately. For SmartID Cards, the local physical security officer must terminate issuance status in USAccess within 18 hours of reporting lost card. For PAC cards, the local servicing security office will terminate access in Velocity and/or local access control system. At locations with audit trails, the local servicing security office will obtain reports showing activity involving lost cards. Improper use will be evaluated by the local servicing security office and referred to TIGTA.

  5. If an ID card with access to a security area is lost, the local servicing security office must be notified immediately. The local servicing security office will immediately invalidate the card in the controlled access system. At locations with audit trails, the local servicing security office will obtain a printout report showing any activity involving the lost card since it was last known to be in proper custody. Any improper use identified will be evaluated by the local servicing security office and referred to TIGTA, as appropriate.

10.2.5.11.1  (09-05-2014)
Name Changes

  1. Only employees legal names, unless authorized to use a pseudonym, are to be entered into USAccess and HRConnect. Employees requesting a legal name change must submit a name change request thru HRConnect via the HRConnect self-service request an email change via ERC IT, once HRConnect completes the Personal Action Request (PAR). Email addresses should match the requested name change. Employees requesting name changes must complete Form 13716 to get a new ID card to reflect the name change. Contractors requesting a name change will need to have their COR complete Form 13716-A. Employees and Contractors will be required to show proof of identity i.e. driver’s license, marriage license, etc. during the enrollment process. For pseudonym name changes, see IRM 10.2.5.8.10

10.2.5.12  (09-05-2014)
Temporary ID Cards

  1. Temporary ID cards will be issued to current IRS employees and contractors that forget or lose their ID card and that have been approved for interim or final staff-like access. Employees and contractors who have forgotten or lose their ID card and have access to security areas, may be issued a Temporary ID card with a Limited Area Indicator. The local servicing security office should verify access to Limited Areas on Form 13716 or 13716 -A.

10.2.5.13  (09-05-2014)
ID Card Recovery

  1. Managers and CORs are responsible for ID card recovery from those separating or placed in non-work statuses and immediately returning recovered IDs to the local servicing security office. Off-site managers will advise separating employees and employees going in to non-work status to return ID media to the local servicing security office, to manager representatives, or to a Commissioner’s Representative (CR). If ID media are to be recovered by a CR, managers shall first advise the CR of separations and recovery needs.

  2. Employees terminating employment (resigning or retiring, transferring to another federal agency, etc.) shall return their ID cards to their managers or the local servicing security office on their last workdays. Employees whose resignations are not presented in person will be advised that ID cards must be returned. Local directives will provide procedures for employee clearance by phone or letter.

  3. Employees relocating or transferring within IRS, to another Post of Duty (POD) will retain their SmartID or PAC card. The local servicing security office no longer servicing the employee will terminate the employee’s access to the previous POD in the local access control system. Employees must make an appointment at the new POD with the local servicing security office to obtain building, room or security area access in the building’s access control system. Transfer employees must complete Form 13716 or 13716-A for contractors. The form must be approved and signed by the manager and submitted to the local servicing security office to obtain access to the new assigned facility.

  4. Managers will use the Separating Employee Clearance (SEC) system to initiate automated separating employee clearance modules, automatically notifying physical security personnel of a separation and that a manager has recovered an ID card. Physical security offices will use the SEC system to identify separating employees, verify recovery of ID media by management, and ensure ID media are returned to the local servicing security office. Card access should be removed from Velocity or other building access control systems and terminate issuance status in USAccess.

  5. When failing to recover separating employees’ ID cards or pocket commissions, managers must provide reports explaining circumstances of non-recovery. Reports will be sent to the local servicing security office and, when appropriate (e.g., forced termination), a copy will be sent to TIGTA and SAMC. Reports will be maintained by PSEP for a minimum of three years and will be used to detect concerns and facilitate corrective action such as security awareness training, notification of higher management, etc.

  6. ID cards should be recovered from employees on non-work status. Where seasonal employees work intermittently, managers will recover ID cards on employees’ last workdays and immediately forward cards to the local servicing security office immediately.

    1. Managers are to recover ID cards on employees’ last workday and employees are to be escorted to the exits. Managers will provide a list of employees in non-work status and return ID cards of these employees to the local servicing security office. When ID cards are not recovered, managers will document recovery attempts.

    2. Employees may return ID cards to the local servicing security office before shifts end and appropriate non-photo ID cards will be issued. Limited Area Register (Form 5421) shall be used to control non-photo ID cards with Limited Area designators.

  7. Physical security offices, supervisors, and CORs will ensure that Contractor employees that separate or transfer from the agency return ID cards on final workdays. CORs will use a separation checklist, which must be submitted to Contractor Security Management (CSM), to initiate separation for contractors. If contractors terminate or separate without returning ID cards, CORs will contact vendor companies and attempt recovery of the ID card. If not received within two weeks, CORs will contact bearers and recover cards and report to PSEP and TIGTA.

  8. Cards returned by IRS employees, contractors and non-IRS employees that separate or transfer to another agency, will be destroyed by the local servicing security office and will have access terminated in the local access control system and recorded. The PSEP security officer and registrar will terminate access using the Credential Inventory Tool (CIT) in USAccess. The Sponsor and/or Security officer should verify in PDS that employment status has been terminated for separated employees and contractors (once contractors are in PDS). The local servicing security office will terminate PAC card access in Velocity or the local access control system and destroy the card within 18 hours of reporting. ID cards returned by employees in non-work status may be retained for future use if in good condition. Cards in poor condition will be destroyed by the local servicing security office and have access terminated via the local access control system and will be reissued when the employee returns to duty.

10.2.5.14  (09-05-2014)
Records and Accountability

  1. Records of issuing offices must be such that they will account for all ID media card stock, issued, and recovered ID cards. Inventory and destruction records will be maintained for 3 years. Numeric and alpha files will be reconciled to ensure accuracy of the records.

  2. A central issuing point will be responsible for issuance of ID cards. The issuing point must be the local servicing security office and must be familiar with the procedures in this IRM.

  3. If an ID card is lost, stolen, or destroyed, that fact will be recorded on both the numerical and alphabetical files along with the date of occurrence.

  4. A complete inventory of all non-photo ID cards and an audit of non-photo ID card records will be performed daily.

10.2.5.15  (09-05-2014)
Protection and Disposition Procedures

  1. The following items must, at all times, be under the custody and control of an authorized IRS employee or contractor or locked in a security container, even if in a secured area, unless more protection is specified:

    • ID cards awaiting destruction.

    • All lamination

    • IRS identification cards when not in the personal custody of authorized holders.

    • Alphabetical records required by this IRM.

    • Lamination film

  2. ID media equipment (camera, computer, software, etc.) will always be under the custody and control of an authorized IRS employee. ID media equipment will be maintained in a locked room and accessible only to authorized employees.

  3. All items listed in (1) above, when no longer required, must be destroyed in accordance with IRM 10.2.13, Information Protection. Before ID media cameras are disposed, software, etc. must be disabled or deleted beyond reconstruction. All data (formats, seals, information, etc.) on automated ID media systems will be purged prior to disposal of a system to remove data from memory.

  4. The control and security of ID card supplies, records, and equipment will be the direct responsibility of the local servicing security office.

  5. The purchase of replacement equipment, repair service for equipment, and all supplies should be made by the facility in accordance with local instructions. Prior to the final purchase of new ID media equipment, offices will first provide samples of the product to the PSEP ICAM office for approval.


More Internal Revenue Manual