What are the practical implications of Subpart 4.13 - Personal Identity Verification?

* **Administrative Overhead:** For contractors, this subpart necessitates a robust internal tracking system for government-issued credentials. Losing a single badge is not just a security breach but a potential contractual non-compliance issue. * **Final Payment Delays:** The "teeth" of this subpart lie in the CO's ability to hold up final payment. Contractors should make the "PIV Return Process" a mandatory part of their employee offboarding and contract closeout checklists to avoid cash flow interruptions. * **Pre-Award Planning:** During the solicitation phase, contractors should clarify whether the government deems access "routine" or "intermittent," as this significantly impacts the cost and complexity of personnel onboarding. * **Security Convergence:** This subpart bridges the gap between physical security and cybersecurity, treating a building badge with the same level of scrutiny as a network login, reflecting a unified approach to federal "Zero Trust" architectures.

Who is responsible for Subpart 4.13 - Personal Identity Verification?

* **Contracting Officers (COs):** * Must insert FAR clause **52.204-9** into solicitations and contracts when routine access is required. * Authorized to delay final contract payment if PIV products are not accounted for and returned. * **Agencies:** * Must designate an official responsible for verifying the personal identity of contractor employees. * Responsible for ensuring that any PIV products procured (if not through GSA) meet all federal interoperability and lifecycle standards. * **Contractors:** * Must account for all government-provided identification issued to their employees. * Must ensure the timely return of all PIV cards/badges to the issuing agency.

← All Free ToolsGo back to previous tools page

Explore More Tools →

subpart4.13

Subpart 4.13 - Personal Identity Verification

FAR Subpart 4.13 establishes the policies and procedures for the Personal Identity Verification (PIV) of federal contractors and subcontractors. It ensures that

Sections

4 items

4.1300 · Scope of subpart

4.1301 · Policy

4.1302 · Acquisition of approved products and services for personal identity verification

4.1303 · Contract clause

Overview

FAR Subpart 4.13 establishes the policies and procedures for the Personal Identity Verification (PIV) of federal contractors and subcontractors. It ensures that all non-governmental personnel requiring routine access to federally-controlled facilities or information systems comply with standardized identification requirements mandated by FIPS PUB 201 and Homeland Security Presidential Directive (HSPD) 12.

Key Rules

Mandatory Compliance: Agencies must follow FIPS PUB 201 and OMB Guidance M-05-24 for any contractor requiring routine physical or logical (IT system) access.
"Routine" vs. "Intermittent": The requirements apply only to personnel with routine access. Contractors requiring only intermittent access to facilities are exempt from these specific PIV requirements.
Approved Products Only: Agencies are restricted to purchasing only PIV products and services that are officially approved (typically through GSA Federal Supply Schedule 70).
Identity Return Policy: Contractors must return PIV cards or badges as soon as they are no longer needed, when an employee leaves the company, or when the contract is completed/terminated.
Payment Leverage: The government has the specific authority to withhold final payment to a contractor if they fail to return all issued PIV products.

Responsibilities

Contracting Officers (COs):
- Must insert FAR clause 52.204-9 into solicitations and contracts when routine access is required.
- Authorized to delay final contract payment if PIV products are not accounted for and returned.
Agencies:
- Must designate an official responsible for verifying the personal identity of contractor employees.
- Responsible for ensuring that any PIV products procured (if not through GSA) meet all federal interoperability and lifecycle standards.
Contractors:
- Must account for all government-provided identification issued to their employees.
- Must ensure the timely return of all PIV cards/badges to the issuing agency.

Practical Implications

Administrative Overhead: For contractors, this subpart necessitates a robust internal tracking system for government-issued credentials. Losing a single badge is not just a security breach but a potential contractual non-compliance issue.
Final Payment Delays: The "teeth" of this subpart lie in the CO's ability to hold up final payment. Contractors should make the "PIV Return Process" a mandatory part of their employee offboarding and contract closeout checklists to avoid cash flow interruptions.
Pre-Award Planning: During the solicitation phase, contractors should clarify whether the government deems access "routine" or "intermittent," as this significantly impacts the cost and complexity of personnel onboarding.
Security Convergence: This subpart bridges the gap between physical security and cybersecurity, treating a building badge with the same level of scrutiny as a network login, reflecting a unified approach to federal "Zero Trust" architectures.

Need help?

Get FAR guidance, audit prep support, and proposal insights from the AudCor team.

Talk to an expert