proofing before the RA
or trusted agent, as follows:
a. The Applicant presents a government-issued form of identification (e.g., an
Agency ID badge, a passport, or driver’s license) as proof of identity, and
b. The RA examines the presented credential for biometric data that can be linked
to the Applicant (e.g., a photograph on the credential itself or a securely linked
photograph of Applicant), and
c. The credential presented in step 3a above must be verified by the RA for
currency and legitimacy (e.g., the agency ID is verified as valid). Typically, this
is accomplished by querying a database maintained by the organization that
issued the credential, but other equivalent methods may be used.
4. Record and maintain a biometric of the Applicant (e.g., a photograph or fingerprint) by
the RA or CA. (Handwritten signatures and other behavioral characteristics are not
accepted as biometrics for the purposes of this policy.) This establishes an audit trail for
dispute resolution.
For contractors and other affiliated personnel, the procedures must include the following steps:
1. Verify that a request for certificate issuance to the Applicant was submitted by an
authorized sponsoring agency employee (e.g., contracting officer or contracting officer’s
technical representative).
2. Verify sponsoring agency employee’s identity and employment as follows:
a. A digitally signed request from the sponsoring agency employee, verified by a
currently valid employee signature certificate issued by an agency CA, may be
accepted as proof of both employment and identity,
b. Authentication of the sponsoring agency employee with a valid employee PIV-
authentication certificate issued by the agency may be accepted as proof of both
employment and identity, or
c. In-person or supervised remote identity proofing of the sponsoring agency
employee may be established before the registration authority as specified in
employee authentication above and employment validated through use of the
official agency records.
3. Establish Applicant’s identity by in-person or supervised remote proofing before the
registration authority or trusted agent, as follows:
a. The Applicant presents a government-issued form of identification (e.g., an
Agency ID badge, a passport, or driver’s license) as proof of identity, and
b. The RA examines the presented credential for biometric data that can be linked
to the Applicant (e.g., a photograph on the credential itself or a securely linked
photograph of Applicant), and