As prescribed in 1204.1303, insert the following clause:

Contractor Personnel Security and Agency Access (NOV 2022)

(a) Definitions. As used in this clause—

Agency access means access to DOT facilities, sensitive information, information systems or other DOT resources.

Applicant means a contractor employee for whom the Contractor applies for a DOT identification card.

Contractor employee means a prime contractor and subcontractor employee who requires agency access to perform work under a DOT contract.

Identification card (or “ID card”) means a government issued or accepted identification card such as a Personal Identity Verification (PIV) card, a PIV-Interoperable (PIV–I) card from an authorized PIV–1 issuer, or a non-PIV card issued by DOT, or a nonPIV card issued by another Federal agency and approved by DOT. PIV and PIV–1 cards have physical and electronic attributes that other (non-PIV) ID cards do not have.

Issuing office means the DOT entity that issues identification cards to contractor employees.

Local security servicing organization means the DOT entity that provides security services to the DOT organization sponsoring the contract.

(b) Risk and sensitivity level designations. For contracts requiring access to DOT facilities, sensitive information, information systems or other DOT resources, contractor employees will be required to complete background investigations, identity proofing, and government identification card application procedures to determine suitability for access. DOT will assign a risk and sensitivity level designation to the overall contract and/or to contractor employee positions by category, group or individual. The risk and sensitivity level designations will be the basis for determining the level of personnel security processing required for contractor employees. The following risk and sensitivity level designations and associated level of processing are required, and each level includes the prior levels—

(1) Low risk level: National Agency Check with Written Inquiries (NACI);

(2) Moderate risk level: Minimum Background Investigation (MBI); and

(3) High risk level: Background Investigation.

(c) Security clearances. Contractor employees may also be required to obtain security clearances (i.e., Confidential, Secret, or Top Secret). National Security work designated “special sensitive,” “critical sensitive,” or “non-critical sensitive,” will determine the level of clearance required for contractor employees. Personnel security clearances for national security contracts in DOT will be processed according to the Department of Defense National Industrial Security Program Operating Manual (NISPOM).

(d) Pre-screening of contractor employees. The Contractor must pre-screen individuals designated for employment under any DOT contract by verifying minimal suitability requirements to ensure that only candidates that appear to meet such requirements are considered for contract employment, and to mitigate the burden on the Government of conducting background investigations on objectionable applicants. The Contractor must exercise due diligence in pre-screening all employees prior to submission to DOT for agency access. DOT may decline to grant agency access to a contractor employee for reasons including, but not limited to—

(1) Conviction of a felony, a crime of violence, or a misdemeanor involving moral turpitude;

(2) Falsification of information entered on forms or of other documents submitted;

(3) Improper conduct including criminal, infamous, dishonest, immoral, or notoriously disgraceful conduct or other conduct adverse to the Government regardless of whether the conduct is directly related to the contract; and

(4) Any behavior judged to pose a potential threat to DOT facilities, sensitive information, information systems or other resources.

(e) Citizenship status. The Contractor must monitor a non-citizen's continued authorization for employment in the United States. The Contractor must provide documentation to the Contracting Officer or the Contracting Officer's Representative (COR) during the background investigation process that validates that the E-Verify requirement has been met for each contractor employee.

(f) Background investigation and adjudication. A contractor employee must have a favorable adjudication of background investigation before DOT will issue an ID card to the contractor employee granting access to DOT facilities, sensitive information, information systems or other DOT resources. DOT may accept favorable adjudications of background investigations from other Federal agencies when applicants have held PIV cards issued by those agencies with no break in service. DOT may also accept PIV–I (Interoperable) cards issued by an authorized PIV–1 issuer as evidence of identity. A favorable adjudication does not preclude DOT from initiating a new investigation when deemed necessary. At a minimum, the FBI National Criminal History Check (fingerprint check) must be favorably completed before a DOT identification card can be issued. Each Contractor must use the Office of Personnel Management's (OPM) e-QIP system to complete any required investigative forms. Instructions for obtaining fingerprints will be provided by the COR or Contracting Officer. The DOT Office of Security, M–40, or a DOT organization delegated authority by M–40, is responsible for adjudicating the suitability of contractor employees.

(g) Agency access denied. Upon contract award, DOT will initiate the agency access procedure for all contractor employees requiring access to DOT facilities, sensitive information, information systems and other DOT resources for contract performance. DOT may deny agency access to any individual about whom an adverse suitability determination is made. Failure to submit the required security information or to truthfully answer all questions shall constitute grounds for denial of access. The Contractor must not provide agency access to contractor employees until the COR or Contracting Officer provides notice of approval, which is authorized only by the DOT Office of Security (M–40) or a DOT organization delegated authority by M–40. Where a proposed contractor employee is denied agency access by the Government or, if for any reason a proposed application is withdrawn by the Contractor during the agency access process, the additional costs and administrative burden for conducting additional background investigations caused by a lack of effective prescreening or planning on the part of the Contractor may be considered as part of the Contractor's overall performance evaluation.

(h) Identification card application process. The COR will be the DOT ID card Sponsor and point of contact for the Contractor's application for a DOT ID card. The COR shall review and approve the DOT ID card application before an ID card is issued to the applicant. An applicant may be issued either a Personal Identity Verification (PIV) card that meets the standards of Homeland Presidential Security Directive (HSPD–12), or an applicant may be issued a non-PIV card. Generally, a non-PIV card will be issued for contracts that expire in six months or less, including option periods. The COR may request the issuing office to waive the six-month eligibility requirement when it is in DOT's interest for contract performance. The following applies—

(1) PIV card. The applicant must complete a DOT on-line application for a PIV card;

(2) Non-PIV card. The applicant must complete and submit a hard copy of Form 1681 to the COR/Sponsor; and

(3) Regardless of the type of card to be issued (PIV or non-PIV), the applicant must appear in person to provide two forms of identity source documents in original form to DOT. The identity source documents must come from the list of acceptable documents included in Form F–9, OMB No. 1115–0136, Employment Eligibility Verification. At least one document must be a valid State or Federal government-issued picture identification. For a PIV card, the applicant may be required to appear in-person a second time for enrollment and activation.

(i) Identification card custody and control. The Contractor is responsible for the custody and control of all forms of government identification issued by DOT to contractor employees for access to DOT facilities, sensitive information, information systems and other DOT resources. The Contractor shall:

(1) Provide a listing of personnel for whom an identification (ID) card is requested to the COR or PM who will provide a copy of the listing to the card issuing office. This may include Contractor and subcontractor personnel. Follow issuing office directions for submittal of an application package(s).

(2) While visiting or performing work on a DOT facility, as specified by the issuing office, PM or COR, ensure that contractor employees prominently display their ID card.

(3) Immediately notify the COR or, if the COR is unavailable, the Contracting Officer when a contractor employee's status changes and no longer requires agency access (e.g., employee's transfer, completion of a project, retirement, removal from work on the contract, or termination of employment) that may affect the employee's eligibility for access to the facility, sensitive information, or resources.

(4) Promptly deliver to the issuing office: (a) all ID cards assigned to an employee who no longer requires access to the facility; and (b) all expired ID cards within five (5) days of their expiration or all cards at time of contract termination, whichever occurs first.

(5) Immediately report any lost or stolen ID cards to the issuing office and follow its instructions.

(i) The Contractor is responsible for maintaining and safeguarding the DOT ID card upon issuance to the contractor employee. The Contractor must ensure that contractor employees comply with DOT requirements concerning the renewal, loss, theft, or damage of an ID card. The Contractor must immediately notify the COR or, if the COR is unavailable, the Contracting Officer when an ID card is lost, stolen or damaged.

(ii) Failure to comply with the requirements for custody and control of DOT ID cards may result in withholding final payment or contract termination based on the potential for serious harm caused by inappropriate access to DOT facilities, sensitive information, information systems or other DOT resources.

(iii) Specific actions and activities are required in certain events—

(A) Renewal. A contractor employee's DOT issued ID card is valid for a maximum of three years or until the contract expiration date (including option periods), whichever occurs first. The renewal process should begin six weeks before the PIV card expiration date. If a PIV card is not renewed before it expires, the contractor employee will be required to sign-in daily for facility access and may have limited access to information systems and other resources.

(B) Lost/stolen. Immediately upon detection, the Contractor or contractor employee must report a lost or stolen DOT ID card to the COR, or if the COR is unavailable, the Contracting Officer, the issuing office, or the local servicing security organization. The Contractor must submit an incident report within 48 hours, through the COR or, if the COR is unavailable, the Contracting Officer, the issuing office, or the local security servicing organization describing the circumstances of the loss or theft. The Contractor must also report a lost or stolen PIV card through the DOT on-line registration system. If the loss or theft is reported by the Contractor to the local police, a copy of the police report must be provided to the COR or Contracting Officer. From the date of notification to DOT, the Contractor must wait three days before getting a replacement ID card. During the 3-day wait period, the contractor employee must sign in daily for facility access.

(C) Replacement. An ID card will be replaced if it is damaged, contains incorrect data, or is lost or stolen for more than 3 days, provided there is a continuing need for agency access to perform work under the contract.

(D) Surrender of ID cards. Upon notification that routine access to DOT facilities, sensitive information, information systems or other DOT resources is no longer required, the Contractor must surrender the DOT issued ID card to the COR, or if the COR is unavailable, the Contracting Officer, the issuing office, or the local security servicing organization in accordance with agency procedures.

(j) Flow down of clause. The Contractor is required to include this clause in any subcontracts at any tier that require the subcontractor or subcontractor's employees to have access to DOT facilities, sensitive information, information systems or other resources.

(End of clause)