COR Quarterly News - U. S. Army Training Support Center

COR Quarterly News 

____________________________________________________________________________________________________________________________________________________________ 

Mission Installation Contracting Command, Mission Contracting Office (MCO) - Fort Eustis 

[Joint Base Langley-Eustis] 

COR Quarterly Newsletter For Apr – Jun 2011 

MOTTO: Striving for Improvement 

DoD Contractors 

And The 

Contractor Verification System 

 

 

In This Issue! 

‣ What is the Contractor 

Verification System (CVS)? 

‣ Advantages and Benefits of 

Using CVS 

‣ CAC Eligibility Criteria 

‣ The Trusted Agent (TA) 

‣ CACs Are Specific To A 

Contract 

‣ CAC Request Memo For Record 

‣ Proposed Rules 

‣ CVS/CAC Approval Process 

‣ Contractors Must Be On the Up- 

N-Up! 

‣ The Information Protection 

Office 

‣ Contractor Responsibilities 

‣ Audit Findings 

‣ Lessons Learned 

‣ Synchronized Pre-Deployment 

and Operational Tracker 

(SPOT)

MICC MCO – Fort Eustis, VA COR Quarterly News – Apr 2011 - Jun 2011 

What is The Contractor 

Verification System (CVS)? 

‣ CVS is a web-based system that allows DoD 

contractors to register for a Common Access 

Card (CAC) electronically via the internet. CVS 

came into existence for DoD contractors in 

October 2000. Eligible contractors are those 

requiring physical access to the interior of certain 

escorted and/or unescorted facilities and logical 

access to DoD network information systems. 

‣ CVS is maintained by the Defense Manpower 

Data Center (DMDC) Card Technology and 

Identity Solutions (CTIS) and Personnel Identity 

Protection (PIP) office in Monterey, CA. It is 

the primary source for identification and 

authentication of people in DoD. 

‣ MYTH: All contractor employees must have a 

CAC to enter into and work at DoD government 

installations. 

‣ FACT: A CAC is not required for all 

contractor employees to enter into and work at 

DoD installations. The CAC is used as a form of 

identification that allows contractor entrance to 

the “INTERIOR ONLY” of DoD facilities and 

controlled spaces. The CAC serves as a means 

of electronic authentication by consolidating 

multiple credentials and data to be used for 

network security and secure email 

communication. 

‣ The CAC will not be issued nor network 

accounts created until DoD contactors are inprocessed 

through the Information Protection 

Office (Security Office). 

‣ CVS automated the DD Form 1171-2 process. 

‣ CVS serves as the authoritative data-feed for 

DoD contractor data into the Defense Enrollment 

Eligibility Reporting System (DEERS). 

‣ Homeland Security Presidential Directive-12 

(HSPD-12) requires that federal departments and 

agencies ensure temporary contractors and their 

employees have limited/controlled physical 

access to facilities and logical access to networks 

and information systems. 

Advantages and Benefits of Using CVS 

‣ Greatly reduces potential security violations. 

‣ Greatly reduces fraudulent issuance of the 

CAC. 

‣ Reduces data entry and security errors made 

during the use of the manual paper process. 

‣ Makes the process paperless. 

‣ Improves management of contractors and 

installation access. 

‣ Reduces CAC issuance and cancellation time. 

‣ Provides convenient application using the 

internet. 

‣ Reduces time required to initiate CAC. 

‣ Reduces the potential for fraud. 

‣ Automatically updates the DEERS 

database with contractor information. 

‣ Preserves integrity and accuracy of the 

DEERS database. 

‣ Ensures compliance with the Government 

Paperwork Elimination Act. 

‣ Provides periodic online re-verification of 

contractor CAC requirement. 

2


CAC Eligibility Criteria 

‣ Verification of DoD affiliation from DEERS. 

‣ Favorable approval of background vetting 

requirements: 

Federal Bureau of Investigation (FBI) 

fingerprint check. 

Completion of National Agency Check 

with Inquiries (NACI) background 

security check. 

‣ Must meet access requirements: 

Individual(s) require access to DoD 

facilities and networks on site or remotely 

for six months or more. 

Individual(s) require access to both DoD 

facilities and or networks on site or 

remotely or six months or more. 

Individual(s) requires remote access to 

both DoD networks that use only the CAC 

logon for user authentication. 

‣ Contractors who have multiple personnel 

categories (e.g., a reservist and contractor or 

government retiree and contractor), should be 

issued a separate CAC for “EACH” category in 

which they are eligible. 

‣ The contractor will only receive a CAC when 

their application has received favorable approval. 

‣ If the contractor was provided an interim 

CAC while awaiting approval of his background 

vetting requirements, and there is an unfavorable 

reply, the contractor’s CAC will be revoked at 

once. 

‣ Credentials 

The Trusted Agent (TA) 

Must be a CAC holder capable of 

sending and receiving digitally signed 

and encrypted e-mails. 

Must be a DoD uniformed service 

member or DoD civilian government 

employee. 

Can be a COR but not for a contract they 

currently administer. 

‣ Responsibilities 

Approves, rejects, or revokes contractor 

applications. 

Provides contractor access to CVS. 

Establishes the contractor’s need and 

DoD affiliation for logical and physical 

access to a DoD network or facility 

approval. 

Re-verifies the contractor’s affiliation 

with DoD every six months. 

Completes annual CVS certification 

training. 

Confiscate contractor employees CACs 

when any of the following occur: 

o Upon completion of the 

contractor’s employment. 

o Upon completion or termination of 

the contract. 

o The contractor is no longer eligible 

to receive the card. 

3


CACs Are Specific To A Contract! 

‣ Did you know that CACs are issued and must 

correspond with the “current” contract number 

awarded to a contractor? Did you know that 

when a contract expires and the contractor 

receives a follow-on contract, the contractor and 

its employees must receive a “NEW” CAC 

issued for the “NEW” contract number? 

‣ For a re-issued CAC, the contractor must restart 

the approval process. The process should 

start in ample time to ensure that all security 

requirements have been met by the starting date 

of the new contract. 

‣ If the contractor has not received CAC 

approval by the starting date of the new contract, 

the COR “WILL NOT” allow the contractor 

to start work without the proper security 

clearances. It is a serious security violation 

when the contractor is allowed to work without 

proper security approval. 

‣ At a time when security is of the utmost 

importance for federal and government 

installations in the United States, would you, as a 

COR put your job (and maybe retirement) in 

jeopardy by allowing the contractor to start work 

if he has not been approved for facility or 

network access? 

‣ CACs are electronically deactivated so they 

can no longer be used to allow access to DoD 

installations and network systems. 

CAC Request Memo for Record 

‣ The COR may provide an access request 

package to the TA for a CAC. It may consist of 

the following documents: 

 

Personnel Security Investigation Portal 

(PSIP) Worksheet 

 

 

 

Copy of the Performance Work Statement 

(PWS) 

COR Appointment Letter 

COR Training Certificates 

‣ The memo request for a CAC issuance or 

renewal may read something like this: 

Request a CAC Card for Mr. Dust N. 

Mop, Contractor JUST BECAUSE IT’S 

CLEAN for Custodial Services, W911S0-25- 

D-0999, Task Order #0999. 

Request approval to issue Mr. Dust N. 

Mop a Common Access Card (CAC) for 

logical and physical access to DoD facilities 

in performance of his contractual duties. 

Attached is the Contractor's PSIP, Task 

Order Award, PWS, and my COR 

Appointment Letter and training certificates 

for your review and approval. 

If further information is required, please 

contact me as soon as possible to remedy any 

delay to this CAC request. 

Thanking you in advance for your prompt 

attention to this request. 

COR Am I. Clean 

Proposed Rules 

‣ GSA, DoD, and NASA have proposed rules 

(24 May 2010) that require agencies to ensure 

that any form of government-furnished 

identification (ID) provided to a contractor be 

returned as soon as the card is no longer needed 

to perform the contract work, or as soon as the 

contract is complete—whichever happens first. 

‣ This rule allows agencies/KO to withhold or 

delay final payment to contractors who fail to 

return “ALL” cards issued. 

4


CVS/CAC Approval Process 

‣ The COR receives a CAC request and 

completes a PSIP, to provide to the TA or 

security office who will determine CAC 

eligibility requirements. 

‣ The COR completes a registration request 

form and sends to the TA. 

‣ The TA verifies that the registration form is 

correct. 

‣ The COR and TA will verify that the contract 

has met security requirements by reviewing the 

TO/PWS and then cross-verification with the 

security office that the application has been 

approved thru DEERS. 

‣ The TA creates and submits an application in 

the CVS. 

‣ The COR/TA will receive an automated 

email notifying him/her that the application has 

been completed and is awaiting approval. 

‣ The TA will provide the contractor with a 

one-time log-in access password and other info 

so that he can submit his application in DEERS. 

‣ Upon confirmation from the Security Office, 

the TA will approve the CAC. An automated 

email will be sent to the contractor notifying 

him/her that the application has been approved. 

‣ The contractor has seven days to log-in to 

CVS or the system will automatically disable the 

application. 

‣ After the contractor completes an initial login, 

the TA has 30 days to review the application 

for errors and discrepancies and then approve or 

CVS will automatically disable the application. 

‣ The TA will return the application to the 

contractor with comments explaining errors and 

discrepancies if necessary. 

‣ Once the application is approved, the 

contractor has 90 days to have a card issued or 

CVS will automatically disable the application. 

‣ The CVS will send an automated e-mail to 

the contractor and the TA stating that the 

application was approved and tells the contractor 

where to go to get his CAC issued. 

‣ The contractor must verify that no other info 

is needed and he has met all requirements to 

receive a CAC before going to the Pass & ID 

office. 

‣ The contractor must present two forms of 

unexpired identification as a “claimed identity”. 

A claimed identity is an ID (i.e., driver’s license 

or state ID) that you carry on your person to 

verify that “you are who you say you are”. Other 

acceptable forms of ID include Passport, Birth 

Certificate, Social Security card, or Voter's 

Registration card. 

‣ The contractor receives a CAC. 

‣ Once approved, the TA must review or reverify 

the application to re-validate the card each 

six months. 

‣ The COR: 

Validates facility or network access 

requirement via the contract. 

Validates access requirements to classified 

information and/or buildings via the contract. 

Initiates DD Form 254 when required. 

Processes contractor personnel through the 

Organization’s Security Manager/S-2. 

5


‣ Information Protection Security Manager: 

Checks JPAS for Visit Request (VRs). 

Submits the PSIP Form via email after 

contract personnel has been in-briefed. 

Contractors Must Be on the Up-N-Up! 

‣ The “contractor’s business” credentials must 

first be cleared by the installation Information 

Protection Office (IPO). In other words, the 

business must have clean hands before his 

employees are approved. Once the business has 

been determined to be eligible for a CAC, the 

TA will review, approve, and/or reject each 

individual contractor employee whose names are 

provided to the TA. 

‣ The TA is responsible for ensuring that 

“background vetting requirements” have been 

met before final approval. 

‣ The contractor must complete an approved 

FBI fingerprint check. 

‣ The contractor must complete a criminal 

background and Citizenship & Immigration 

Status Checks to ensure that they are eligible to 

be on the installation. 

‣ A favorable National Agency Check with 

Inquiries (NACI) background security check or a 

DoD determined equivalent investigation is 

required. The contractor will receive an interim 

security clearance until the final results have 

been completed. 

The Information Protection Office (IPO) 

‣ The IPO is the security office with a new 

look. 

‣ Once the PSIP has been received, the IPO 

will check DEERS for the appropriate 

background investigation and/or eligibility. 

‣ If FBI fingerprinting is required, an 

appointment is scheduled. Once the results of 

the FBI investigation are approved, contractor 

personnel will be eligible for CAC issuance. A 

CAC approval memo will be forwarded to the 

organization's security manager. 

‣ The security manager will notify the COR 

and/or TA if the contactor has been approved or 

rejected. 

‣ The CAC must be “re-verified or re-reviewed 

every six months by the TA to ensure that the 

contractor is still entitled to a CAC. 

‣ The ultimate responsibility for the CAC is 

the TA as the approving official. 

‣ If the contract has ended and the TA has 

made an effort to collect the CAC and has been 

unsuccessful, final payment to the contractor 

may be withheld. 

‣ The contract company MAY be potentially 

liable for any wrong actions of his employees in 

the misuse of the CAC. 

‣ Unauthorized use and possession of an 

official government identification card, such as 

the CAC, can be prosecuted criminally under 

section 701 of title 18, United States Code 

(U.S.C.) (Reference (t)), which prohibits 

photographing or otherwise reproducing or 

possessing DoD identification cards in an 

unauthorized manner, under penalty of fine, 

imprisonment, or both. 

6


Contractor Responsibilities 

‣ The contractor will provide the following 

info to the COR: 

LAST NAME: 

FIRST NAME: 

MIDDLE NAME: 

CADENCY (i.e., Jr, Sr, III): 

SSN: 

DATE OF BIRTH: 

E-MAIL: 

CONTRACT/TO NUMBER: 

CONTRACT END DATE: 

‣ Once the contractor has been approved, the 

contractor has seven days to log-in to establish a 

DEERS record with a temporary password or the 

system will automatically disable the applicant. 

‣ Once the application is approved, the 

contractor has 90 days to have a card issued or 

CVS will automatically disable the applicant. 

‣ Additional controls over contractor CACs 

were needed and existing controls needed 

improvement. 

‣ CACs should not remain in the control of 

private contractors when they no longer have a 

justifiable need for access to government 

facilities or networks. 

‣ Contractor CACs were not consistently 

approved, issued, re-verified, revoked, or 

recovered. This weakness poses a potential 

national security risk that may result in 

unauthorized access to DoD resources, 

installations, and sensitive government 

information worldwide. 

‣ Other issues included: 

 

 

Failing to complete consistent CAC reverification 

every six months. 

Failing to consistently approve, issue, reverify, 

or revoke the CAC. 

‣ Contractor personnel must notify their TA if 

their CAC becomes lost or stolen. They must 

include a memo for record documenting the 

circumstances that caused the card to be lost or 

stolen. 

Audit Findings 

‣ The use of CAC cards was examined in 

several Audit Reports (Department of Defense 

Office of Inspector General Report No. D-2008- 

114 July 24, 2008 and 2008 IG Report #D- 

2009-005, October 10). The most prevalent issue 

of the CAC is that they are not being confiscated 

by the approving official at the end of the 

contract. 

‣ DoD lacked procedures to ensure that CACs 

issued to contractors were deactivated and 

recovered by the government when contractor 

personnel no longer had a legitimate need for 

their use. 

 

 

 

 

 

 

Government’s failure to understand the 

responsibility of retrieving the CAC at 

the end of a contract. 

Contractor’s failure for not knowing or 

not understanding the responsibility of 

surrendering the CAC. 

Providing CACs without requiring 

sufficient background checks or receiving 

appropriate government approval. 

Inadequate evidence to link contractors to 

a contract. 

Inadequate evidence to justify CAC 

expiration date. 

The TA felt that it was not their job to 

recover the CAC. 

7


 

 

A large percentage of CACs were never 

accounted for or recovered 

Contractor employees were inadvertently 

classified as government employees on 

numerous forms. 

‣ Local commands, installations, and sponsors 

of contract support personnel and other eligible 

CAC holders shall establish procedures to ensure 

the retrieval of government furnished equipment 

(GFE). 

Lessons Learned 

‣ There is currently no contract clause or local 

statement to make contractors aware that “ALL” 

CACs must be returned upon contract 

completion. 

‣ A local statement may be placed in DoD 

contracts and in the COR appointment letter 

to encourage CAC recovery upon termination 

or completion of a contract. 

‣ CAC issuers changed information approved 

by government sponsors 

‣ Neither the KO nor the contracting office is 

responsible for any CVS related duties. 

‣ The KO is responsible for including the 

regulatory inclusion of FAR clause 52.204-9, 

Personal Identity Verification of Contractor 

Personnel, in all solicitations and contracts 

awarded after 3 January 2006, that require 

contractors to have physical access to a 

federally-controlled facility or access to a 

federally-controlled information system. 

‣ The Installation CVS TA (customer) may be 

included as an acquisition team member to 

ensure compliance with identity verification 

requirements for contract performance, when 

practicable. 

Synchronized Pre-Deployment and 

Operational Tracker (SPOT) 

‣ The Synchronized Pre-deployment and 

Operational Tracker (SPOT) has been designated 

as the Joint Enterprise contractor management 

and accountability system to provide a central 

source of contingency contractor information. 

Contractor companies are required to maintain 

by name accountability within SPOT while 

government representatives use SPOT for 

oversight of the contractors they deploy. 

‣ SPOT is used to identify and track all 

deploying government contractors in support of 

Operations IRAQI Freedom and Enduring 

Freedom through a CAC intended specifically 

for deploying contractors. Contractors will be 

required to be identified “prior” to deployment. 

SPOT became an idea when it was determined 

that contractors supporting the force needed 

accountability. The government would have 

visibility of their location, their capabilities, and 

their status. 

‣ SPOT will enable private industry to provide 

government contractors with credentials that are 

accepted as access to facilities and computer 

networks. 

‣ Providing CAC access to deploying 

contractors has been cumbersome in the past. 

SPOT access will provide information from 

corporate finance and personnel databases. 

Departure from theater and in-theater CAC 

scanners will be at entry points to installations, 

and facilities, and other areas. Additional time 

will not be spent completing “vetting 

requirements’ as it will have already been 

completed. 

‣ To learn more about SPOT, visit 

http://www.bta.mil/products/spot.html. 

8


SAMPLE 

PSIP Required Information Worksheet 

(Personnel Security Investigation Portal) 

SSN: Birth Date: (MM/DD/YYYY) 

Rank/Prefix (Dr., Ms., Mrs., Mr.) 

Last Name: 

First Name: Middle Name: (Initial Only / No Middle Name) 

Postfix/Suffix (i.e.: II, III, Jr.): 

Country of Birth State of Birth: City of Birth: 

Subject Contact Information: 

Email Address (AKO preferred): 

Secondary Email Address: 

Primary Phone: 

Secondary Phone: 

(Comm. / DSN / Overseas) 

(Comm. / DSN / Overseas) 

Organization/Unit Name: 

Organization/Unit UIC: 

Contracting Officer Representative (COR) Contact Information: 

Name: 

Email Address: 

Telephone Number: 

Contact Number: 

Company’s Name and Address: 

Name: 

Street: 

City: 

State: 

Zip Code: 

Telephone Number: _________________________ (Comm. / DSN/ Overseas) 

9


SAMPLE 

10


 

 

 

We Would Love To 

H 

From You! 

You Are Never Too Old To Learn! 

‣ For More CVS FAQs – (CLICK ”HELP”), 

visit https://www.dmdc.osd.mil/appj/cvs/login 

‣ For questions on the Virtual Contracting 

Enterprise (VCE) COR Training, consult 

your installation KO, contracting Quality 

Assurance Specialist, or COR Program 

Manager. 

‣ ACC COR Comprehension Training has 

already started at some installations. For the 

rest of us, it’s on the way!!! 

COR Self-Development 

Plan to attend COR Training 

….whether you need to or not! 

 

Camilla.tramuel@us.army.mil 

Camilla @ 757-878-3166 x3384 

OR 

Shirley.powell@us.army.mil 

Shirley @ 757-878-3166 x3386 

Visit our website @ 

http://www.aca-nrcc.eustis.army.mil/ 

Editor & Publisher, 

Camilla H. Tramuel 

COR Program Manager 

MICC Mission Contracting Office (MCO) 

Fort Eustis 

Acquisition Support Division 

2746 Harrison Loop 

Fort Eustis, VA 23604 

 

11

COR Quarterly News - U. S. Army Training Support Center

Create successful ePaper yourself

Delete template?

Save as template?