The General Services Administration's (GSA) office of inspector general has offered recommendations to help GSA improve its management of personal identity verification cards being issued to contract employees to access the agency’s information technology systems and buildings.

GSA’s deputy administrator should take measures to properly account for issued PIV cards, such as recovering and terminating all access cards from former contract employees, updating records in the Credential and Identity Management System for contract personnel and reporting to the Department of Homeland Security (DHS) any unauthorized possession of PIV cards, OIG’s office of audits said in a report published Wednesday. 

The report also recommended collaboration between staff offices and heads of services to facilitate the implementation of new and existing policies when it comes to PIV cards by developing procedures to recover PIV cards and requiring training on card recovery and issuance for employees involved in processing access cards, among others. 

OIG made the recommendations after it found that GSA failed to account for about 15 thousand access cards issued to contracting personnel and retrieve more than half of the 445 PIV cards from employees who did not pass their background checks. 

“GSA’s poor management and oversight of these cards raises significant security concerns because the cards can be used to gain unauthorized access to GSA buildings and information systems, placing GSA personnel, federal property, and data at risk,” the report states.