VA watchdog warns of security risks from undocumented PIV cards

PIV cards 

The Veterans Health Administration (VHA) is at increased risk of security breaches because it's not following requirements about documenting personal identity verification cards returned by contract personnel, according to a new inspector general report.

According to the report, a review of 46 professional service and health care resource contracts by the Veterans Affairs Office of Inspector General found that not one had the proper documentation to prove the contractors' personnel had returned their access cards. The IG report published on Tuesday warned that "even if subsequently detected, it could be too late to stop harm in the facility or the misuse or distribution of veterans’ personal information."

Federal Acquisition Regulation guidelines require contracting officers to maintain documentation indicating former contract personnel return PIV cards allowing them access to VA facilities and information systems following their tenure with the agency. The VHA has its own policy also calling for PIV cards to be tracked.

The IG asked VHA to ensure contracting officers record documentation ensuring PIV cards have been returned. Other recommendations called on the agency to establish periodic reviews and new "specific supervisory responsibilities" for contracting officer oversight around the PIV process.

VHA's acting chief Richard Stone agreed with the overall findings but contended in his response to the IG report that it was not the responsible party to oversee PIV processes. According to VHA, revising the process of tracking PIV card issuance and return could involve many offices and agencies including VA's Office of Information and Technology and the Office of Acquisition, Logistics and Construction. VHA said the VA's Identity, Credential and Access Management Executive Steering Committee "can more thoroughly assess the need and develop an agency-wide approach."

Security concerns around agency failures to document PIV returns have been previously reported throughout government, including at the General Services Administration, which failed to account for 15,000 access cards, according to a 2020 IG report.

About the Author

Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected