XTec Inc. secured a potential $177.2 million task order from the General Services Administration (GSA) to modernize and manage the government-wide credentialing service known as USAccess. This critical 10-year contract positions XTec to steer the federal identity program into its next generation, officially dubbed the HSPD-12 Core Service Next Generation USAccess 2.0.
The modernization effort impacts over 100 federal agencies that currently rely on USAccess to issue and manage approximately 600,000 Personal Identity Verification (PIV) cards. These PIV cards serve as the standardized, secure identification required for federal employees and contractors under Homeland Security Presidential Directive-12 (HSPD-12).
XTec will immediately transition the service away from legacy infrastructure by designing a modular, agile architecture. This transformation focuses heavily on adopting modern identity protocols, including SAML 2.0, OpenID Connect, OAuth 2.0, and REST APIs. Critically, the system will move beyond physical smart cards to enable alternatives like mobile, derived, and password-less credentials, ensuring the government’s identity management systems remain secure and flexible as technology evolves.
The GSA specifically chose this path to streamline identity proofing, credential issuance, and authentication workflows across the federal enterprise. This significant award signals a clear governmental emphasis on secure, service-oriented identity platforms that prioritize scalability and shared infrastructure over outdated, tightly coupled systems.
The Zero Trust Mandate
This USAccess 2.0 award represents more than just a contract; it is a foundational step toward true Zero Trust Architecture (ZTA) across the federal government. The core principle of ZTA is “never trust, always verify,” and that verification starts with a strong identity.
If your agency relies on USAccess, consider how this shift to modern protocols and derived credentials will immediately impact your security posture and network access strategy. Are your IT systems prepared to integrate with the new API-first approach? Are you planning for the eventual reduction in reliance on physical PIV card readers in favor of mobile solutions? This transition demands careful planning from every agency involved to fully realize the security and efficiency gains that GSA and XTec are building into the new system.
