Chemical Safety and Hazard Investigation Board--Interagency Agreement with the General Services Administration
B-318425, Dec 8, 2009
The Chemical Safety and Hazard Investigation Board (CSB) has requested a decision regarding the use of CSB's fiscal year 2009 appropriation for a proposed interagency agreement (IA) with the General Services Administration (GSA). Letter from General Counsel, CSB, to General Counsel, Government Accountability Office (GAO), June 29, 2009 (CSB Letter). At issue in this decision is whether services to be provided by GSA are severable or nonseverable, and whether the proposed IA would violate the Antideficiency Act. The proposed IA, with no agreed-upon period of performance, exposes CSB to an unknown and unlimited liability, and to a liability for services properly chargeable to a future fiscal year appropriation, and therefore, is not permissible under the Antideficiency Act.
B-318425, Chemical Safety and Hazard Investigation Board--Interagency Agreement with the General Services Administration, December 8, 2009
The Chemical Safety and Hazard Investigation Board's (CSB) fiscal year 2009 appropriation is not available to fund a proposed interagency agreement (IA) with the General Services Administration (GSA). Under the agreement, GSA would provide CSB with Personal Identity Verification cards, and related maintenance services, to implement Homeland Security Presidential Directive-12. The proposed IA, as currently drafted, does not specify a period of performance for the agreement or for the services and creates an open-ended obligation. CSB cannot obligate fiscal year appropriations to pay for card maintenance services to be performed in future fiscal years if those services are severable, or recurring, in nature.
The Chemical Safety and Hazard Investigation Board (CSB) has requested a decision regarding the use of CSB's fiscal year 2009 appropriation for a proposed interagency agreement (IA) with the General Services Administration (GSA). Letter from General Counsel, CSB, to General Counsel, GAO, June 29, 2009 (CSB Letter). At issue in this decision is whether services to be provided by GSA are severable or nonseverable, and whether the proposed IA would violate the Antideficiency Act. The proposed IA, with no agreed-upon period of performance, exposes CSB to an unknown and unlimited liability, and to a liability for services properly chargeable to a future fiscal year appropriation, and therefore, is not permissible under the Antideficiency Act.
Our practice when rendering decisions is to obtain the views of the relevant agency to establish a factual record and the agency's legal position on the subject matter of the request.  CSB included in its request for a decision its legal views and relevant factual material. GSA provided its views in a telephone conference on July 31, 2009. 
CSB is an independent agency created by the Clean Air Act Amendments of 1990 and is charged with, among other things, investigating chemical accidents and issuing reports regarding the safety of chemical production, processing, handling, and storage. CSB is authorized to enter into contracts or other transactions that may be necessary in the conduct of its functions and duties. For fiscal year 2009, CSB received a $10.199 million appropriation for necessary expenses in carrying out the Clean Air Act responsibilities. Omnibus Appropriations Act, 2009, Pub. L. No. 111-8, div. E, title III, 123 Stat. 524, 739 (Mar. 11, 2009). The proposed IA would be funded through the GSA Acquisition Services Fund (ASF) which is managed in accordance with 40 U.S.C. sect. 321. CSB had anticipated obligating $5,121.00 of its fiscal year 2009 appropriations for services performed in fiscal year 2009.
Under the proposed IA, GSA would assist CSB's implementation of Homeland Security Presidential Directive-12 (HSPD-12), supporting CSB's issuance and maintenance of Personal Identity Verification (PIV) credential cards. HSPD-12 directed the establishment of a mandatory, governmentwide standard for secure and reliable forms of identification credentials issued by the federal government to its employees and contractors. As required by HSPD-12, the Department of Commerce's National Institute of Standards and Technology (NIST) issued Federal Information Processing Standard 201-1, Personal Identity Verification of Federal Employees and Contractors (FIPS 201), the federal standard for secure and reliable forms of identification. FIPS 201 provides a PIV system overview that describes the activities that occur during the lifecycle of the card, including the discrete activities to be provided: PIV card issuance and PIV card maintenance. The full range of activities consists of: PIV card request, identity proofing and registration, Public Key Infrastructure (PKI) issuance, PIV card usage, PIV card maintenance, and PIV card termination. Under FIPS 201, PIV card issuance deals with the personalization of the card and issuance of the card to the intended applicant; PIV card maintenance deals with the maintenance or update of the physical card and the data stored thereon.
Maintenance of the PIV card consists of annual maintenance, including daily maintenance to support usage, and the renewal of the PKI certificate. In describing PIV card maintenance, FIPS 201 includes not only renewal of the PKI certificate but also includes maintenance or update of the card applications, PIN, and biometrics. PIV maintenance may also be related to the daily PIV card usage and use of the PIV card for access. Section 1.1.1 of the proposed IA refers to "annual" maintenance and the GSA price list describes the maintenance charge as "PIV Credential Annual Maintenance." Under the proposed IA and the GSA price list, the maintenance of the PIV cards is priced on a monthly basis, as opposed to a flat fee covering the entire lifecycle of the PIV card. The proposed IA does not specify any period of time for the agreement or for the services.
Section 1.8.1 of the proposed IA gives rise to CSB's request for this decision. It states:
"The existence of a defined requirement (bona fide need) at the time the IA is executed forms the basis for the incurring and recording of a financial obligation on the part of the client. This obligation likely remains in force across fiscal year boundaries until the specified services are delivered."
CSB views GSA's services as severable services, recurring in nature, and is concerned that this provision, together with the fact that there is no definite service period set out in the IA, exposes it to uncertain liability in violation of the bona fide needs rule and the Antideficiency Act. GSA's view is that the services under the proposed IA are nonseverable because CSB is acquiring a PIV credential card life cycle that consists of a bundle of tasks (application, credential card issuance, and card maintenance), none of which would have value, standing alone, because the PIV card includes a PKI certificate that needs to be renewed at least once during the lifetime of the card.
To address its concerns, CSB provided GSA with two alternative approaches for restructuring the proposed IA. First, CSB proposed a 1-year agreement with the option to procure services for subsequent 1-year periods. Alternatively, CSB proposed an umbrella memorandum of understanding, in the nature of a task order contract, with addenda to be executed annually. GSA declined to adopt either approach; both alternatives, GSA said, are inconsistent with its business model.
CSB, operating with fiscal year appropriations, has raised Antideficiency Act and bona fide needs concerns with the proposed IA and questions whether it can obligate appropriations available for one fiscal year to pay for services to be performed in a future fiscal year if those services are severable. In a related concern, CSB also questions whether the absence of a definite service period in the proposed IA may expose it to uncertain liability.
CSB would not be able to obligate fiscal year appropriations to pay for services to be performed in future fiscal years if those services are severable, or recurring, in nature. A fiscal year appropriation, like CSB's appropriation, is available only to fulfill a bona fide need of the period of availability for which it was made. 31 U.S.C. sect. 1502(a); B-240264, Feb. 17, 1994. A nonseverable service is considered a bona fide need at the time the agency orders the service and, therefore, should be charged to an appropriation current at the time the agency enters into the contract. Severable services, which are recurring in nature, are bona fide needs each time the service is rendered, and obligations for severable services should be charged to appropriations current at the time the service is performed. Id.
Daily and annual maintenance is critical to preserving the utility of the credential card, and renewal of the PKI certificate is necessary if the card is to be useful for the maximum 5-year period permitted by FIPS 201. However, these services are performed on a periodic, recurring basis and we view them as severable in nature. In 1991, we held that the maintenance of scientific equipment constituted continuing and recurring services designed to meet the continuing operating needs of the agency; as severable services they were properly chargeable to appropriations for the fiscal year in which the portion of the services were needed. B-253086, Apr. 24, 1991; see also B-282601, Sept. 27, 1999.
In another case with circumstances similar to those at issue here, we examined whether the Defense Logistics Agency (DLA), using fiscal year appropriations, could enter into a proposed multiyear contract for both supplies and services. 67 Comp. Gen. 190 (1988). The proposed contract called for the supply, storage, and rotation of sulfadiazine silver cream. The contractor was required to (1) supply stocks of the cream and (2) to maintain those stocks by rotating them as necessary to assure that DLA would always have fresh supplies available. The supply portion of the contract did not extend beyond the first year of the contract. However, the storage and rotation services of the contract were to extend for 5 years. We held that DLA lacked the necessary statutory authority to engage in a multiyear procurement with fiscal year appropriations for the storage and rotation services, because these services were severable and recurring services that should be charged under the bona fide needs rule to the appropriation current at the time services are provided. See id.
Similar to DLA's contract for supplies and services, the proposed IA calls for two discrete undertakings: production of the PIV cards (consisting of credential application and card issuance) and the maintenance services for those cards. PIV card maintenance is a recurring service, analogous to DLA's storage and rotation services, that includes annual maintenance, consisting of daily maintenance to support usage, and renewal of the PKI certificate. Therefore, maintenance of the PIV cards is a severable service and the recurring need for maintenance becomes a bona fide need at the time the service is rendered and should be charged to the appropriations current at that time.
The proposed IA does not specify a period of performance for the agreement or for the services and does not specify the price for products and services to be provided under the agreement. It states only that payments are to be made in accordance with "current" GSA pricing. Under the proposed IA, as currently drafted, CSB would not be able to determine the amount of funds to obligate. An agency, without statutory authority otherwise, may not enter into an open-ended obligation, whether resulting from an interagency agreement or a contract. B-308944, July 17, 2007; see also B-196109, Oct. 23, 1979. The proposed IA, with no agreed-upon period of performance or price, exposes CSB to an unknown and unlimited liability. The Antideficiency Act, codified in part at 31 U.S.C. sect. 1341, prohibits the government from incurring obligations in excess or advance of available appropriated funds, including a multiyear procurement such as the one at issue here, that obligates an agency to pay for severable services to be performed in future fiscal years. 31 U.S.C. sect. 1341(a)(1)(B); B-224081, Jan. 15, 1988; see B-259274, May 22, 1996.
There would be no legal objection to a provision in the IA, as CSB has proposed, that would reserve to CSB an option to renew the agreement for continuing services from year to year. See 29 Comp. Gen. 451, May 10, 1950. Accordingly, if the proposed IA were revised to reflect either of the two alternative approaches proposed by CSB (a 1-year agreement with the option to procure services for subsequent 1-year periods, or an umbrella memorandum of understanding, with orders to be executed annually), it would not violate the Antideficiency Act.
Lynn H. Gibson
Acting General Counsel
 Telephone Conversation between Senior Assistant General Counsel, GSA; Financial Manager, GSA; Assistant General Counsel for Appropriations Law, GAO; and Senior Staff Attorney, GAO, July 31, 2009 (GSA Conversation).
 42 U.S.C. sect. 7412(r)(6).
 42 U.S.C. sect. 7412(r)(6)(N).
 For fiscal year 2010, CSB received a $11.147 million appropriation for necessary expenses in carrying out the Clean Air Act responsibilities. Department of the Interior, Environment and Related Agencies Appropriations Act, 2010, Pub. L. No. 111-88, title III, 123 Stat. 2904, 2949 (Oct. 30, 2009).
 GSA is authorized to provide procurement and supply services to executive agencies. 40 U.S.C. sect. 501. The proposed IA states that reimbursement will be deposited into the GSA ASF. Section 321 establishes the ASF, an intragovernmental revolving fund in the Treasury, that is credited with reimbursements, advances, and refunds or recoveries relating to personal property or services procured through the ASF. The ASF is available for use by GSA for procuring, among other things, personal property and nonpersonal services. An interagency agreement, such as the proposed IA in this case, that is funded through an intragovernmental revolving fund, is akin to a contract and the obligational consequences are the same as if it were a contract. See B-302760, May 17, 2004.
 Telephone Conversation between Attorney-Advisor, CSB, and Senior Staff Attorney, GAO, Aug. 13, 2009.
 In February 2008, GAO issued a report about the progress of agencies in implementing and using the capabilities of PIV cards. GAO, Additional OMB Leadership Needed to Optimize Use of New Federal Employee Identification Cards. GAO-08-292 (Washington, D.C.: Feb. 2008).
 This decision uses the term "PIV card application" that includes PIV card request, identity proofing and registration, as described in FIPS 201.
 The Federal Public Key Infrastructure (PKI) uses a security technique called Public Key Cryptography to authenticate users and data, protect the integrity of transmitted data, and ensure non-repudiation and confidentiality. HSPD-12 acquisition guidance, available at www.idmanagement.gov (last visited Dec. 3, 2009); see OMB Memorandum No. M-06-18, Acquisition of Products and Services for Implementation of HSPD-12 (June 30, 2006).
 National Institute of Standards and Technology, Federal Information Processing Standards Publication 201-1 (FIPS 201), Personal Identity Verification of Federal Employees and Contractors, Mar. 2006, at 1314.
 FIPS 201 states that the PIV card shall be valid no more than 5 years. According to GSA, if a card is to be used for 5 years, the PKI certificate must be renewed sometime within that 5-year period. GSA Conversation. However, to satisfy FIPS 201, an agency does not have to acquire and use cards for 5 years and if the PIV card is used for a shorter period, PKI renewal may not be necessary. See FIPS 201, at 39.
 FIPS 201, at 1314.
 GSA, HSPD-12 Shared Services Provider II Contract Managed Services Program for Identity Management, FY08FY09 USAccess Program Pricing, at 1 (GSA price list).
 CSB Letter, at 2.
 GSA Office of General Counsel Memorandum for GSA Financial Manager, Severability of servicesHSPD 12 contract, Dec. 19, 2008. GSA explains that renewing the PKI certificate requires the PKI signing key that created the original certificate; this signing key is available only from the HSPD-12 contractor that issued the card, and in most circumstances, the contractor would not be willing to transfer the key.
 GSA Conversation.
 Whether a contract is for severable or nonseverable services affects how the agency may fund the contract. B'317139, June 1, 2009.
 Proposed IA, at 1, Box 9.
 The only indication of a time period is in the provision relating to the rental of equipment, if necessary, which is a 3-year period. Id. at 2, Section 1.1.1.
 The proposed IA states that the bill will be based on current pricing and processed on a monthly basis. Billing will occur as services are rendered. Id. at 1, Box 11.
 In B-308944, we found that because of a lack of specificity, an interagency agreement did not constitute an obligation of the agency's appropriation.