SynchroSIP – USAccess Service Infrastructure Provider

A COTS USAccess SIP solution for automating sponsorship, adjudication, and CDM reporting.

SynchroSIP* is a COTS Service Infrastructure Provider (SIP) solution, developed by SynchroCyber, that provides a bi-directional client-agency interface with USAccess. It allows agencies to create, update, and query sponsorship and adjudication data for PIV applicants while meeting business and functional requirements exposed through the USAccess SIP.

* Agencies must subscribe to this service through the GSA USAccess MSO for SynchroSIP to operate, and a federal agency must own the connection IP range.

What SynchroSIP Does

SynchroSIP enhances agency credentialing operations by automating key USAccess sponsorship, adjudication, and identity synchronization workflows.

Engineering trust across people, systems, and facilities.

Automates PIV sponsorship and adjudication workflows

Synchronizes identity data between agency systems and USAccess

Provides API and on-demand functions for operational flexibility

Maps agency attributes to DHS CDM MUR fields

Converts Base64 certificate data returned by USAccess into a human-readable format

Supports AD mapping and certificate-based authentication (KB5014754)

Why This Matters

For agencies using USAccess, PACS systems require timely and accurate identity and credential data to maintain secure physical access control. Integrating SynchroSIP allows PACS vendors to deliver out-of-the-box support for:

PIV cardholder onboarding
Access revocation
Suspended or revoked credential actions
ICAM-aligned identity lifecycle changes
Improved auditability and reduced manual workload

This integration empowers PACS vendors to offer agencies a more secure, automated, and ICAM-compliant physical access solution.

how synchrosip enables PACS vendors

SynchroCyber partners with PACS manufacturers and OEMs to embed USAccess-ready identity workflows directly into their products.

Automated PACS provisioning: Create new PACS user records using authoritative identity and credential attributes retrieved from USAccess via SIP.
Continuous lifecycle updates: Keep PACS identity and access data aligned with real-time PIV card status changes (issued, renewed, suspended, revoked, or terminated).
Attribute Mapping: Translates USAccess identity, credential, and lifecycle fields into each PACS vendor’s data model, enabling accurate ICAM-aligned behavior.
Accurate access lifecycle: Ensure PACS always reflects the current status of federal PIV cardholders—no manual updates required.
Standards alignment: Support FIPS 201 –compliant provisioning, USAccess, and agency ICAM modernization requirements.

This allows PACS vendors to deliver federal-ready, ICAM-aligned provisioning support with minimal engineering lift—and positions their PACS products more competitively for federal acquisition.

USAccess Integration Support for PACS Vendors

Federal agencies that use USAccess require accurate, real-time identity and credential data inside their Physical Access Control Systems. PACS vendors who integrate with SynchroSIP can deliver this capability out of the box—making their solutions more attractive, more compliant, and easier for agencies to adopt.

Sponsorship & Adjudication Functions

The SynchroSIP web service operates as the way for agencies to connect with the USAccess system and supports the following sponsorship and adjudication functions:

Create a new employee or contractor data record
Update an employee or contractor data record
Query an existing employee or contractor’s information
Query for a list of modified applicants within a specified time range
Query for a list of role holders within the agency
Query for checking if an applicant already exists within USAccess
Query or take card action for the applicant
Take post-issuance action on applicant credentials
Delete erroneous records from USAccess
Mark terminated credentials destroyed
Request USAccess to submit the Electronic Fingerprint Transaction System (EFTS) to the Defense Counterintelligence and Security Agency (DCSA) as part of the background investigation process.

Version & Compliance

The current SynchroSIP interface is compatible with USAccess SIP version 4.11 (February 2025).

Security

SynchroSIP is built using Microsoft Windows Communication Foundation (WCF) in the .NET framework and uses a custom Simple Object Access Protocol (SOAP) binding that fully implements WS-Security per the WS-Trust specification. This includes:

SOAP signatures to ensure message integrity

SOAP encryption to ensure message confidentiality

SOAP security tokens to authenticate the sender

When a certificate is installed on the database server, the connection between the SynchroSIP client and the database can also be encrypted, providing end-to-end protection for data in transit.

SynchroCyber Corporation

Download the SynchroSIP Service Level Agreement

Download the SynchroSIP Capability Statement

SynchroSip Modules

SynchroSIP is composed of modular components:

SynchroSIP Module – Runs as a service providing scheduled updates to agency data. Translates and maps USAccess values to DHS CDM values to assist with Master User Record (MUR) reporting. Agency data access is scoped by NIST SP 800-87 codes.
SynchroSIPAPI Module – A REST API interface that invokes USAccess SIP web methods on demand, rather than waiting for the next scheduled update.
SynchroSIPAD Module – Queries Microsoft Active Directory and maps users to DHS CDM values. For certificate-based authentication, it can map fields from the PIV Authentication Certificate to AltSecID fields in AD to support Microsoft Security Update KB5014754.
SynchroSIPOD Module – Provides true on-demand updates for user-selected time windows (e.g., since a specific date), specific NIST SP 800-87 components, or individual users by USAccess Person ID.
SynchroSIPGUI Module – A web GUI for visualizing and reporting on the data in the SynchroSIP database, with standard and custom reports based on USAccess SIP attributes and role-based permissions.