SynchroSIP – USAccess Service Infrastructure Provider

A COTS USAccess SIP solution for automating sponsorship, adjudication, and CDM reporting.

SynchroSIP* is a COTS Service Infrastructure Provider (SIP) solution, developed by SynchroCyber, that provides a bi-directional client-agency interface with USAccess. It allows agencies to create, update, and query sponsorship and adjudication data for PIV applicants while meeting business and functional requirements exposed through the USAccess SIP.

* Agencies must subscribe to this service through the GSA USAccess MSO for SynchroSIP to operate, and a federal agency must own the connection IP range.

What SynchroSIP Does

  • Automates PIV sponsorship and adjudication workflows
  • Synchronizes identity data between agency systems and USAccess
  • Provides API and on-demand functions for operational flexibility
  • Maps agency attributes to DHS CDM MUR fields
  • Converts Base64 certificate fields into a human-readable format
  • Supports AD mapping and certificate-based authentication (KB5014754)

Sponsorship & Adjudication Functions

The SynchroSIP web service operates as the way for agencies to connect with the USAccess system and supports the following sponsorship and adjudication functions:

  • Create a new employee or contractor data record
  • Update an employee or contractor data record
  • Query an existing employee or contractor’s information
  • Query for a list of modified applicants within a specified time range
  • Query for a list of role holders within the agency
  • Query for checking if an applicant already exists within USAccess
  • Request USAccess to submit the Electronic Fingerprint Transaction System (EFTS) to the Defense Counterintelligence and Security Agency (DCSA) as part of the background investigation process.
  • Query or take card action for the applicant
  • Take post-issuance action on applicant credentials
  • Delete erroneous records from USAccess
  • Mark terminated credential destroyed

SynchroSIP Modules

SynchroSIP is composed of modular components:

  • SynchroSIP Module – Runs as a service providing scheduled updates to agency data. Translates and maps USAccess values to DHS CDM values to assist with Master User Record (MUR) reporting. Agency data access is scoped by NIST SP 800-87 codes.
  • SynchroSIPAPI Module – A REST API interface that invokes USAccess SIP web methods on demand, rather than waiting for the next scheduled update.
  • SynchroSIPAD Module – Queries Microsoft Active Directory and maps users to DHS CDM values. For certificate-based authentication, it can map fields from the PIV Authentication Certificate to AltSecID fields in AD to support Microsoft Security Update KB5014754.
  • SynchroSIPOD Module – Provides true on-demand updates for user-selected time windows (e.g., since a specific date), specific NIST SP 800-87 components, or individual users by USAccess Person ID.
  • SynchroSIPGUI Module – A web GUI for visualizing and reporting on the data in the SynchroSIP database, with standard and custom reports based on USAccess SIP attributes and role-based permissions.

PACS Vendor Integration Support

SynchroSIP can also be integrated directly into Federal PACS solutions to keep agency PACS identity and access data synchronized with USAccess.

For agencies that rely on USAccess as their credentialing system, SynchroSIP enables PACS vendors to automatically provision, update, and deactivate PACS user records based on the latest PIV cardholder information from USAccess.

What This Enables for PACS Vendors

  • Automated PACS provisioning: Populate new PACS user records with the required identity and credential attributes from USAccess.
  • Continuous updates: Keep PACS identity and access data aligned with real-time PIV card status changes (issued, suspended, revoked, terminated).
  • Accurate access lifecycle: Ensure PACS always reflects the current status of federal PIV cardholders without manual intervention.
  • Standards alignment: Support FIPS 201, USAccess, and agency ICAM modernization goals.

    • Why This Matters

    For agencies using USAccess, PACS systems require timely and accurate identity and credential data to maintain secure physical access control. Integrating SynchroSIP allows PACS vendors to deliver out-of-the-box support for:

    • PIV cardholder onboarding
    • Access revocation
    • Suspended or revoked credential actions
    • ICAM-aligned identity lifecycle changes
    • Improved auditability and reduced manual workload

    This integration empowers PACS vendors to offer agencies a more secure, automated, and ICAM-compliant physical access solution.

    Version & Compliance

    The current SynchroSIP interface is compatible with USAccess SIP version 4.11 (February 2025).

    Security

    SynchroSIP is built using Microsoft Windows Communication Foundation (WCF) in the .NET framework and uses a custom Simple Object Access Protocol (SOAP) binding that fully implements WS-Security per the WS-Trust specification. This includes:

    SOAP signatures to ensure message integrity

    SOAP encryption to ensure message confidentiality

    SOAP security tokens to authenticate the sender

    When a certificate is installed on the database server, the connection between the SynchroSIP client and the database can also be encrypted, providing end-to-end protection for data in transit.

    Documentation & Resources

    Download the SynchroSIP Service Level Agreement

    Download the SynchroSIP Capability Statement

    Contact SynchroCyber to learn how SynchroSIP can support your USAccess, ICAM, and CDM initiatives.

    SynchroCyber Corporation

    17959 Dumfries Shopping Plaza, Suite 2B, Dumfries, VA 22026

    Phone: 703.862.5500 | Email: contact@synchrocyber.com

    Contact us to schedule a conversation about your ICAM, PACS, or USAccess needs.

    Contact Us