Skip to Content


Agency Information Collection Activities: Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Department of Homeland Security.


30-Day Notice and request for comments; Revision of a currently approved collection.


The Department of Homeland Security, Office of the Secretary, will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995 (P.L. 104-13, 44 U.S.C. chapter 35). DHS previously published this information collection request (ICR) in the Federal Register on July 18, 2011 at 76 FR 42132, for a 60-day public comment period. No comments were received by DHS. The purpose of this notice is to allow an additional 30-days for public comments.


Comments are encouraged and will be accepted until November 4, 2011. This process is conducted in accordance with 5 CFR 1320.10.


Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, Office of Management and Budget. Comments should be addressed to OMB Desk Officer, Department of Homeland Security and sent via electronic mail to or faxed to (202) 395-5806.

The Office of Management and Budget is particularly interested in comments which:

1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

3. Enhance the quality, utility, and clarity of the information to be collected; and

4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses.

Start Further Info


If additional information is required contact: Office of the Secretary, DHS Attn.: Steve Kozar, (202) 447-3368.

End Further Info End Preamble Start Supplemental Information


The REAL ID Act of 2005 (the Act) prohibits federal agencies from accepting state-issued drivers' licenses or identification cards for any official purpose—defined by the Act and regulations as boarding commercial aircraft, accessing federal facilities, or entering nuclear power plants—unless the license or card is issued by a state that meets the requirements set forth in the Act. Title II of Division B of Public Law 109-13, codified at 49 U.S.C. 30301 note. The REAL ID regulations, which DHS issued in January 2008, establish the minimum standards that states must meet to comply with the Act. See 73 FR 5272, also 6 CFR part 37 (Jan. 29, 2008). These include requirements for presentation and verification of documents to establish identity and lawful status, standards for document issuance and security, and physical security requirements for driver's license production facilities. For a state to achieve full compliance, the Department of Homeland Security (DHS) must make a final determination on or before January 15, 2013, that the state has met the requirements contained in the regulations and is compliant with the Act. The regulations include new information reporting and record keeping requirements for states seeking a full compliance determination by DHS. As discussed in more detail below, states seeking DHS's full compliance determination must certify that they are meeting certain standards in the issuance of driver's licenses and identification cards and submit security plans covering physical security of document production and storage facilities as well as security of personally identifiable information. 6 CFR 37.55(a). States also must conduct background checks and training for employees involved in the document Start Printed Page 61724production and issuance processes and retain and store applicant photographs and other source documents. 6 CFR 37.31 and 37.45. States must recertify compliance with REAL ID every three years on a rolling basis as determined by the Secretary of Homeland Security. 6 CFR 37.55.

Certification Process Generally—Section 202(a)(2) of the REAL ID Act requires the Secretary to determine whether a state is meeting its requirements, “based on certifications made by the State to the Secretary.” To assist DHS in making a final compliance determination, § 37.55 of the rule requires the submission of the following materials:

(1) A certification by the highest level Executive official in the state overseeing the DMV that the state has implemented a program for issuing driver's licenses and identification cards in compliance with the REAL ID Act.

(2) A letter from the Attorney General of the state confirming the state has the legal authority to impose requirements necessary to meet the standards.

(3) A description of a state's exceptions process to accept alternate documents to establish identity and lawful status and wavier process used when conducting background checks for individuals involved in the document production process.

(4) The state's security plan.

Additionally, after a final compliance determination by DHS, states must recertify compliance every three years on a rolling basis as determined by DHS. 6 CFR 37.55(b).

State REAL ID programs will be subject to DHS review to determine whether the state meets the requirements for compliance. States must cooperate with DHS's compliance review and provide any reasonable information requested by DHS relevant to determining compliance. Under the rule, DHS may inspect sites associated with the enrollment of applicants and the production, manufacture, personalization, and issuance of driver's licenses or identification cards. DHS also may conduct interviews of employees and contractors involved in the document issuance, verification, and production processes. 6 CFR 37.59(a).

Following a review of a state's certification package, DHS may make a preliminary determination that the State needs to take corrective actions to achieve full compliance. In such cases, a state may have to respond to DHS and explain the actions it took or plans to take to correct any deficiencies cited in the preliminary determination or alternatively, detail why the DHS preliminary determination is incorrect. 6 CFR 37.59(b).

Security Plans—In order for states to be in compliance with the Act, they must ensure the security of production facilities and materials and conduct background checks and fraudulent document training for employees involved in document issuance and production. REAL ID Act § 202(d)(7)-(9). The Act also requires compliant licenses and identification cards to include features to prevent tampering, counterfeiting, or duplication. REAL ID Act § 202(b). To document compliance with these requirements the regulations require states to prepare a security plan and submit it as part of their certification package. 6 CFR 37.41. At a minimum, the security plan must address steps the state is taking to ensure:

  • The physical security of production materials and storage and production facilities;
  • Security of personally identifiable information maintained at DMVs including a privacy policy and standards and procedures for document retention and destruction;
  • Document security features including a description of the use of biometrics and the technical standards used;
  • Facility access control including credentialing and background checks;
  • Fraudulent document and security awareness training;
  • Emergency response;
  • Internal audit controls; and
  • An affirmation that the state possesses the authority and means to protect the confidentiality of REAL ID documents issued in support of criminal justice agencies or similar programs.

The security plan also must include a report on card security and integrity.

Background checks and waiver process—Within its security plans, the rule requires states to outline their approach to conducting background checks of certain DMV employees involved in the card production process. 6 CFR 37.45. Specifically, states are required to perform background checks on persons who are involved in the manufacture or production of REAL ID driver's licenses and identification cards, as well as on individuals who have the ability to affect the identity information that appears on the driver's license or identification card and on current employees who will be assigned to such positions. The background check must include a name-based and fingerprint-based criminal history records check, an employment eligibility check, and for newer employees a prior employment reference check. The regulation permits a state to establish procedures to allow for a waiver for certain background check requirements in cases, for example, where the employee has been arrested, but no final disposition of the matter has been reached.

Exceptions Process—Under the rule, a state DMV may choose to establish written, defined exceptions process for persons who, for reasons beyond their control, are unable to present all necessary documents and must rely on alternate documents to establish identity, date of birth, or SSN (including not having an SSN). 6 CFR 37.11(h). Alternative documents to demonstrate lawful status will only be allowed to demonstrate U.S. citizenship. The state must retain copies or images of the alternate documents accepted under the exceptions process and submit a report with a copy of the exceptions process as part of its certification package.

Recordkeeping—The rule requires states to maintain photographs of applicants and records of certain source documents. Paper or microfiche copies of these documents must be retained for a minimum of seven years. Digital images of these documents must be retained for a minimum of ten years. 6 CFR 37.31. The collection of the information will support the information needs of DHS in its efforts to determine state compliance with requirements for issuing REAL ID driver's licenses and identification cards. States may submit the required documents in any format that they choose. DHS has not defined specific format submission requirements for states. DHS will use all of the submitted documentation to evaluate State progress in implementing the requirements of the REAL ID final rule. DHS has used information provided under the current collection to grant extensions and track state progress.

Submission of the security plan helps to ensure the integrity of the license and identification card issuance and production process and outlines the measures taken to protect personal information collected, maintained, and used by state DMVs. Additionally, the collection will assist other federal and state agencies conducting or assisting with necessary background and immigration checks for certain employees. The purpose of the name-based and fingerprint based CHRC requirement is to ensure the suitability and trustworthiness of individuals who have the ability to affect the identity information that appears on the license; have access to the production process; or who are involved in the manufacture Start Printed Page 61725or issuance of the licenses and identification cards.

In compliance with GPEA, states will be permitted to submit the required information for their security plans, certification packages, and written exceptions processes electronically. States will be permitted to submit electronic signatures but must keep the original signature on file. Additionally, because they contain sensitive security information (SSI), the security plans must be handled and protected in accordance with 49 CFR Part 1520. 6 CFR 37.41(c). The final rule does not dictate how States must submit their employees' fingerprints to the FBI for background checks; however it is assumed States will do so via electronic means or another means determined by the FBI.

This is a revision to the original REAL ID information request that covered submissions of material compliance checklists and requests for extensions to meet the requirements of the regulation. This collection is being revised to cover the collection of information required under the regulation for full compliance, including recordkeeping requirements and employee background checks, and to include information to assist DHS in making full compliance determinations. States seeking certification of full compliance with the REAL ID Act must follow the certification requirements described in § 37.55 of the regulation and referenced in the response to question one of this supporting statement. There are no new or additional costs associated with this revised information collection. All costs were included in the REAL ID final rule that was published in January 2008. There has been an increase in annual burden hours associated with this collection. This increase in burden is a result of the collection of information required for full compliance. The number of respondents also has increased from 51 to 56, as the previously approved collection did not include the five U.S. Territories (Puerto Rico, the Commonwealth of the Northern Mariana Islands, Guam, the Virgin Islands, and American Samoa).


Agency: Office of the Secretary, DHS.

Title: REAL ID: Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies.

OMB Number: 1601-0005.

Frequency: Once.

Affected Public: State, Local, and Tribal Governments.

Number of Respondents: 56.

Estimated Time per Respondent: 1,098 hours.

Total Burden Hours: 443,606.

Start Signature

Dated: September 27, 2011.

Richard Spires,

Chief Information Officer.

End Signature End Supplemental Information

[FR Doc. 2011-25608 Filed 10-4-11; 8:45 am]