Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal Government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a Federal Government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Acquisition Professionals

Find approved products and services for Federal Identity, Credential, and Access Management (FICAM) implementations and helpful links for purchasing these items using GSA Schedules.

Other current and planned products and services can be found on the GSA ICAM Solutions Catalog and GSA ICAM Roadmap.

Products

The FICAM testing program – also known as the Federal Information Processing Standard 201 (FIPS 201) Evaluation Program – tests commercial products used in Personal Identity Verification (PIV) credentialing systems, physical access control systems (PACS), and public key infrastructures (PKI). These products are tested and approved to ensure you’re buying products that provide value and work well together.

The Approved Products List (APL) contains the official list of these tested products. There are currently two approved product categories:

  1. PIV Cards
  2. Physical Access Control Systems

Why can’t I find a category or product?

A product is removed when it has lost its certification due to security concerns. It is placed on the Removed Products List (RPL). A category is deprecated after it has reached broad adoption or maturity. Any further testing is no longer needed (for example, card readers for logical access). A deprecated category is not the same as a removed product. Deprecated categories are shared through a FIPS 201 Evaluation Program announcement. Contact us if you’re unsure if a product is fit for government use.

PACS Implementer Self-Assessment Toolkit

The FIPS 201 Evaluation Program, in collaboration with the PACS Modernization Working Group, created an operational self-assessment tool. The tool helps PACS implementers assess facility access systems that use PIV credentials. The assessment provides results to show alignment or disparity with FICAM and NIST guidelines.

Services

The following organizations offer Identity, Credential, and Access Management services to the federal government. If your organization has a relevant Identity, Credential, or Access Management service, contact us so we can add it to the list.

Government Identity Services

Business Identity Services

  • FPKI Individual Certificate Providers – Offers small numbers of digital certificates for business organizations and business persons, which are used to digitally sign documents and authenticate to a small number of government applications.
  • Trust Services for Businesses – Approved identity and credentialing services for businesses, and which the government has approved for federated identity services.

FedRAMP

GSA Multiple Award Schedule

GSA Multiple Award Schedule (MAS) provides access to long-term government-wide contracts. These contacts are with commercial firms that offer millions of commercial products and services at volume discount pricing. The MAS provides tools and expertise to shorten acquisition cycles, ensure compliance, and obtain the best value for innovative technology products, services, and solutions.

  • Frequently Asked Questions (FAQs)
  • GSA Advantage! – Online shopping and ordering system
    • 541519ICAM – ICAM Solutions
    • 541519PKI – PKI Shared Service Providers (SSP)
    • 541519PIV – HSPD-12 Products and Service Components
    • 541519CSP - Credential Service Provider: The CSP SIN offers a centralized list of vendors providing Credential Services for the federal government. The CSP Capabilities Template provides a framework for CSPs to describe what services they provide in a standardized way. The filled-out and submitted document will be used to ensure that vendors listed on the SIN are providing credential services that meet the needs of the government and to help categorize them as component or full-service providers. The filled-out documents will also be available to Federal Acquisition staff to assist in making informed decisions about which CSP vendors will meet the specific needs of their applications.
    • 334290PACS – Legacy PACS (non-FIPS 201)
    • 541330SEC – PACS integrator vendor
  • Multiple Award Schedule IT Special Item Numbers (SINs) – Scroll down to “IT SINs” for links to specific items

Note that the purchasing process may differ depending on the particular product or service you want. If you need help, please contact icam at gsa dot gov.

IDManagement.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov

This site is a collaboration between GSA and the Federal CIO Council. It is managed by the Identity Assurance and Trusted Access Division in the GSA Office of Government-wide Policy.

Edit this page