Vendors

Federal agencies require systems and services to be functional, secure, and compatible with other products. The General Services Administration (GSA) supports these requirements through testing and identifying products and services.

• The GSA Federal Acquisition Service issues long-term government-wide contracts that provide federal, state, and local government buyers access to commercial products, services, and solutions at pre-negotiated pricing.
• The GSA Office of Government-wide Policy provides testing and certification services for specific product categories.

In most cases, vendors who wish to sell Identity, Credentialing, and Access Management products or services to the federal government must apply to a Multiple Award Schedule (MAS) Special Item Number (SIN). All ICAM-related SINs require a technical evaluation. In the case of SIN 541519CSP - Credential Service Provider (CSP), the provided capabilities template must be thoroughly completed.

• Homeland Security Presidential Directive 12 (HSPD-12).
• National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63.
• NIST Federal Information Processing Standard (FIPS) 201: Personal Identity Verification (PIV) of Federal Employees and Contractors.

Two product categories require additional testing at a testing facility before applying to the Multiple Award Schedule.

1. Smart card credentials require testing by GSA or an approved lab. Products are listed on the GSA FIPS 201 Approved Products List - PIV Cards category.
2. Physical Access Control Systems (PACS) for buildings, including readers and infrastructure, require testing by GSA. Products are listed on the GSA FIPS 201 Approved Products List - Physical Access Control System Components category.

Please get in touch with fips201ep at gsa dot gov if you have product approval questions.

Product Approval Process

It takes three steps to get a product approved for federal use. If your product does not require additional testing under one of the categories listed above, skip to step 3.

1. Review testing documents
2. Contact a testing lab
3. Get on a GSA Schedule

Step 1 – Review Testing Documents

The GSA FIPS 201 Evaluation Program, tests commercial products used in PIV credentialing systems and PACS.

Review testing documents and procedures

Step 2 – Contact a Testing Lab

Once you have reviewed the testing documents, contact one of the Testing Labs listed below. The lab will walk you through the application and testing process.

Three approved testing labs test PIV card stock:

• Atsec Information Security Corporation
  • Contact: Andreas Fabis
  • Phone: (512) 615-7300
• Booz Allen Hamilton Cyber Assurance Testing Laboratory
  • Contact: Eric Winterton
  • Phone: (410) 684-6691

GSA manages testing and certification for PACS as well as annual audit testing of production PIV credentials for federal agencies:

• GSA FICAM Testing Lab
  • Contact: fips201ep@gsa.gov

If your product completes the testing process, two things occur.

1. You will receive a signed approval document.
2. Your product will be listed on the Approved Products List (APL) under the appropriate category.

After testing and approval, apply to have your product or service listed on the GSA’s Multiple Award Schedule (MAS).

Step 3 – Get on a GSA Schedule

The GSA MAS Program, also referred to as the “Schedule,” is the premier contract vehicle for the federal government. The MAS Program is a long-term government-wide contract between commercial suppliers and the federal government. Holding a Schedule contract can open doors for a business, but it requires effort and commitment to succeed. See if the Schedule is a good fit for your business first.

• Sell through GSA MAS – Agencies use the MAS to fulfill their technology products and services needs.

Professional Services

Professional services involve integrating solutions and helping agencies deploy and operate identity and credentialing systems related to ICAM implementations.

Professional services involve integrating solutions and helping agencies deploy and operate identity and credentialing systems related to ICAM implementations. Professional services vendors must document their experience deploying policy-compliant ICAM projects in government agencies. GSA certifies consulting services and labor categories through Special Item Numbers for ICAM or HSPD-12 professional services. Please contact fpki at gsa dot gov if you have questions related to professional services.

• 541519ICAM – ICAM Solutions
• 541519PIV – HSPD-12 Products and Service Components

The Certified System Engineer ICAM PACS (CSEIP) is a certification for PACS and PACS integration services. It is a required credential to become an approved consultant.

• CSEIP list of certified individuals
• About the CSEIP certification