FIPS 201 Evaluation Program
Your official resource for product and service certification
- Search the Approved Products List
- See the latest Announcements
- Review FIPS 201 Evaluation Program Documents, Product Categories, and Certification procedures
- Contact the Labs
The GSA's FIPS 201 Evaluation Program performs testing and certification of services and commercial products used in credentialing systems, physical access control systems, mobile devices, and public key infrastructures. We test and certify a wide variety of products and services such as:
- Smartcards (secure elements) used in Personal Identity Verification (PIV) and Common Access Card (CAC) credentials
- Building physical access control systems including readers and infrastructure
- Certificate validation products including online certificate status protocol (OCSP) and server-based certificate validation protocol (SCVP) appliances
- Service providers who manage, install, or provide hosted solutions for issuance of Personal Identity Verification (PIV) and Common Access Card (CAC) credentials
For products, the testing is performed by third-party accredited testing labs, by GSA managed testing labs, and by National Institute of Standards and Technology (NIST) labs. The certification of the products is granted by either NIST or the Director of the FIPS 201 Evaluation Program after reviewing all materials and any testing results provided by the labs or product vendors. Once a product is certified, the product vendor is granted a letter of certification and the product information, version, date of certification, and any special considerations is placed on the Approved Products List (APL).
For service providers who may integrate solutions, or assist in deployments and operations within the agencies, we certify these companies and their capabilities through the use of an acquisition schedule: IT Schedule 70, SIN 132-62
We also work with industry to certify engineers who have passed exams for installing and configuring physical access control systems to government requirements. The training and certification is managed by the Smart Card Alliance (non-profit).
- For additional information, please go to the Smart Card Alliance "Certified System Engineer ICAM PACS Training and Certification Program" web site.
We have tools available to help agencies and vendors test their products and implementations. See if there are Product Testing Tools that will help you - or contact us to suggest a useful tool that you would like.