Testing Title

FIPS 201 Evaluation Program Announcements

Categories RemovedReplacement
Card Printer StationFPKIPA Annual PIV Card Issuer Testing
Certificate ValidatorServer-based Certificate Validation Protocol Category
Cryptographic ModuleNIST FIPS 140-2 Validation List
Electronic PersonalizationFPKIPA Annual PIV Card Issuer Testing
Facial Image Capturing CameraFPKIPA Annual PIV Card Issuer Testing
Facial Image Capturing Camera (Middleware)FPKIPA Annual PIV Card Issuer Testing
Graphical RepresentationFPKIPA Annual PIV Card Issuer Testing
LACS Caching Status ProxyServer-based Certificate Validation Protocol Category
LACS Mobile Transparent ReaderFICAM Playbooks
LACS Transparent ReaderFICAM Playbooks
PIV MiddlewareNIST PIV Middleware Certification List 
Single Fingerprint Capture DeviceFBI Certified Products List (CPL) 
Template GeneratorNIST MINEX Participation Chart 
Template MatcherNIST MINEX Participation Chart 

POSTED October 29, 2016

List of Categories Removed from the Approved Products List (APL)

The FIPS 201 Evaluation Program has removed the following categories, displayed in the table to the right, from the Approved Products List. After analyzing the Approved Products List categories, the Program found that:

  • Many products on the APL are not for sale anymore
  • Most testing and approval procedures were outdated
  • Testing was already being conducted by some other Program (NIST, FBI)

Below are some resources that provide information, guidance, or a replacement certification list for some of the removed FIPS 201 categories:

Please note the removal of these categories should not impact any procurements. Categories not identified by the Program have no requirement for FIPS 201 conformance and any product on the market should be able to satisfy the agency's needs/requirements.

POSTED July 11, 2016

PD-VAL Testing Transfer

To increase alignment and efficiency of Federal PKI testing requirements and duties, Federal PKI Path Discovery and Validation (PD-VAL) Testing will be transferred from the FPKI Management Authority to the FIPS 201 Evaluation Program. This will have no impact on vendors currently certified on the PDVAL Product List or Approved Product List.

POSTED June 23, 2016

PIV Cards Using Random Number Generator (RNG) to be Removed from Approved Products List

In-line with the DRBG PIV card transition plan from NIST, the FIPS 201 Evaluation Program will be removing legacy RNG PIV cards listed on the Approved Products List on July 31, 2017.

According to this transition plan, agencies may continue to procure and issue cards using implementations marked as “legacy” on the NPIVP validation list until June 30, 2017. However, the agencies should migrate to fully compliant cards implementing approved DRBGs as soon as DRBG PIV cards and the compatible card management software are commercially available. Once issued, these “legacy” RNG PIV cards may be used until their expiration date - up to June 30, 2023.

POSTED April 12, 2016

GSA Document Signing Tool

We'd like to announce that the GSA Document Signing Tool (aka PKCS#7 Tool) source code is now available on GitHub . Moving forward, the community may contribute to enhancements, bug fixes, and new features for the GSA Document Signing Tool directly. Community members may clone the source code from the GSA GitHub repository and submit any additions via new branches and pull requests. If you are new to GitHub and need instructions on how to use the GitHub features, please reference the GitHub help page.

If you have any questions, comments, or issues with the GSA Document Signing Tool, feel free to post your comments in the "Issues" section of the GSA Document Signing Tool GitHub site.

As new questions are posted to the "Issues" section, all members in the community may contribute to answering and/or helping with any code enhancements. We encourage community members to actively contribute and share their contributions with everyone.

POSTED June 13, 2014

Tri-interface PIV Cards to be Removed from the Approved Products List

The FIPS 201 Evaluation Program received and analyzed multiple comments on the removal of tri-interface cards from the Approved Products List (APL). To provide further clarification, tri-interface cards refers to PIV cards that have additional non-PIV authentication features such as a mag stripe and 125 kHz antenna. The Program has been asked to remove these types of cards from the APL because they have become an enabler for some buildings to postpone or altogether avoid deploying compliant Physical Access Control Systems (PACS); our intent was to close this loophole. Two years ago, the Program removed transparent readers from the APL to align products with policy and standards by utilizing PKI for PACS and LACS. We are now removing tri-interface cards from the APL so buildings can migrate away from legacy forms of access control and align with policy and directives.

While we received mostly very positive feedback about this decision, we have received feedback that highlighted a number of legitimate use cases that we would be negatively impacting agencies. The Program is going to delay the removal of the tri-interface cards from the APL from 6 to 18 months. In 18 months the FIPS 201 Evaluation Program will no longer test or list tri-interface cards on the APL. Note that PIV Issuers are required to use APL approved card stock, so beginning in 18 months issuance of tri-interface PIV cards will not be allowed.