Approved Products List – PIV Cards
The Personal Identity Verification (PIV) cards listed below have been approved for FICAM implementation under the FIPS 201 Evaluation Program. These are blank PIV cards available for purchase. A PIV service provider will personalize these blank cards for federal agencies and contractors. PIV service providers are required to use PIV cardstock from the Approved Products List (APL).
- Tri-Interface cards are not approved for Federal Government PIV or CAC card use. Agencies should not procure them. They are listed on the APL for industry-only procurement.
- Manufacturers may call Tri-Interface cards by different names (for example, Dual Hybrid). The prohibited feature of Tri-Interface cards is a prox interface (a 125 kHz antenna).
- Agencies should procure only cards validated by the NIST Personal Identity Verification Program (NPIVP).
PIV Cards – Approved
Approved PIV Cards
- G&D Mobile Security SmartCafe Expert 7.0 with HID Global ActivID Applet v2.7.5
- G&D Mobile Security SmartCafe Expert 7.0 with StarSign PIV Applet v1.0
- Gemalto IDPrime PIV v2.1
- Gemalto Safenet IDPrime PIV v3.0
- Gemalto TOP CL v2.1 with HID Global ActivID Applet v2.7.4
- HID Global Crescendo PIV
- IDEMIA ID-One PIV 2.3 on Cosmo v8.0
- IDEMIA ID-One PIV 2.3 on Cosmo v8.0 (High Speed)
- IDEMIA ID-One PIV 2.4 on Cosmo v8.1 (PIV Applet 2.4.1 in EEPROM)
- IDEMIA ID-One PIV 2.4 on Cosmo v8.1 (PIV Applet 2.4.1 in ROM)
- IDEMIA ID-One PIV 2.4 on Cosmo v8.1 (PIV Applet 2.4.0)
PIV Cards – Legacy
Legacy PIV cards are no longer approved for purchase by the FIPS 201 Evaluation Program, and any cardstock designated as “legacy” is placed on this legacy list. However, some federal agencies still need to procure the legacy cardstock to use while existing systems are being upgraded. Agencies must stop using cardstock on the legacy list by June 30, 2024.
Legacy PIV Cards
- Gemalto IDCore 3020 v1, 128k dual-interface with ActivIdentity Digital Identity Applet Suite – APL# 1244
- Giesecke & Devrient StarSign(R) SmartCafe(R) Expert 144K with PIV Applet – APL# 525
- IDEMIA ID-One (Type A) Large D – APL# 587
Agencies procuring cardstock from the legacy list assume all risks associated with its use from now until the NIST-mandated deadline of June 30, 2024.
If your agency needs to purchase cardstock from this legacy list, you must submit an Assumption of Risk Memorandum (memo) from the agency Chief Information Officer(s) to the General Services Administration (GSA). The memo must contain the following information:
- Acknowledgement of the assumption of all associated security risks;
- Acknowledgement of non-compliance with NIST standards;
- A transition plan specifying major milestones to achieve full compliance by the 2024 deadline; and
- Implications resulting from non-compliance with federal policy related to this purchase.
Submit the memo to GSA’s Associate Administrator for Government-wide Policy (OGP) (regardless of the procurement vehicle used). If using GSA Schedules as the procurement vehicle, also submit a copy of the memo to the Commissioner of GSA’s Federal Acquisition Service.
Note that GSA will provide the Office of the Federal Chief Information Officer (OFCIO) at the Office of Management and Budget (OMB) with copies of all memos submitted.
Based on agency-provided transition plans, GSA OGP will review the products on the legacy list in 12 months (May 2020) for removal.
Please email firstname.lastname@example.org with questions.
How To Purchase
Visit the Buy Page to view FICAM products, services and purchasing guidance.
Page Reviewed/Updated: June 3, 2019