FIPS 201 Evaluation Program Announcements

FIPS 201 Evaluation Program Announcements

POSTED August 18, 2017

FIPS 201 Evaluation Program Now Testing Derived PIV Credentials

The FIPS 201 Evaluation Program has established the criteria for testing derived PIV credentials. See the FIPS 201 Evaluation Program page for information about the testing process or to submit a credential for testing.


POSTED May 24, 2017

June 30, 2018 Extension for Random Number Generator (RNG)-based PIV Cards

NIST’s PIV Validation Program has provided an extension on migrating away from RNG-based PIV cards to Deterministic Random Bit Generator (DRBG)-based PIV cards.

The FIPS 201 Evaluation Program’s Approved Products List (APL) will continue to list RNG-based PIV cards until June 30, 2018.


Categories Removed Replacement
Card Printer Station FPKIPA Annual PIV Credential Issuer Testing
Certificate Validator Server-based Certificate Validation Protocol Category
Cryptographic Module NIST FIPS 140-2 Validation List
Electronic Personalization FPKIPA Annual PIV Credential Issuer Testing
Facial Image Capturing Camera FPKIPA Annual PIV Credential Issuer Testing
Facial Image Capturing Camera (Middleware) FPKIPA Annual PIV Credential Issuer Testing
Graphical Representation FPKIPA Annual PIV Credential Issuer Testing
LACS Caching Status Proxy Server-based Certificate Validation Protocol Category
LACS Mobile Transparent Reader FICAM Playbooks
LACS Transparent Reader FICAM Playbooks
PIV Middleware NIST PIV Middleware Certification List
Single Fingerprint Capture Device FBI Certified Products List (CPL)
Template Generator NIST MINEX Participation Chart
Template Matcher NIST MINEX Participation Chart

POSTED October 29, 2016

List of Categories Removed from the Approved Products List (APL)

The FIPS 201 Evaluation Program has removed the following categories, displayed in the table to the right, from the Approved Products List. After analyzing the Approved Products List categories, the Program found that:

  • Many products on the APL are not for sale anymore
  • Most testing and approval procedures were outdated
  • Testing was already being conducted by some other Program (NIST, FBI)

Below are some resources that provide information, guidance, or a replacement certification list for some of the removed FIPS 201 categories:

Please note the removal of these categories should not impact any procurements. Categories not identified by the Program have no requirement for FIPS 201 conformance and any product on the market should be able to satisfy the agency’s needs/requirements.


POSTED June 23, 2016

PIV Credentials Using Random Number Generator (RNG) to be Removed from Approved Products List

In-line with the DRBG PIV credential transition plan from NIST, the FIPS 201 Evaluation Program will be removing legacy RNG PIV credential listed on the Approved Products List on July 31, 2017.

According to this transition plan, agencies may continue to procure and issue credentials using implementations marked as “legacy” on the NPIVP validation list until June 30, 2017. However, the agencies should migrate to fully compliant credentials implementing approved DRBGs as soon as DRBG PIV credential and the compatible credential management software are commercially available. Once issued, these “legacy” RNG PIV credentials may be used until their expiration date – up to June 30, 2023.


POSTED April 12, 2016

GSA Document Signing Tool

We’d like to announce that the GSA Document Signing Tool (aka PKCS#7 Tool) source code is now available on GitHub. Moving forward, the community may contribute to enhancements, bug fixes, and new features for the GSA Document Signing Tool directly. Community members may clone the source code from the GSA GitHub repository and submit any additions via new branches and pull requests. If you are new to GitHub and need instructions on how to use the GitHub features, please reference the GitHub help page.

If you have any questions, comments, or issues with the GSA Document Signing Tool, feel free to post your comments in the “Issues” section of the GSA Document Signing Tool GitHub site.

As new questions are posted to the “Issues” section, all members in the community may contribute to answering and/or helping with any code enhancements. We encourage community members to actively contribute and share their contributions with everyone.


POSTED June 13, 2014

Tri-interface PIV Credentials to be Removed from the Approved Products List

The FIPS 201 Evaluation Program received and analyzed multiple comments on the removal of tri-interface credentials from the Approved Products List (APL). To provide further clarification, tri-interface credentials refers to PIV credentials that have additional non-PIV authentication features such as a mag stripe and 125 kHz antenna. The Program has been asked to remove these types of credentials from the APL because they have become an enabler for some buildings to postpone or altogether avoid deploying compliant Physical Access Control Systems (PACS); our intent was to close this loophole. Two years ago, the Program removed transparent readers from the APL to align products with policy and standards by utilizing PKI for PACS and LACS. We are now removing tri-interface credentials from the APL so buildings can migrate away from legacy forms of access control and align with policy and directives.

While we received mostly very positive feedback about this decision, we have received feedback that highlighted a number of legitimate use cases that we would be negatively impacting agencies. The Program is going to delay the removal of the tri-interface credentials from the APL from 6 to 18 months. In 18 months the FIPS 201 Evaluation Program will no longer test or list tri-interface credentials on the APL. Note that PIV Issuers are required to use APL approved credential stock, so beginning in 18 months issuance of tri-interface PIV credentials will not be allowed.