Sell FICAM Products and Services
This page contains information for vendors who wish to sell identity, credentialing and access management (ICAM) products and services or provide consulting services to the Federal government. Learn how to get your product or service tested and approved.
Federal agencies require systems and services to be functional, secure, compatible with other products, and trustworthy. The Federal ICAM (FICAM) program supports these requirements by managing the testing of certain products, and by certifying services.
- Product Approval Process – If you want to sell an ICAM product, your product will need to undergo testing, and once approved, it will be listed on the Approved Products List.
- Trust Service Approval Process – If you want to offer an identity and/or credentialing service, you’ll need to be approved as a Trust Services Provider.
- Consulting Services – If you want to provide consulting services, you can apply to be on a GSA Schedule.
Product Approval Process
It takes just three steps to get a product approved for use by Federal agencies:
- Review testing documents
- Contact a testing lab
- Get on a GSA Schedule
Step 1 – Review Testing Documents
The FICAM testing program – also known as the Federal Information Processing Standard 201 (FIPS 201) Evaluation Program – tests commercial products used in Personal Identify Verification (PIV) credentialing systems, physical access control systems (PACS), and public key infrastructures (PKI).
Review the applicable testing document(s) for the product(s) you wish to get tested. Products we can test include PIV cards, physical access control systems, and validation servers that implement the server certificate validation protocol (SCVP).
Step 2 – Contact a Testing Lab
Once you’ve reviewed the testing documents, contact one of the Testing Labs listed below. They’ll walk you through the application and testing process.
There are three Approved Testing Labs that test PIV card stock and badge holders:
- atsec information security operation
- Contact: Fiona Pattinson
- Phone: (512) 615-7300
- Booz Allen Hamilton Cyber Assurance Testing Laboratory
- Contact: Mr. Eric Winterton
- Phone: (410) 684-6691
- Contact: Elizabeth Stowers
- Phone: (443) 367-9778
GSA manages testing and certification for Physical Access Control Systems (PACS), as well as the annual audit testing of production PIV credentials for federal agencies:
- GSA FICAM Testing Lab
- Contact: email@example.com
After your product passes testing, you’ll receive a signed document showing the approval, and your product will be listed on the Approved Products List (APL).
Step 3 – Get on a GSA Schedule
After testing and approval, apply to get your product or service listed on GSA’s IT Schedule 70 and/or Schedule 84.
- Sell through GSA IT Schedule 70 – Agencies use Schedule 70 to fulfill their technology products and services needs.
- Sell through GSA Schedule 84 – Schedule 84 is for products and services relating to facility security and facility management systems.
Trust Services Approval Process
Trust Services providers offer a variety of services related to identity and credentialing of persons, including:
- Issuing and managing person identity and device identity certificates using PKI
- Issuing and managing person identity credentials for PIV and Common Access Card (CAC) hardware credentials
- Issuing and managing person identity credentials using other identity federation technologies
These services rely upon a level of trust to be established and managed through legal agreements, technology agreements, and regular auditing of the services, procedures and practices.
We’re currently updating the approval procedures for Trust Services providers to align with new government standards, and will update this page once those new procedures are in place.
Consulting services involve integrating solutions and/or helping agencies deploy and operate identity and credentialing systems related to PIV and CAC implementations.
GSA certifies consultants through an acquisition schedule.
The Certified System Engineer ICAM PACS (CSEIP) is a certification related to physical access control systems and integration services, and is often a requirement to become an approved consultant.
Thanks for your interest in providing FICAM products and services. Please contact us if you have questions or need additional assistance.
Page Reviewed/Updated: May 11, 2017