Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal Government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a Federal Government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Vendors

Federal agencies require systems and services to be functional, secure, and compatible with other products. The General Services Administration (GSA) supports these requirements through testing and identifying products and services.

  • The GSA Federal Acquisition Service issues long-term governmentwide contracts that provide federal, state, and local government buyers access to commercial products, services and solutions at pre negotiated pricing.
  • The GSA Office of Government-wide Policy provides testing and certification services for specific product categories.

In most cases, vendors who wish to sell Identity, Credentialing, and Access Management products or services to the federal government must apply to a Multiple Award Schedule Special Item Number (SIN). Vendors must submit an appropriate self-assessment that demonstrates policy compliance with the following directives or standards.

Two product categories require additional testing at a testing facility before applying to the Multiple Award Schedule.

  1. Smart card credentials require testing by GSA or an approved lab. Products are listed on the GSA FIPS 201 Approved Products List - PIV Cards category.
  2. Physical Access Control Systems (PACS) for buildings, including readers and infrastructure require testing by GSA. Products are listed on the GSA FIPS 201 Approved Products List - Physical Access Control System Components category.

Please get in touch with fips201ep at gsa dot gov if you have product approval questions.

Product Approval Process

It takes three steps to get a product approved for federal use. If your product does not require additional testing under one of the categories listed above, skip to step 3.

  1. Review testing documents
  2. Contact a testing lab
  3. Get on a GSA Schedule

Step 1 – Review Testing Documents

The GSA FIPS 201 Evaluation Program, tests commercial products used in PIV credentialing systems and PACS.

Review testing documents and procedures

Step 2 – Contact a Testing Lab

Once you have reviewed the testing documents, contact one of the Testing Labs listed below. The lab will walk you through the application and testing process.

Three approved testing labs test PIV card stock:

GSA manages testing and certification for PACS as well as annual audit testing of production PIV credentials for federal agencies:

  • GSA FICAM Testing Lab
    • Contact: fips201ep at gsa dot gov

If your product completes the testing process, two things occur.

  1. You will receive a signed approval document.
  2. Your product will be listed on the Approved Products List (APL) under the appropriate category.

After testing and approval, apply to have your product or service listed on the GSA’s Multiple Award Schedule (MAS).

Step 3 – Get on a GSA Schedule

The GSA MAS Program also referred to as the “Schedule,” is the premier contract vehicle for the federal government. The MAS Program is a long-term government-wide contract between commercial suppliers and the federal government. Holding a Schedule contract can open doors for a business, but it requires effort and commitment to succeed. See if the Schedule is a good fit for your business first.

  • Sell through GSA MAS – Agencies use the MAS to fulfill their technology products and services needs.

Professional Services

Professional services involve integrating solutions and helping agencies deploy and operate identity and credentialing systems related to ICAM implementations.

Professional services involve integrating solutions and helping agencies deploy and operate identity and credentialing systems related to ICAM implementations. Professional services vendors must document their experience deploying policy-compliant ICAM projects in government agencies. GSA certifies consulting services and labor categories through Special Item Numbers for ICAM or HSPD-12 professional services. Please contact fpki at gsa dot gov if you have questions related to professional services.

The Certified System Engineer ICAM PACS (CSEIP) is a certification for PACS and PACS integration services. It is a required credential to become an approved consultant.

IDManagement.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov

This site is a collaboration between GSA and the Federal CIO Council. It is managed by the Identity Assurance and Trusted Access Division in the GSA Office of Government-wide Policy.

Edit this page