Acquisition Professionals

Find approved products and services for Federal Identity, Credential, and Access Management (FICAM) implementations and helpful links for purchasing these items using GSA Schedules.

Other current and planned products and services can be found on the GSA ICAM Solutions Catalog and GSA ICAM Roadmap.

Products

The FICAM testing program – also known as the Federal Information Processing Standard 201 (FIPS 201) Evaluation Program – tests commercial products used in Personal Identity Verification (PIV) credentialing systems, physical access control systems (PACS), and public key infrastructures (PKI). These products are tested and approved to ensure you’re buying products that provide value and work well together.

The Approved Products List (APL) contains the official list of these tested products. There are currently two approved product categories:

1. PIV Cards
2. Physical Access Control Systems

Why can’t I find a category or product?

A product is removed when it has lost its certification due to security concerns. It is placed on the Removed Products List (RPL). A category is deprecated after it has reached broad adoption or maturity. Any further testing is no longer needed (for example, card readers for logical access). A deprecated category is not the same as a removed product. Deprecated categories are shared through a FIPS 201 Evaluation Program announcement. Contact us if you’re unsure if a product is fit for government use.

PACS Implementer Self-Assessment Toolkit

The FIPS 201 Evaluation Program, in collaboration with the PACS Modernization Working Group, created an operational self-assessment tool. The tool helps PACS implementers assess facility access systems that use PIV credentials. The assessment provides results to show alignment or disparity with FICAM and NIST guidelines.

• PACS Assessment Toolkit Version 1.0

Services

The following organizations offer Identity, Credential, and Access Management services to the federal government. If your organization has a relevant Identity, Credential, or Access Management service, contact us so we can add it to the list.

Government Identity Services

• USAccess – Provides agencies with a PIV credentialing service.
• MAX.gov Authentication as a Service – Single Sign-On (SSO) and 2-Factor Authentication as a Service with PIV credential integration.
• FPKI Shared Service Providers – Digital certificates for Federal agencies.

Business Identity Services

• FPKI Individual Certificate Providers – Offers small numbers of digital certificates for business organizations and business persons, which are used to digitally sign documents and authenticate to a small number of government applications.
• Trust Services for Businesses – Approved identity and credentialing services for businesses, and which the government has approved for federated identity services.

FedRAMP

• The Federal Risk and Authorization Management Program (FedRAMP) website contains a marketplace with federal workforce and citizen identity products.

GSA Multiple Award Schedule

GSA Multiple Award Schedule (MAS) provides access to long-term government-wide contracts. These contacts are with commercial firms that offer millions of commercial products and services at volume discount pricing. The MAS provides tools and expertise to shorten acquisition cycles, ensure compliance, and obtain the best value for innovative technology products, services, and solutions.

• Frequently Asked Questions (FAQs)
• GSA Advantage! – Online shopping and ordering system
  • 541519ICAM – ICAM Solutions
  • 541519PKI – PKI Shared Service Providers (SSP)
  • 541519PIV – HSPD-12 Products and Service Components
  • 334290PACS – Legacy PACS (non-FIPS 201)
  • 541330SEC – PACS integrator vendor
• Multiple Award Schedule IT Special Item Numbers (SINs) – Scroll down to “IT SINs” for links to specific items

Note that the purchasing process may differ, depending on the particular product or service you want. If you need help, please contact icam at gsa dot gov.