Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

GSA Card Conformance Tool

Last Update: May 10, 2021

The Card Conformance Tool (CCT) is a GSA managed, Java tool hosted on GitHub that can verify that a Personal Identity Verification (PIV) or PIV-Interoperable (PIV-I) conforms to the PIV data model per current releases of related standards, including:

  • FIPS 201: PIV of Federal Employees and Contractors
  • NIST SP 800-73: Interfaces for Personal Identity Verification
  • NIST SP 800-76: Biometric Specifications for Personal Identity Verification
  • NIST SP 800-78: Cryptographic Algorithms and Key Sizes for Personal Identity Verification

The CCT, in conjunction with the Certificate Profile Conformance Tool (CPCT), also facilitates remote PIV and PIV-I testing in support of FPKI annual reviews, reducing travel and resource time and costs. To request an official report on your CPCT and CCT results, fill out the Annual PIV Credential Issuer (PCI) Testing Application Form and send it with outputs and testing artifacts to fips201ep at

For more information about the CCT, see the CCT Wiki. You can download the latest version of the CCT here.

For assistance with the CCT, contact fpki at