GSA FIPS 201 Evaluation Program: Criteria for Approval

FIPS (Federal Information Processing Standards Publication) 201 is a United States federal government standard that specifies Personal Identity Verification (PIV)  requirements for Federal employees and contractors.

In June 2006, GSA instantiated the first Laboratory for testing products and services used in Agency HSPD-12 systems for compliance with FIPS 201 and related publications, as directed by OMB Memorandum 05-24. Since that time, the Lab has tested hundreds of Products and Services against the requirements of all defined categories, according to the Approval Procedures.

In order for Suppliers to have their products listed on the GSA Approved Products List, their offering must be submitted to a GSA Accredited Evaluation Program Laboratory in accordance with the Approval Procedure associated with that particular category.

Step-by-step process for approval

The first step that a Supplier must take in order to submit their offering to the Lab for evaluation is to determine whether or not their product or service fits into one of the categories defined by GSA. A description of the current product and service categories can be found at the end of this document. Suppliers who are unsure whether or not their offering fits into one of the defined categories can contact either April Giles at +1 202 501 1123 or an accredited Lab for consultation.

Second, Suppliers need to download the latest version of the Approval Procedure to determine the requirements that will be evaluated by the Lab. The Approval  Procedure documents are the requirement documents that were developed as a basis for performing evaluations of Supplier offerings. Suppliers must ensure that the Product or Service submitted to the Lab meets all of the requirements as stated.

Currently, there are five (5) methods, or Approval Mechanisms, used by the Lab to determine compliance with the Lab. A description of each Mechanism can be found
in Section 3 of all Approval Procedures. The requirements for each Product or Service, located in Section 4.1 of all Approval Procedures, may have one or more  Approval Mechanisms used to test each requirement. The Approval Mechanisms serve as a basis for determining if the offering meets GSA requirements for testing.

Third, Suppliers are required to furnish the appropriate documentation which shows compliance to each requirement. Where applicable, the Lab will perform  additional testing to further verify that a particular requirement has been met. In the case where the Supplier’s offering is a Service, the Lab requires that a site visit be performed to ensure that process related requirements are being executed as required by FIPS 201.

Fourth, Suppliers must apply for a login to the GSA Evaluation Program Web Enabled Tool, using the appropriate login request document. A link has been posted on the Evaluation Program’s website, found at http://fips201ep.cio.gov, which provides the login request document and email address needed to setup an account in the Web Enabled Tool.

Fifth, Suppliers must submit their offering to the Lab. To begin submission of an offering to the Lab, login to the Web Enable Tool using the account acquired in the previous step. Upon logging in, click the ‘Apply for Product/Service Evaluation’ link at the top of the page to being filling out the application. Note that one application is used for each Product or Service submitted to the Lab. After the application package has been added to the Suppliers account, documents can be added to the  application by clicking the ‘Submit Document Package’ link at the top of the page.

All applications submitted will be displayed, and documents can be uploaded to the applicable case. For products and services that require Lab testing, it will be necessary to deliver a production version of the Product to the Lab. Specific instructions regarding this process can be found in Section 2.4 of the Approval Procedure. Once all artifacts necessary for evaluation have been received by the Lab, the product will be moved into the Evaluation Queue were it will wait to be tested.

April Giles, FIPS 201 Evaluation Program Chief Architect, Identity Management Division, Office of Governmentwide Policy, US General Services Administration (GSA), Washington, DC, USA
Edition: Edition 35

Cookie Policy. This website uses cookies to ensure you get the best experience on our website.