The U.S. General Services Administration (GSA) has approved HID Global’s pivCLASS Government Solutions portfolio and Software House’s C•CURE 9000 for use in Federal Identity, Credential and Access Management (FICAM), a common framework and implementation roadmap.
The solutions are the first to successfully complete GSA’s new testing process and comply with the FICAM roadmap and the realignment of the GSA’s approved product list (APL).
As part of the FICAM testing and approval process, each product was subjected to a rigorous set of tests, including cyber attacks, to ensure that the system is not prone to denial of service, credential spoofing or other types of unauthorized access. The FICAM program tests devices as individual components as part of a high assurance, end-to-end system to ensure that products conform with existing APL approval procedures. The testing approach guarantees that agencies meet all of the requirements in FIPS 201-1 and SP 800-116.
“The GSA APL team spent the past 12 months revamping every part of the testing program for physical access systems,” says Chi Hickey, program manager for FICAM Testing Program, GSA Information Assurance and Trusted Access Division. “In its present form, it is arguably the most robust and rigorous information technology-centric physical access testing in the world. Only rigorous testing provides a reasonable basis for confidence in the access control of the federal governments’ buildings and other assets.”
Software House’s C•CURE 9000 security and event management system features credential deactivation, custom clearances, and activating events based on activity.
The end-to-end, FICAM-approved solution includes several HID Global pivCLASS products, including pivCLASS Registration Engine, pivCLASS Certificate Manager, pivCLASS Reader Services, pivCLASS Authentication Modules (PAM), pivCLASS IDPublisher, as well as pivCLASS RP40 and RPKCL40 readers. The entire end-to-end system can be procured through Software House.
For a complete list of FICAM-approved products, visit idmanagement.gov.