Overview
This section mandates that federal agencies procure only personal identity verification (PIV) products and services that comply with FIPS PUB 201 standards and outlines the specific procurement pathways and compliance requirements for these acquisitions.
Key Rules
- Mandatory Compliance: All PIV products and services must be approved and compliant with FIPS PUB 201.
- Preferred Procurement Source: Agencies are encouraged to use GSA Federal Supply Schedule 70 (SIN 132-62, HSPD-12) following FAR subpart 8.4 procedures.
- Alternative Procurement Requirements: If not using the GSA Schedule, agencies must:
- Certify that products meet all federal standards.
- Ensure interoperability and conformance throughout the entire lifecycle of the components.
- Maintain a written plan to ensure ongoing conformance to federal standards.
- Resource Reference: Technical guidance and approved lists are maintained at http://www.idmanagement.gov.
Practical Implications
- Contracting Officers should prioritize GSA Schedule acquisitions for PIV requirements to avoid the high administrative burden of self-certifying interoperability and maintaining independent lifecycle conformance plans.
- Vendors must ensure their products are listed on the Approved Products List (APL) to be eligible for federal contracts involving identity verification infrastructure.