WidePoint’s PIVotal IDTM for Federal leverages our certification as an approved Shared Services Provider:
- System Security Plan for ORC Information Assurance/ Identity Management (IA/ IDM), dated May 20, 2004
- ORC’s Security Accreditation Decision Letter, dated October 31, 2005
- ORC Certificate Practice Statement (CPS), Version 3.3, dated August 22, 2005
Our integration service and product qualifications, PIVotal ID™, meets or exceeds the specification of minimum technical functions and capabilities related to the provision of HSPD-12 Personal Identity Verification (PIV) System Integration Services and Products in order to be considered for contract award under the SINs 132.61 & 132.62 for HSPD-12 PIV & PIV System Integration Services and Products.
Our proven capabilities will provide exceptional PIV system integration services. And, our partnership with industry leaders, the products that implement integration of multiple HSPD-12 PIV systems, system components and approved products, within WidePoint’s PIVotal ID, as well as other applicable standards and specifications as may be required by an ordering activity will afford all Federal agencies the capability to meet the HSPD-12 mandated schedule, on time and within budget. These include, but are not limited to:
- Capability to collect, store, and maintain all information and documentation as required by the HSPD-12 PIV system components and approved products that are incorporated into our integrated services and products.
- Capability to provide support for integration of PIV system components with existing agency systems and infrastructures.
- Technical capability to provide one or more services and products in the following categories:
- Integration services to provide integration of more than one PIV service and product, including interfaces between PIV components and with agency PIV systems.
- “Turn-key,” agency-owned integrated PIV solutions, comprised of more than one PIV service and/or product or component.
- Contractor owned and managed service that provides integrated PIV solutions, comprised of more than one PIV service and/or product or component.
All of the PIVotal ID services and products related to the PIV card comply with HSPD-12, Federal Information Processing Standard (FIPS) 201, applicable National Institute of Standards and Technology (NIST) Special Publications (SP) and GSA interoperability compliance requirements. Approved services and products are listed at http://fips201ep.cio.gov/index.php). PIVotal ID delivers only solution components that have been certified by NIST and approved by GSA, as appropriate, as such components are commercially available.
PIVotal ID services and products begin with the FIPS 201-compliant Shared Service Provider (SSP) services and products that has been demonstrated compliant through evaluation and testing programs established by NIST and GSA. Currently authorized to issue SSP certificates, ORC has completed a security C&A as required by the Computer Security Act of 1987, Appendix III to (OMB) Office of Management Budget Circular A-130, and Federal Information Security Management Act of 2002 (FISMA). GSA is the Designated Approving Authority (DAA).
In addition, ORC [under our CPS, referenced] has completed successful cross-certification with the Federal Bridge Certification Authority (FBCA) and has successfully completed the requisite compliance analysis and Operational Capability Demonstration (OCD), under the U.S. Federal PKI Common Policy Framework (FPCPF).