VeriSign SSP PKI First Certified Under GSA FIPS 201 Evaluation Program
VeriSign, Inc. announced today (21 June 2006) that its Shared Service Provider (SSP) Public Key Infrastructure (PKI) was the first service to be certified under the General Services Administration (GSA)-managed FIPS 201 Evaluation Program. The FIPS 201 certification enables VeriSign to provide PKI services for Federal agencies needing to comply with Homeland Security Presidential Directive 12 (HSPD-12), or the government smart card initiative.
“This evaluation and certification process enables VeriSign to expand its already significant work with the Federal government,” said George Schu, vice president for VeriSign. “We are pleased to be the first SSP to be certified as FIPS 201-compliant by GSA, and believe this further demonstrates VeriSign's commitment to providing highly secure and stable systems for its government customers.”
The VeriSign SSP PKI is the first of 90 products and services submitted to-date to the GSA to be certified as FIPS 201-compliant. Successful completion of the GSA-managed FIPS 201 evaluation acknowledges that the VeriSign SSP PKI fully complies with the requirements specified in FIPS 201 and the X.509 Federal Common Policy.
In February 2004, the Federal Identity Credentialing Committee (FICC) established requirements and a process for the certification of vendors to provide PKI and smart card issuing services for Federal agencies. The FICC specified a common identity credential to be used by Federal employees for both physical and logical access to Federal facilities and IT systems. The hierarchical PKI model with vendor-supplied Certificate Authorities (CA) services specified by the Federal government for SSP is identical to the managed PKI model that VeriSign has been delivering for nearly 10 years to its government and commercial enterprise customers around the world.
In July 2004 VeriSign was the first SSP certified by the FICC. Now with the additional GSA FIPS 201 certification, Federal agencies can be assured that, not only can VeriSign provide all the mandatory and optional certificate types defined in FIPS 201, but that the VeriSign SSP PKI and associated validation services are being delivered by a highly scalable, reliable and secure infrastructure unmatched in the industry.