GSA Shared Service Provider Program Guide
For contractors who provide digital services to the federal government, a public key infrastructure (PKI) is critical to protecting confidential and sensitive information.
Many agencies offer PKI services, but the General Services Administration’s PKI Shared Services Program gives federal contractors an advantage in competing for contracts as they are compliant with federal government digital exchange requirements and are listed on the GSA Multiple Award Schedule.
To help commercial vendors take advantage of the GSA PKI Shared Services Program, the Identity Assurance and Trusted Access Division, within GSA’s Office of Government-wide Policy (OGP), recently created the GSA PKI Shared Services Program (SSP) Guide.
The guide provides information on who should apply, the benefits of the program, and a step-by-step guide to apply. Commercial vendors can also find details on how to maintain the certificates once they join the program, as well as contact information if there are any questions. Federal employees that work with contractors in the digital space can also recommend that vendors explore GSA’s PKI Shared Services Program as a trusted option to acquire and maintain federal-compliant PKIs.
The Shared Services Program offers several different certificates to fulfill your agency needs including:
- Personal Identity Verification (PIV) card - Used for authenticating to websites, authenticating in government buildings, and signing and encrypting emails and documents.
- Derived PIV - Used for authenticating to websites and signing and encrypting emails and documents.
- PIV Interoperable (PIV-I) - A PIV-I is technically comparable to a PIV card, but designed for agency staff who do not qualify for a PIV card.
- Device certificates - Used for secure HTTP connections on internal agency websites for end users and servers providing interagency trust.
- Digital signature - Used to digitally sign emails and documents, including role-based signature certificates and Office of the Federal Register Digital Autopen signature certificates.
- Key management service - Store and manage private keys associated with encryption certificates.
The SSP Program Guide is reviewed annually and has three major sections:
Section 1 - Outlines GSA management and acquisition controls of the GSA SSP Program according to OMB Memo 19-17.
Section 2 - Defines the application and ongoing maintenance process to apply and stay in the GSA SSP Program.
Section 3 - Lists available services a SSP should offer.
The GSA SSP Program has a long history of successfully providing digital certificate services for employees, contractors, and affiliates. If you are interested in being part of that success, learn more about the application process and the benefits of joining the program. If you have any questions, email the GSA PKI SSP Program at GSAPKISSP@gsa.gov.