GSA ACES Program:

The Access Certificates for Electronic Services (ACES) program provides digital certificates and Public Key Infrastructure (PKI) services to enable electronic government applications that require logical access control, digital signature and/or electronic authentication. GSA serves as a Policy Authority and is responsible for organizing and administering the ACES Policy and the ACES contract.

Ordering Activity Information:

The ACES GWAC expired on October 31, 2005, and no new orders are being placed. Ordering entities are currently able to access Policy-compliant ACES products and services through the Schedules program. 

Vendors' commercial digital certificates and PKI services will be listed in Schedule 70 under SIN 132-60. Products and services complying with the ACES certificate policy and program requirements including federal PKI policy will be available only through the ACES vendor's Schedule contract. Only approved products and services that comply with this policy and become approved ACES Certificate Authority (CA) will be eligible and approved to be sold under the ACES SIN (Special Item Number).

WARNING for Agencies:  Federal agencies seeking to acquire digital certificates and/or PKI products and services should note that products/services purchased directly under the IT Schedule, but not under the ACES SIN 132-60 are not approved by the Certificate Authority, and may not be compliant with the Certificate Policy or OMB Memorandum M-05-05, Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services.

Prospective ACES Vendors Information:

Prospective vendors of the new SIN for digital certificates and PKI services must undergo ACES Security Certification and Accreditation (C&A) as a condition of obtaining and retaining approval to operate as an Authorized CA under this policy and the GSA ACES Program. Vendors should consult the Certificate Policy for detailed information on the requirements and responsibilities evaluated under this process.

Prospective Vendors for Other Authentication Products and Services:

Prospective vendors for Authentication Products and Services other than digital certificates and PKI services must undergo a process similar to ACES vendors in order to be approved to sell approved products/services to agencies. GSA will establish and publish procedures for applying and qualifying for additional SINs that will be established to provide Authentication Products and Services under the Information Technology (IT) Schedule. The procedures required to gain approval to sell on the specific SIN will define (any) pre-requisite qualification requirements, application procedures, evaluation procedures, and ongoing qualification requirements once approved.

Access to Approved Authentication Products and Services:

All authentication service lines will be offered through IT Schedule 70. GSA will provide contract services for authentication services in the same manner as other IT services on the GSA Schedules program. E-Authentication services, smart card services, and PKI services will be provided under IT Schedules 70, SINs 132-6X.

Agencies may issue task orders on the Schedules or GSA may order directly on behalf of agencies, as determined appropriate for purposes of efficiency and administrative management. Approval or non-approval for vendors to offer products/services under any Schedule will not affect the availability of the vendors' products/services that are available to state/local governments under the E-Government Act of 2002. 

Qualification Information:

All of the products and services for the SIN listed above must be qualified as being compliant with governmentwide requirements before they will be included on a GSA IT Schedule contract. The Qualification Requirements and associated evaluation procedures against the Qualification Requirements for each SIN and the specific Qualification Requirements for HSPD-12 implementation components are presented at IDManagement.gov.

Qualification Requirements:

Offerors proposing products and services under SIN 132-60 are required to provide the following:

1. Proposed items must be determined to be compliant with federal requirements for that SIN. Please refer to IDManagement.gov. GSA will follow these procedures in qualifying offeror's products and services against the Qualification Requirements applicable to the SIN. Offerors are encouraged to submit a proposal under the Schedules IT solicitation at the same time products and services are submitted to be qualified. Award for SIN 132-60 will be dependent upon receipt of official documentation from the Acquisition Program Management Office (APMO) verifying satisfactory qualification.
   
2. After award, the contractor agrees that certified products and services will not be offered under any other SIN on any GSA Schedule.
   
3. If the contractor changes the products or services previously qualified, GSA may require the contractor to resubmit products or services for requalification. If the federal government changes the qualification requirements or standards, the contractor must resubmit products and services for requalification.   

The shortcut to this page is www.gsa.gov/aces.