GSA ACES Program:
The Access Certificates for Electronic Services (ACES) program provides digital certificates and Public Key Infrastructure (PKI) services to enable electronic government applications that require logical access control, digital signature and/or electronic authentication. GSA serves as a Policy Authority and is responsible for organizing and administering the ACES Policy and the ACES contract.
Ordering Activity Information:
The ACES GWAC expired on October 31, 2005, and no new orders are being placed. Ordering entities are currently able to access Policy-compliant ACES products and services through the Schedules program.
Vendors' commercial digital certificates and PKI services will be listed in Schedule 70 under SIN 132-60. Products and services complying with the ACES certificate policy and program requirements including federal PKI policy will be available only through the ACES vendor's Schedule contract.
WARNING for Agencies: Federal agencies seeking to acquire digital certificates and/or PKI products and services should note that products/services purchased directly under the IT Schedule, but not under the ACES SIN 132-60 are not approved by the Certificate Authority, and may not be compliant with the Certificate Policy or OMB Memorandum M-05-05, Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services.
Prospective ACES Vendors Information:
Prospective vendors of the new SIN for digital certificates and PKI services must undergo ACES Security Certification and Accreditation (C&A) as a condition of obtaining and retaining approval to operate as an Authorized CA under this policy and the GSA ACES Program.
Prospective Vendors for Other Authentication Products and Services:
Prospective vendors for Authentication Products and Services other than digital certificates and PKI services must undergo a process similar to ACES vendors in order to be approved to sell approved products/services to agencies. GSA will establish and publish procedures for applying and qualifying for additional SINs that will be established to provide Authentication Products and Services under the Information Technology (IT) Schedule.
Access to Approved Authentication Products and Services:
All authentication service lines will be offered through IT Schedule 70. GSA will provide contract services for authentication services in the same manner as other IT services on the GSA Schedules program. E-Authentication services, smart card services, and PKI services will be provided under IT Schedules 70, SINs 132-6X.
Agencies may issue task orders on the Schedules or GSA may order directly on behalf of agencies, as determined appropriate for purposes of efficiency and administrative management.
All of the products and services for the SIN listed above must be qualified as being compliant with governmentwide requirements before they will be included on a GSA IT Schedule contract. The Qualification Requirements are presented at IDManagement.gov.
Offerors proposing products and services under SIN 132-60 are required to provide the following:
The shortcut to this page is www.gsa.gov/aces.
Last Reviewed 9/24/2008