FMS Web site bannerFMS Programs Banner Tab Read FMS Web site privacy policy Skip to Main Content Department of the Treasury Web site Programs main page
 

transparent spacer graphicHometransparent spacer graphicQ&A'stransparent spacer graphicCalendartransparent spacer graphicPublicationstransparent spacer graphicProgramstransparent spacer graphicAbout FMStransparent spacer graphicSite Map/A-Z Indextransparent spacer graphicHelptransparent spacer graphic
   
 
  Find:    Advanced Search arrow pointing right Tools: Print RSS E-mail Skip secondary navigation
  spacer graphic

white arrow Overview: SPS

white arrow Forms

white arrow Installation

white arrow Related Resources

white arrow Section 508

white arrow SPS Changes for GWA

white arrow System Requirements

white arrow Contacts

SPS: Secure Payment System

System Requirements: PC Minimum Hardware and Software Requirements

Also see:

SPS is a browser-based, thin-client application that will be accessible via the Internet or modem dialup. Dial-up access will also be available as a contingency in the event of Internet unavailability or for those agencies that may have firewall restrictions prohibiting use of signed JAVA applets from FMS for the SPS application. SPS can be run from any PC meeting the minimum hardware and software requirements listed below:

  • Pentium III 500mhz

  • 256 MB RAM

  • 500mb free hard disk space

  • 2x CDROM Drive

  • XP SP2 (Note: All of the latest XP updates/patches/service packs provided by Microsoft can be applied) Note: Windows 2000 and older Microsoft Operating Systems (NT/98/etc.) are not supported. Vista support is expected in 2008.

  • Browser - Internet Explorer 6.0+ or 7.0+ PLUS: Java Plug in1.5.0_11 Note: Agencies have reported that SPS works with FireFox and Netscape (unsupported). SPS does not work with Java 1.3, 1.4, or 1.6

    or

  • SPS Self-Contained Installation that does not use a browser and uses a locally installed version of Java Plug in 1.5.0_11

  • Adobe Acrobat Reader, plug-in for Internet Explorer, version 5.0 or higher

  • Datakey CIP software Maintenance Update 20.2 - 4.7.20.2010

  • Rainbow iKey 2032 USB Token

  • One free USB port

  • 56K external or internal modem for dial connectivity

  • Internet connectivity via user agency's connection

  • Analog telephone line for any PC used for dial-up (FMS suggests each SPS site have at least one analog line available for contingency purposes, in the event of Internet unavailability)

While being able to run SPS from any user's PC is convenient, there are concerns and vulnerabilities inherent to an Internet environment that you should consider, prior to determining how your agency will implement and operate SPS. For example, your agency may have firewall policies that prohibit downloading JAVA Applet Code, in which case your agency would have to use SPS in a dial-up mode.

Each agency must designate at least one Data Entry Operator (DEO) and one Certifying Officer (CO) to operate SPS.

SPS Offline includes the "third party" function which FPAs can create the payment data for certification in their systems, and export it to SPS.

Due to the sensitivity of the data being passed through SPS, we have built SPS to be very secure. The General Accountability Office and a number of security agencies have participated in reviews at various stages throughout the development of SPS.

  • Every SPS user at your agency must have a Public Key Infrastructure (PKI) Credential in order to access the system. PKI will also be used to sign certifications electronically. FMS will provide all PKI Credentials for your SPS users at no cost to your agency. FMS will also provide instructions and policies for PKI enrollment. Contact your servicing RFC.

  • Every SPS user at your agency must have a token, which will contain the PKI Credential for user authentication and document signing.

  • Every PC used at your agency that will be used to access SPS will need to be configured to read the SPS token.

  • The use of PKI in SPS has business and potential staffing implications for FPAs. In order for a user to obtain a PKI Credential, the user must appear in person at a PKI Registration Authority (RA) or a Fiscal Trusted Registration Agent (FTRA). The user must also appear in person at a RA or FTRA in order to have a suspended PKI Credential re-activated. FMS will have a RA at its Hyattsville, Maryland facility. FMS will have FTRAs at its Liberty Center location (Washington DC) and the four Regional Financial Centers (Austin TX, Kansas City MO, Philadelphia PA, and San Francisco CA). FPA personnel may appear at any of these FMS locations for certificate processing. A Fiscal Trusted Registration Agent (FTRA) consists of individuals designated by the business customer (Federal Program Agency). The business customer is responsible for:

    • Identifying in writing to the RA the names and contact information for a minimum of two individuals to serve as FTRAs.
    • Updating the RA with FTRAs information due to changes to FTRAs.
    • Notifying the RA if the certificate holder (*subscriber*)
      • is no longer employed or affiliated with the FPA
      • no longer requires the private key associated with his/her PKI certificate
      • has reason to believe his/her private key has been compromised
      • no longer has access to his/her private key (e.g., cannot remember the password that unlocks the private key)

To achieve an adequate degree of security and integrity, FMS is setting the PKI Level of Assurance fairly high. This will require an active FTRA in-person proof another individual to be a FTRA. The individual will be required to provide one valid government issued picture identification. SPS users (DEO or CO) must be in-person proofed by one FTRA prior to being issued a PKI Credential. SPS users must also provide one form of valid government issued picture identification. Any individual seeking credential services, such as password or token re-issuance, must re-appear to the FTRA for in-person proofing prior to being serviced.

There is no requirement within SPS or PKI that every site establish a FTRA. The decision whether or not to establish a FTRA is a business decision. If your agency has a sufficient number of Certifying Officers and Data Entry Operators trained and activated, and you are located close enough to a FTRA, the agency may decide that its payments business can be satisfied through using a FTRA at another FMS site. If your agency is not located close to a FMS site, you will need to consider the travel costs and travel times for each of your SPS employees get to a FTRA in person.

The primary determinants whether or not to establish a FTRA are probably timeliness to acquire PKI services, number of users who would need to use a FTRA, and availability of two individuals (plus backups) to serve as FTRAs, and provide sufficient coverage for your business needs.

A couple other considerations which could factor into your decision as to whether to designate a FTRA(s) are: 1) FMS will be moving away from SecurID card technology to PKI for other applications, and a FTRA can provide PKI services for any FMS application; 2) while you may be located near a FTRA for another agency, that agency would not necessarily have ready access to proof of employment records for your employees, and may be reluctant to vouch for them.

You will perform the initial load of SPS at your site via a Web Installation or Self-Contained Installation CD provided by FMS. Subsequent application changes and enhancements will be performed via Maintenance CDs provided by FMS.

   Last Updated:  Tuesday July 01, 2008
Contact FMS
Treasury E-Government		 Privacy Policy
Web Site Inventory/
Publication Schedule		 Accessibility/
508 Statement		 Freedom of Information Act/
Information Quality
Treasury Department Web Site Treasury No Fear Act Page Regulations.gov USA.gov