Thales SafeSign Management Server Certified under GSA FIPS 201 Evaluation Program

Thales SafeSign Management Server Certified under GSA FIPS 201 Evaluation Program

In order to comply with Homeland Security Presidential Directive 12 (HSPD-12), US Federal Government Agencies must purchase products that have been approved by GSA (General Services Administration ) and that are listed on the approved products list. Thales SafeSign Management Server is now certified for Electronic Personalization and listed on the GSA FIPS 201 (Federal Information Processing Standards) approved products list.

Weston, Florida, May 1, 2007–Thales, a global leader in smart card authentication systems and identity management solutions, is pleased to announce an addition to its growing list of GSA FIPS 201 approved products: SafeSign Management Server. This new offering is certified for Electronic Personalization and listed on the GSA FIPS 201 approved products list. With the FIPS 201 certification, US Federal Government agencies can use SafeSign Management Server to issue PIV cards and credentials, complying with FIPS 201.

The addition of SafeSign to our growing list of FIPS 201 and GSA Approved Products List (APL) for FIPS 201 support is the result of our dedicated work and knowledge in this field. It joins our SafeSign Crypto Module on the GSA APL, broadening Thales’ extensive best of breed technology support of U.S. government initiatives, including cryptographic and communications security tools,” said Cynthia Provin, President of e-Security activities of Thales in the Americas . “Now that Thales SafeSign Management Server and Cryptographic modules are on the APL, Thales and our partners will be able to provide solutions to many of the Federal Government Agencies that are working on complying with FIPS 201,” she concludes.

SafeSign Management Server (SSMS) is a card management solution that is critical to integrating all the technologies and the process required to comply with FIPS 201. The electronic personalization category is a crucial accreditation for any CMS or personalization bureau. The approval process validates the correct programming of all of the data structure elements that constitute a PIV credential. This verification guarantees the interoperability of credentials issued from different systems and underpins the entire FIPS 201 concept of mutually recognized and trusted identities. The testing process includes a 166 point examination of each of the data containers on a set of cards, validating the data content, headers, digital signatures and consistency of the entire credential. GSA FIPS 201 approved products can be found at the following web address:

About SafeSign Management Server

SSMS is a pre-configured card and credential management solution that addresses the challenges faced by agencies deploying FIPS-201 compliant PIV smart cards to their employees and contractors. SSMS provides both ‘out-of-the-box’ PIV card issuance and management capabilities and, a highly flexible and configurable integration platform for existing services, applications and processes.

SSMS provides cardholder registration and complete PIV card lifecycle management that is integrated with a variety of document, photo and biometric capture devices, card printing and production solutions, PIV II certified smart cards, PKI certificate providers and identity management systems. Each function within the SSMS issuance process may use existing product features, or utilize external applications as appropriate.

Key Features and Functionality include:

  • FIPS 201 Compliant Card Personalization
  • PIV Cardholder Registration and Application Handling Including FIPS–201 Defined Role Separation
  • Integrated Card Design and Layout Tool for Graphical Personalization
  • PIV Credential Authentication to SafeSign Management Server’s Management Portal
  • API Toolkit for Identity Management System Integration

About Thales

Thales is a leading international electronics and systems group, serving defense, aerospace and security markets worldwide, supported by a comprehensive services offering. Thales offers unmatched capability in the development and deployment of critical information systems. The group’s civil and military businesses develop in parallel to serve a single objective: the security of people, property and nations. Thales group employs 70,000 people in 50 countries and generated revenues of $13 billion in 2006.

The new Security Solutions & Services Division, operational since 5 January 2007, combines the businesses of Thales’s former Security and Services divisions with those of Alcatel-Lucent’s Transport Systems Division and Integration & Services Division. The new division makes Thales a world market leader in transport and security markets. Our security solutions and services activities around the world now generate revenues of about 4 billion dollars, with 20,000 employees in 35 countries.

Thales is a world leader in the provision of cryptographic security products and solutions for all critical infrastructures including governments, the military, satellite networks, enterprises and the finance industry. Thales has 40 years of unrivalled track record in protecting networks up to TOP SECRET and a complete portfolio of products which includes network encryption, access control and remote user solutions. In the financial world, Thales secures value bearing transactions, data preparation for card and PIN issuing, and provides advanced user and message authentication solutions supported by secure identity management and token ssuing. Over half of the world’s banks, together with the majority of the busiest exchanges, currently use Thales technology and services.


Thales, Security Solutions & Services
Sarah Milligan
Tel. +44 1 844 204 181