The Shared Service Provider (SSP) program is operated by the Federal Identity Credentialing Committee (FICC). The purpose of the program is to ensure that third-party PKI service providers can satisfy the U.S. Government requirements for issuing and managing digital certificates on smart card tokens that satisfy all the requirements of the U.S. Common Policy Framework, FIPS 201 and NIST SP 800-73. Vendors who successfully pass these policy, procedural, and operational requirements are added to the Certified Providers List and their certificates express the Common Policy OIDs. SSP vendors' CAs are cross-certified with the Federal Bridge CA (FBCA) through the Common Policy linkage.

After December 2005, Federal entities newly implementing PKIs will be required to get their certificates and services through the SSP program unless explicitly exempted by OMB.

SSP provides its customers with the following services:

• A pre-established, managed PKI operating environment sufficient to enable customers to issue and maintain digital certificates for their user communities;

• A trusted, audited, federally-approved infrastructure that is recognized by, and interoperable with, other Government agencies; and

• Cost savings derived from economies of scale through larger volume certificate procurements and shared infrastructure components.

Treasury was approved as a SSP on 7/7/06 and has undergone an extensive review process in order to ensure compliance with the Federal PKI Common Policy Framework.