SPS: Secure Payment System
System Requirements: PC Minimum Hardware and Software Requirements
SPS is a browser-based, thin-client application that will be accessible via the Internet or modem dialup. Dial-up access will also be available as a contingency in the event of Internet unavailability or for those agencies that may have firewall restrictions prohibiting use of signed JAVA applets from FMS for the SPS application.
SPS can be run from any PC meeting the minimum requirements listed below:
While being able to run SPS from any user's PC is convenient, there are concerns and vulnerability inherent to an Internet environment that you should consider, prior to determining how your agency will implement and operate SPS. For example, your agency may have firewall policies that prohibit downloading JAVA Applet Code, in which case your agency would have to use SPS in a dial-up mode. Each agency must designate at least one Data Entry Operator (DEO) and one Certifying Officer (CO) to operate SPS. SPS Offline includes the "third party" function which FPAs can create the payment data for certification in their systems, and export it to SPS. Due to the sensitivity of the data being passed through SPS, we have built SPS to be very secure. The General Accountability Office and a number of security agencies have participated in reviews at various stages throughout the development of SPS.
To achieve an adequate degree of security and integrity, FMS is setting the PKI Level of Assurance fairly high. This will require an active FTRA in-person proof another individual to be a FTRA. The individual will be required to provide one valid government issued picture identification. SPS users (DEO or CO) must be in-person proofed by one FTRA prior to being issued a PKI Credential. SPS users must also provide one form of valid government issued picture identification. Any individual seeking credential services, such as password or token re-issuance, must re-appear to the FTRA for in-person proofing prior to being serviced.
There is no requirement within SPS or PKI that every site establish a FTRA. The decision whether or not to establish a FTRA is a business decision. If your agency has a sufficient number of Certifying Officers and Data Entry Operators trained and activated, and you are located close enough to a FTRA, the agency may decide that its payments business can be satisfied through using a FTRA at another FMS site. If your agency is not located close to a FMS site, you will need to consider the travel costs and travel times for each of your SPS employees get to a FTRA in person.
The primary determinants whether or not to establish a FTRA are probably timeliness to acquire PKI services, number of users who would need to use a FTRA, and availability of two individuals (plus backups) to serve as FTRAs, and provide sufficient coverage for your business needs. A couple other considerations which could factor into your decision as to whether to designate a FTRA(s) are: 1) FMS will be moving away from SecurID card technology to PKI for other applications, and a FTRA can provide PKI services for any FMS application; 2) while you may be located near a FTRA for another agency, that agency would not necessarily have ready access to proof of employment records for your employees, and may be reluctant to vouch for them.
You will perform the initial load of SPS at your site via a CD:ROM provided by FMS. Subsequent application changes and enhancements will almost always be automatically downloaded to your users.