SPS: Secure Payment System

System Requirements: PC Minimum Hardware and Software Requirements

SPS is a browser-based, thin-client application that is accessible via the Internet.

SPS can be run from any PC meeting the minimum requirements listed below:

  • Desktop with Windows 7 (Note: All of the latest XP/Windows 7 updates/patches/service packs provided by Microsoft can be applied)

  • Adobe Acrobat Reader, plug-in for Internet Explorer, version 9.0 or higher

  • Datakey CIP software Maintenance Update 20.2 - or Safenet Authentication Client 8.0 Service Pack 2 (preferred)

  • Rainbow iKey 2032 USB Token

  • One free USB port

  • Available Printer

  • Internet connectivity via user agency's connection

While being able to run SPS from any user's PC is convenient, there are concerns and vulnerability inherent to an Internet environment that you should consider, prior to determining how your agency will implement and operate SPS. Each agency must designate at least one Data Entry Operator (DEO) and one Certifying Officer (CO) to operate SPS. SPS Offline includes the "third party" function which FPAs can create the payment data for certification in their systems, and export it to SPS. Due to the sensitivity of the data being passed through SPS, we have built SPS to be very secure. The General Accountability Office and a number of security agencies have participated in reviews at various stages throughout the development of SPS.

  • Every SPS user at your agency must have a Public Key Infrastructure (PKI) Credential in order to access the system. PKI will also be used to sign certifications electronically. Fiscal Service will provide all PKI Credentials for your SPS users at no cost to your agency. Fiscal Service will also provide instructions and policies for PKI enrollment. Contact your servicing RFC.
  • Every SPS user at your agency must have a token, which will contain the PKI Credential for user authentication and document signing.
  • Every PC used at your agency that will be used to access SPS will need to be configured to read the SPS token.
  • The use of PKI in SPS has business and potential staffing implications for FPAs. In order for a user to obtain a PKI Credential, the user must appear in person at a PKI Registration Authority (RA) or a Fiscal Trusted Registration Agent (FTRA). The user must also appear in person at a RA or FTRA in order to have a suspended PKI Credential re-activated. Fiscal Service will have a RA at its Hyattsville, Maryland facility. Fiscal Service will have FTRAs at its Liberty Center location (Washington DC) and the two Regional Financial Centers (Kansas City MO and Philadelphia PA). FPA personnel may appear at any of these Fiscal Service locations for certificate processing. A Fiscal Trusted Registration Agent (FTRA) consists of individuals designated by the business customer (Federal Program Agency). The business customer is responsible for:
  • Identifying in writing to the RA the names and contact information for a minimum of two individuals to serve as FTRAs.
  • Updating the RA with FTRAs information due to changes to FTRAs.
  • Notifying the RA if the certificate holder ("subscriber")
    • is no longer employed or affiliated with the FPA
    • no longer requires the private key associated with his/her PKI certificate
    • has reason to believe his/her private key has been compromised
    • no longer has access to his/her private key (e.g., cannot remember the password that unlocks the private key)

To achieve an adequate degree of security and integrity, Fiscal Service is setting the PKI Level of Assurance fairly high. This will require an active FTRA in-person proof another individual to be a FTRA. The individual will be required to provide one valid government issued picture identification. SPS users (DEO or CO) must be in-person proofed by one FTRA prior to being issued a PKI Credential. SPS users must also provide one form of valid government issued picture identification. Any individual seeking credential services, such as password or token re-issuance, must re-appear to the FTRA for in-person proofing prior to being serviced.

There is no requirement within SPS or PKI that every site establish a FTRA. The decision whether or not to establish a FTRA is a business decision. If your agency has a sufficient number of Certifying Officers and Data Entry Operators trained and activated, and you are located close enough to a FTRA, the agency may decide that its payments business can be satisfied through using a FTRA at another Fiscal Service site. If your agency is not located close to a Fiscal Service site, you will need to consider the travel costs and travel times for each of your SPS employees get to a FTRA in person.

The primary determinants whether or not to establish a FTRA are probably timeliness to acquire PKI services, number of users who would need to use a FTRA, and availability of two individuals (plus backups) to serve as FTRAs, and provide sufficient coverage for your business needs. A couple other considerations which could factor into your decision as to whether to designate a FTRA(s) are: 1) Fiscal Service will be moving away from SecurID card technology to PKI for other applications, and a FTRA can provide PKI services for any Fiscal Service application; 2) while you may be located near a FTRA for another agency, that agency would not necessarily have ready access to proof of employment records for your employees, and may be reluctant to vouch for them.

You will perform the initial load of SPS at your site via a CD:ROM provided by Fiscal Service. Subsequent application changes and enhancements will almost always be automatically downloaded to your users.

Also see:

  • Schedule Upload 440 File Format for GWAPDF File for Schedule Upload 440 File Format for GW
    May 2014  (434 KB)

    The SPS Schedule Upload 440 File Format for GWA Reporter Only, Version 1.6 replaces the previous Version 1.0. Please note that Version 1.6 does not make any changes to the format requirements. The only changes were minor typographical corrections, Depositor Account Number field for Same Day Pay schedules marked required to match the online edit, and a new logo for the SPS Application with new Bureau name.

  • Technical Note 16: Formats And Edit Criteria PDF File for Technical Note 16: Formats And Edit Criteria are still in effect for Non-GWA Reporter ALCs for SPS.   February 24, 2005  (1,358 KB)

   Last Updated:  January 21, 2015