Purpose and Scope This part of the multi-part standard defined by INCITS 504 addresses the testing of assertions made in parts 1 and 2 of the standard. Part 3 of this multi-part standard will define conformity assessment to include the use of relevant existing conformity assessments. ? Identity credential storage (Namespace standardization) ? Authentication protocols ? Biometric verification1 ? Confidentiality protocols ? Digital signatures ? Card management ? Application management ? Key management ? Related administrative management functions ? Card lifecycle model ? Card enablement Test requirement definition for GICS Part 1 ?C Command Application Command Set and Part 2 ?C Card Administrative Command Set is defined with sufficient detail to satisfy GICS requirements. Testing of card application profile specifications for GICS application (Part 4) is out of scope for Part 3. The scope for Part 3 is limited to definition for what testing is required and does not provide technical guidelines on the methodology to be used during the testing and validation of applicable components. Part 3 focuses on platform conformance testing of Part 1 and Part 2@ and focuses on what needs to be tested to enforce full functionality and interoperability. In particular@ instances of brute force@ exhaustive@ or openended negative testing are not specified in the requirements in this standard. There are no test requirements for negative testing to determine abnormal behavior with the exception of interrogating access control rules and elicitation of error codes where possible and appropriate. It is expected that test methods@ procedures and environments will be developed by commercial and/or government entities to be available for developers producing GICS compliant products. FIPS 140-2 validation is out of scope for the GICS platform conformance testing. Product developers could use existing validation program to get their GICS Platform FIPS 140-2 validated. 1 Note that the document does not completely specify biometric verification but only includes hooks for biometric data for future use.