Certifications & Contract Vehicles
For 25 years, FedPoint has helped federal, military, and commercial organizations deliver secure, compliant, and world-class benefits experiences. Our contract vehicles and certifications reflect our ongoing commitment to supporting mission‑critical benefits programs with trusted expertise and technology‑enabled solutions.
Federal contracting qualifications
FedPoint is a registered entity with the U.S. General Services Administration’s (GSA) System for Award Management (SAM.gov), which means we have met the necessary requirements to bid on federal contracts.
Commercial and Government Entity (CAGE) number: 3WUF4
Data Universal Numbering System (DUNS) number: 113113638
Unique Entity ID – DKLNKULVY6D8
FedPoint is a classified business in the following industries, as defined by the North American Industry Classification System (NAICS)1:
| NAICS Codes | NAICS Title |
|---|---|
| 524292 | Pharmacy Benefit Management and Other Third Party Administration of Insurance and Pension Funds |
| 513210 | Software Publishers |
| 518210 | Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services |
| 541214 | Payroll Services |
| 541511 | Custom Computer Programming Services |
| 541512 | Computer Systems Design Services |
| 541611 | Administrative Management and General Management Consulting Services |
| 541612 | Human Resources Consulting Services |
| 541990 | All Other Professional, Scientific, and Technical Services |
| 561422 | Telemarketing Bureaus and Other Contact Centers |
1 In the SAM.gov system, FedPoint is listed using our legal entity name, Long Term Care Partners, LLC.
FedPoint has applied to the U.S. General Services Administration (GSA) to be a Multiple Award Schedule (MAS) contractor in the following categories:
| Special Item Number (SIN) | SIN Title |
|---|---|
| 541214HR | Compensation and Benefits |
| 561422 | Automated Contact Center Solutions (ACCS) |
| 54151HEL | Health Information Technology Services |
| 54151S | Information Technology Professional Services |
| 541611 | Management and Financial Consulting, Acquisition and Grants Management Support, and Business Program and Project Management Services |
| 541612LOB | Human Resources Line of Business (HRLOB) |
Third-party administrator
FedPoint is licensed as a third-party administrator (TPA) in all 50 states, maintaining the state insurance regulatory approvals required to administer insurance and employee benefits programs on behalf of insurers, employers, and government programs.
State TPA licensing requires FedPoint to demonstrate financial responsibility, operational capability, and compliance with applicable state insurance regulations, and subjects our operations to ongoing regulatory oversight by state insurance departments.
As a licensed TPA, FedPoint administers programs in accordance with applicable federal and state regulatory frameworks governing employee benefits and health coverage, including ERISA, COBRA, HIPAA, HITECH, and related privacy and security requirements, while adhering to established industry standards for consumer protection, fiduciary accountability, and claims administration integrity.
FedPoint is also licensed as a producer for property and casualty insurance, with individual producers on staff who are licensed to operate in all 50 states.
Security compliance & authorization
FedPoint operates in highly regulated federal environments where information security, privacy protection, and system authorization are essential to mission success. Our team has deep experience implementing and maintaining federal security frameworks, including FedRAMP, FISMA, and agency Authority to Operate (ATO) processes.
Beyond simply writing policy, we are experienced operators and implementers of these frameworks within active federal programs.
Our teams support the full lifecycle of federal security compliance, including:
- designing and implementing systems aligned with NIST-based security controls
- preparing and maintaining FedRAMP, FISMA and CMMC documentation packages
- supporting ATO authorization and continuous monitoring activities
- managing risk assessments, plans of action and milestones (POA&Ms), tracking, and security audits
- coordinating with agency authorizing officials and security teams
- operating compliant environments that meet or exceed evolving federal cybersecurity requirements
By combining strong operational discipline with deep understanding of federal security frameworks, FedPoint enables agencies and partners to deploy secure systems, achieve authorization efficiently, and maintain compliance over time.
The federal benefits programs we administer require operating under formal Authorities to Operate (ATOs) issued by the Chief Information Officer at the applicable sponsoring agencies. These authorizations reflect a mature security posture and a consistent ability to meet federal requirements for safeguarding sensitive data.
We maintain these ATOs through continuous cybersecurity oversight—monitoring, testing, and remediation activities that ensure our systems remain resilient against emerging threats and aligned with federal standards—including the National Institute of Standards and Technology’s (NIST’s) NIST SP-800-53 (rev 5) guidelines. This disciplined approach demonstrates our commitment to protecting the integrity of the programs we support and the information entrusted to us.
FedPoint holds CMMC Level 2 certification. The CMMC program was established by the Department of War to strengthen cybersecurity across the Defense Industrial Base (DIB). This certification reflects FedPoint’s continued investment in cybersecurity and commitment to regulatory compliance, and the protection of our federal and military customers’ sensitive information.
CMMC Level 2 requires full implementation of all the NIST 800-171 Rev. 2 security requirements and assessment objectives. These certification assessments are conducted by a Certified Third-Party Assessment Organization (C3PAO) and validated against NIST SP 800-171 framework. FedPoint received its official CMMC certification having met all requirements with no findings or corrective actions recommended.
FedPoint’s systems are hosted in and integrate with solutions that are maintained in FedRAMP authorized cloud environments. We partner with some of the top FedRAMP-compliant cloud vendors, including AWS and Azure, that meet the rigorous federal standards outlined in NIST’s Risk Management Framework and NIST SP 800-53 (rev 5) guidelines (see Authority to Operate for additional details).
The federal government requires its agencies and contractors to comply with the Federal Information Security Modernization Act (FISMA), a law that defines certain cybersecurity standards to protect government information, operations and assets against threats – using guidelines established by the National Institute of Standards and Technology (NIST).
As both a federal contractor and a state-licensed third-party administrator, FedPoint is accustomed to complying with extensive regulations and requirements. Primary among these are HIPAA and HITECH. Protecting the privacy and security of the personal data that our customers entrust to us is our top priority. Triennial third-party assessments validate that FedPoint is HIPAA and HITECH compliant, with the necessary administrative, physical, and technical safeguards in place to protect the sensitive health information that is entrusted to FedPoint.
Our parent company
FedPoint is a wholly owned subsidiary of John Hancock Life & Health Insurance Company. One of the largest life insurers in the United States, John Hancock supports more than ten million Americans with a broad range of financial products, including life insurance and annuities. John Hancock also supports U.S. investors by bringing investment capabilities, retirement planning, and administration expertise to individuals and institutions. Additional information about John Hancock may be found at johnhancock.com.
A+
AM Best Company
AA
Fitch Ratings Inc.
Aa3
Moody’s Investor Services Inc.
AA-
S&P Global Ratings
