U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Personal Identity Verification of Federal Employees and Contractors PIV

Pre-2008 PIV News Archive


POSTED November 30, 2007: NIST Interagency Report 7452: Secure Biometric Match-on-Card Feasibility Report (NIST IR 7452)

NIST is pleased to announce the release of NIST Interagency Report 7452, Secure Biometric Match-on-Card Feasibility Report. NIST conducted the feasibility study to understand the effects of combining asymmetric cryptography with Biometric Match-on-Card. The report describes the tests that were conducted to obtain timing metrics for the SBMOC transaction and provides a summary of the test results.


POSTED October 4, 2007: Draft Special Publication 800-73-2, Interfaces for Personal Identity Verification

NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification , is now available for a 30 day public comment period. When published in final form, the four parts that comprise SP 800-73-2 will supercede the single-part SP 800-73-1, published in April 2006 . The changes include 1) incorporation of separately published errata, 2) modifications required by SP 800-78-1 , 3) explanation of a cryptographic algorithm and key size discovery procedure, 4) introduction of an optional Unsigned CHUID data object, and 5) addition of a Card Authentication Key-based use case. Other editorial improvements have been made to the document. Please submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-73-2" in the subject line. The comment period closes at 5:00 EST (US and Canada) on November 4, 2007.

SP 800-73-2 Zipped File -- contains 4 PDF files for Parts 1 -- 4
Comments-form-on-NIST_SP800-73-2.xls (26 KB)
or if you want to download each Part separately, please visit the Drafts page.


POSTED August 30, 2007: Special Publication 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification

NIST announced the release of Special Publication 800-78-1, Cryptographic Algorithms and Key Interfaces for Personal Identity Verification on August 2nd, 2007. NIST has added a clarification regarding the effective date of this document. Please see Section 1.4 of the document on the Standards and Supporting Documents page for the clarification.


POSTED August 2, 2007: Cryptographic Algorithms and Key Sizes for Personal Identity Verification

NIST is pleased to announce the release of Special Publication 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The document has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency's Suite B Cryptography. In addition, a new cryptographic migration timeline has been developed based on advances in cryptoanalysis of algorithms as well as operational deployment considerations.


POSTED July 27, 2007: PIV Data Generator and PIV Data Loader

NIST is pleased to announce release of an improved version of the PIV Data Generator. The Data Generator is intended as a reference implementation that facilitates creation of PIV test data objects. The data generator can be used to generate PIV test data that is conformant to the data requirements set forth in FIPS 201, SP 800-73, SP 800-76, and SP 800-78. Developers and integrators are welcome to use the reference utility and its generated data objects in test environments. The data generator has been enhanced to allow dynamic data production, include test data assertion, and be conformant to the PIV Data Model Tester. The Data Loader utility can be used to load the test data on to PIV conformant cards. These reference implementation aids are available at the Downloadable PIV Software page.


POSTED June 29, 2007:

NIST is pleased to announce the publication of Special Publication 800-104, A Scheme for PIV Visual Card Topography. This document provides additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. This document is intended to refine FIPS 201 to enable reliable visual verification of the PIV Card.


POSTED June 29, 2007: PIV Reference Implementation

NIST is pleased to announce the release of a reference implementation of SP 800-73-1. The reference implementation includes a software simulation of a PIV card and an implementation of the End-Point Client Application Programming Interface. NIST has also developed mandatory functions of a PIV Card application on a Basic Card. The source code and binaries for both are available at the Downloadable PIV Software page.


POSTED June 19, 2007: Feasibility Study of Secure Biometric Match-On-Card: Invitation to Participate

The National Institute of Standards and Technology (NIST) will conduct a feasibility study of Secure Biometric Match-On-Card (SBMOC) technology, and invites providers of such technology to submit devices to be tested. The goal of the feasibility study is to determine if the state-of-the-practice in smart card products and biometrics technology have advanced to enable a new mode of operation. To implement this mode, certain functional and security properties must be achieved by the SBMOC technology while meeting performance requirement for a biometric authentication transaction. Complete technical requirements are presented in the Test Approach document.

Submission providers should complete and transmit the Intention to Participate form to NIST by 20 Jul 2007. Providers may transmit a submission package to NIST, as described in the Materials Transfer Agreement, at any time before 20 Aug 2007.

On completion of the tests, NIST will publish a report indicating the number of successful submissions tested, and certain general qualities of the submissions stated in the Test Approach.


POSTED May 24, 2007:

The presentation from the Secure Biometrics Match-on-Card Workshop has been posted.

Posted May 14, 2007:
Secure Biometric Match-on-Card (sBMOC) Workshop 
 
National Institute of Standards and Technology (NIST) will host a public workshop on goals, status, and plans for a secure Biometric Match-on-Card (sBMOC) technical feasibility study. The study will test the accuracy and performance of state-of-the-practice of Match-on-Card implementations on smart cards platforms similar to PIV Cards. Our goal is to develop one or more demonstrations of Match-on-Card biometric authentication meeting specific accuracy and functional requirements, using a secure protocol suited to contactless communication, and with total smart card transaction time below 2.5 seconds. Technical details of the project are included in the Test Plan for sBMOC. The workshop will also address the MINEX II protocol for evaluation of ISO/IEC 19794-2 compact card templates and MOC accuracy. The workshop will be held on Thursday, May 24, 2007 from 9:00 a.m. to 5:00 p.m. at NIST. Attendees are welcome to buy lunch, coffee, and snacks in the NIST cafeteria near the meeting room.

Please click here to register on-line. The registration closes at 5pm on Tuesday, May 22, 2007. Media interested in attending the event or media questions regarding the workshop should be directed to NIST Public and Business Affairs, Gail Porter, at 301-975-3392.

The preliminary agenda for the workshop is as follows:

8:30 - 9:00

Registration
 

9:00 - 12:00

Goals, Schedule, and Deliverables
Business Process
Performance Test Review
Security Analysis Review
Follow-on Activities
 

1:15-4:30

MINEX II Biometric Testing Overview
Business Process
Profile of ISO/IEC 19794-2 compact card
MOC Interface Specification
API Specification
General Q&A

Posted February 1, 2007:
The PIV Data Model (SP 800-85B) Tester is now available. Click link to download installation guide (MS Word) and the tester software (.zip).


Posted January 29, 2007:
Draft Special Publication 800-104, A Scheme for PIV Visual Card Topography

Adobe PDF (122 KB) 
*No Longer Draft Publication 

NIST Special Publication 800-104, A Scheme for PIV Visual Card Topography, is now available for a 30 day public comment period. This document provides additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. This document is intended to refine FIPS 201 to enable reliable visual verification of the PIV Card. Please submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-104" in the subject line. The comment period closes at 5:00 PM EST (US and Canada) on February 28, 2007.


Posted January 25, 2007:
Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification
NIST is pleased to announce the release of NIST Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification. This document is a revision for the earlier version of February 2006. The changes include incorporation of the published errata document and public comments, clarification on performance testing and certification procedures, and caution regarding fingerprint minutiae generation. Additional typographical fixes and aesthetic changes have been incorporated in this document.


Posted September 14, 2006:
Draft Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification
(See January 25, 2007 announcement above.)

NIST Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification, is now available for a three week public comment period. This document is a revision for the earlier version of February 1, 2006. The changes include incorporation of the published errata document, clarification on performance testing and certification procedures, and caution regarding fingerprint minutiae generation. Additional typographical fixes and aesthetic changes have been incorporated in this document. Please submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-76-1" in the subject line. The comment period closes at 5:00 EST (US and Canada) on October 5th, 2006.

*Please note: 800-76-1 is no longer a draft Publication.


Posted September 11, 2006:
NIST Announces Publication of PIV Card to Reader Interoperability Guidelines (SP800-96)

NIST is pleased to announce the release of NIST Special Publication 800-96, PIV Card to Reader Interoperability Guidelines. This document provides requirements for PIV card readers in the area of performance and communications characteristics to foster interoperability. Requirements for the contact and contactless card readers for both physical and logical access control systems are provided in this document. The requirements are for the PIV readers designed to read end-point cards.


Posted August 28, 2006:
NIST Interagency Report 7337: Personal Identity Verification Demonstration Summary.
NIST is pleased to announce the release of NIST Interagency Report 7337, Personal Identity Verification Demonstration Summary. The report summarizes the demonstration of commercially available products that support FIPS 201 and the accompanying special publications.


Posted July 28, 2006:
Second Draft Special Publication 800-96, PIV Card / Reader Interoperability Guidelines
Adobe PDF (138 KB)

NIST is pleased to announce the release of Draft Special Publication 800-96 (SP 800-96), PIV Card / Reader Interoperability Guidelines. The SP 800-96 is available for a two week public comment period. The document provides guidelines for interaction between any card and any reader in the PIV system. It covers contact and contactless readers for logical access as well readers for physical access. Comments should be submitted to PIV_comments@nist.gov with "Comments on SP800-96" in the subject line using the Comments Template Form. The comment period closes at 5:00 EST on Friday, August 11th, 2006.

Posted July 27, 2006:
Final Special Publication 800-85B, PIV Data Model Conformance Test Guidelines
Adobe PDF (1,927 KB)

NIST is pleased to announce the release of NIST SP 800-85B, PIV Data Model Conformance Test Guidelines. This document provides Derived Test Requirements and Test Assertions for testing all data on the PIV Card. The requirements and assertions cover the following PIV Specifications - SP 800-73-1, SP 800-76 and SP 800-78. In addition it also provides tests for verifying the PKI certificates on the PIV card for conformance to Certificate Profiles in FICC-SSP subcommittee document. The guidelines are to be used by the developers of software modules, PIV card issuers, and entities performing conformance tests.

Posted July 3, 2006:
Draft Special Publication 800-78-1, Cryptographic Standards and Key Sizes for Personal Identity Verification
Adobe PDF (250 KB)
Comment Template Form (Excel Spreadsheet)

NIST is pleased to announce the release of Draft Special Publication 800-78-1, Cryptographic Standards and Key Sizes for Personal Identity Verification. The SP 800-78-1 is available for a 90 day public comment period. The document has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency s Suite B Cryptography. Suite B Cryptography reduces the set of elliptic curves approved for use with PIV cards and the supporting infrastructure from six curves to two. The changes are incorporated in the document as well as listed in Appendix C, Errata. Comments should be submitted to piv_comments@nist.gov with "Comments on SP800-78-1" in the subject line using the Comments Template Form (Excel Spreadsheet). The comment period closes at 5:00 EST on October 2nd, 2006.

Posted June 26, 2006:
NIST Announces Publication of FIPS 201-1, Change Notice 1
PDF file (1.04 MB)

NIST is pleased to announce the release of NIST FIPS 201-1 Change Notice 1, Personal Identity Verification (PIV) of Federal Employees and Contractors. This change notice clarifies requirements for printing Agency Card Serial Number on the back of the PIV card. Specifically, the requirement allows variable placement of Agency Card Serial Number along the outer edge of the back of the PIV Card. The change notice also provides corrections to the ASN.1 encoding of the NACI indicator.

Posted May 25, 2006:
Draft Special Publication 800-85B, PIV Data Model Conformance Test Guidelines
Adobe PDF (500 KB)

NIST Special Publication 800-85B, PIV Data Model Conformance Test Guidelines, is now available for a four week public comment period. This document provides Derived Test Requirements and Test Assertions for testing all data on the PIV Card. The requirements and assertions cover the following PIV Specifications - SP 800-73-1, SP 800-76 and SP 800-78. In addition it also provides tests for verifying the PKI certificates on the PIV card for conformance to Certificate Profiles in FICC-SSP subcommittee document. The guidelines are to be used by the developers of software modules and entities issuing PIV cards. Please submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-85B" in the subject line using the Comments Template Form. The comment period closes at 5:00 EST on June 22, 2006.

Posted May 24, 2006:
The PIV Program is pleased to announce that Bill MacGregor will replace Curt Barker as NIST's Personal Identity Verification Program Manager effective immediately. Curt is being reassigned to another position within the NIST Information Technology Laboratory's Computer Security Division. Bill has worked on the program for some time and is a welcomed addition to our management team.

Posted May 23, 2006:
Draft Special Publication 800-96, PIV Card / Reader Interoperability Guidelines
Adobe PDF (138 KB)

NIST is pleased to announce the release of Preliminary Draft of the Special Publication 800-96 (SP 800-96), PIV Card / Reader Interoperability Guidelines. The SP 800-96 is available for a three week public comment period. The document provides guidelines for interaction between any card and any reader in the PIV system. It covers contact and contactless readers for logical access as well readers for physical access. Comments should be submitted to PIV_comments@nist.gov with "Comments on SP800-96" in the subject line using the Comments Template Form. The comment period closes at 5:00 EST on Tuesday, June 13th, 2006.

Posted May 2, 2006:
NIST has posted an Errata to SP 800-73-1 to effect corrections in the access control rules for PIV data model.

Posted April 27, 2006:
NIST is pleased to announce the schedule for the PIV Demonstration. Please click here for more information.

Posted April 21, 2006:
The NIST has initiated the PIV Biometric Product Testing Resource Center to inform the biometric vendor community of existing product testing procedures.

Posted April 18, 2006:
NIST would like to elicit comments on the IAFIS IMAGE QUALITY SPECIFICATIONS FOR SINGLE FINGER CAPTURE DEVICES White Paper. The document provides specifications for the FBI's single finger scanner certification applicable to fingerprint capture devices which scan and capture at least a single fingerprint in digital, softcopy. The specification are used by applications such as the Personal Identity Verification (PIV) Program. Please submit comments on the technical contents of the White Paper to Charles Wilson (NIST).

Posted April 17, 2006:
Sample PIV Data
In response to the request for a sample PIV data, NIST has developed a software tool that generates PIV data consistent with FIPS 201. The data generator and a sample data is now available for a two week public comment period. The software generates mandatory and optional PIV data elements. Note that it does not include the optional fields within each data elements since they are unique to agency use. This software is intended for research purposes only, and is not intended for nor appropriate for production systems. Please submit comments particularly with respect to the functionality and usability of this utility. Comments should be submitted to piv_webmaster@nist.gov with "Comments on Data Generator" in the subject line. The comment period closes at 5:00 EST on Friday, April 28th, 2006.

Posted April 5, 2006:
NIST is pleased to announce the release of NIST Special Publication 800-85A, PIV Card Application and Middleware Interface Test Guidelines (SP800-73 Compliance). This document provides Derived Test Requirements (DTR) and Test Assertions (TA) for testing the PIV Card Application and PIV Middleware interfaces for conformance to specifications in SP 800-73 (Interfaces for Personal Identity Verification). The Guidelines are to be used by the developers of software modules and testing laboratories. SP 800-85A is the first of the two documents (the other one is SP 800-85B to be released shortly) that will replace SP 800-85 released in October 2005.

Posted March 24, 2006:
NIST is pleased to announce the release of NIST Special Publication 800-73-1, Interfaces for Personal Identity Verification, 2006 Edition. Special Publication 800-73-1 specifies a PIV data model, communication interface, and application programming interface. This revision includes changes to the access control requirements for reading PIV public key certificates, storage of the biometric fingerprints in one container, incorporation of the Errata to date, and accomodation of public comments.

March 14, 2006 Federal Information Processing Standard 201 Revision 1 (FIPS 201-1), Personal Identity Verification (PIV) of Federal Employees and Contractors.
The National Institute of Standards and Technology (NIST) is pleased to announce the approval of a revision to Federal Information Processing Standard (FIPS) Publication 201, Standard for Personal Identity Verification of Federal Employees and Contractors. The revision makes changes to Section 2.2, PIV Identify Proofing and Registration Requirements, Section 4.3, Cryptographic Specifications, Section 5.2, PIV Identity Proofing and Registration Requirements, Section 5.3.1, PIV Card Issuance, Section 5.4.2.1 X.509 Certificate Content, and to Appendix D, PIV Object Identifiers and Certificate Extension. The revision also clarifies the identity proofing and registration process that departments and agencies must follow when issuing identity credentials. The changes are needed to make FIPS 201-1 consistent with the Memorandum for All Departments and Agencies (M-05-24), issued by the Office of Management and Budget on August 5, 2005, Implementation of Homeland Security Presidential Directive (HSPD) 12 ­ Policy for a Common Identification Standard for Federal Employees and Contractors.

March 10, 2006:
NIST received a strong response to its first PIV Demonstration announcement. Due to the continued interest NIST is receiving from vendors who did not make it into the first response period, NIST is re-opening the window for vendors to submit their interest in participation. NIST invites potential vendors to provide products that support FIPS 201 Part 2 to NIST for the express purpose of their inclusion in the PIV demonstration. For a limited number of days, NIST will make the demonstration open to all Federal agencies interested in FIPS 201 implementations. All interested vendors should contact Erika McCallister or Hildy Ferraiolo by April 10, 2006. Click here to view announcement.

March 3, 2006:
Presentations for the NPIVP workshop is available here.

February 13, 2006:
Draft Special Publication 800-73-1 Interfaces for Personal Identity Verification
NIST has received several comments that it is difficult to track the proposed changes to Special Publication 800-73. We have therefore replaced the original posting with a concise list of the proposed changes. These changes reference the current version of Special Publication 800-73. Pending public comment, NIST plans to make these changes and post an updated version 800-73-1.

February 8, 2006:
Draft Special Publication 800-73-1 Interfaces to Personal Identity Verification
NIST Special Publication 800-73-1, Interfaces for Personal Identity Verification, is now available for a three week public comment period. This document provides necessary changes to SP 800-73 for synchronization with biometric data requirements in SP 800-76 and to enhance the utility of the PIV card for logical access. Please submit comments using the comment template form (Excel spreadsheet - .xls) provided on the website. Comments should be submitted to DraftFips201 at nist.gov with "Comments on Public Draft SP 800-73-1" in the subject line. The comment period closes at 5:00 EST on Tuesday, February 28th, 2006.

February 3, 2006:
The NIST PIV Program (NPIVP) and the National Voluntary Laboratory Accreditation Program (NVLAP) will hold a public workshop on 03/03/2006 at the NIST in Gaithersburg, MD. The purpose of the workshop is the exchange of information among NVLAP, laboratories interested in seeking accreditation for the testing of Personal Identity Verification (PIV) components, vendors interested in having their product NPIVP-certified and federal agency seeking NPIVP certified products. For more details and to register visit http://csrc.nist.rip/npivp.

February 1, 2006:
NIST is pleased to announce the release of NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification. Special Publication 800-76 specifies technical acquisition and formatting requirements for the biometric credentials of Federal Information Processing Standard 201 (FIPS 201) conformant Personal Identity Verification (PIV) systems, including the PIV Card itself. Special Publication 800-76 enumerates required procedures and formats for fingerprints, fingerprint templates and facial images by appropriate instantiation of values and practices generically laid out in published biometric standards.

January 18, 2006:
NIST is pleased to announce the release of NIST Interagency Report 7284, Personal Identity Verification Card Management Report, which provides an overview of card management systems, identifies generic card management requirements, and considers some technical approaches to filling the existing gaps in PIV card management. The purpose of the report is to offer higher level of consistency and testability for PIV card issuance processes, enhance ability to outsource various card management components and functions, and improve overall security for the Federal PIV framework.

January 17, 2006:
NIST is pleased to announce the January 2006 edition of Special Publication 800-87 Codes for the Identification of Federal and Federally-Assisted Organizations. The January 2006 edition incorporates organizational code updates to the Department of Education.

January 10, 2006:
NIST is pleased to announce the Personal Identity Verification (PIV) Demonstration website. The purpose of the PIV demonstration is to provide proof of concept demonstrations of commercially available products that support Federal Information Processing Standard 201 (FIPS 201) Part 2. Additionally, the demonstrations will show the interoperability of PIV cards.

December 22, 2005:
NIST is pleased to announce the release of NIST Special Publication 800-21-1, the second edition of Guideline for Implementing Cryptography in the Federal Government. This revision updates and replaces the November 1999 edition of Guideline for Implementing Cryptography in the Federal Government. Many of the references and cryptographic techniques contained in the first edition of NIST SP 800-21 have been amended, rescinded, or superseded since its publication. The second edition also offers new tools and techniques.

Go to Special Publications page to view/download SP 800-21-1.

Posted December 15, 2005:
Draft NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, is now available for a four week public comment period. This document specifies technical acquisition and formatting requirements for the biometric credentials of the PIV system, including the PIV Card itself. It enumerates required procedures and formats for fingerprints, fingerprint templates and facial images by appropriate instantiation of values and practices generically laid out in published biometric standards. Please submit comments using the comment template form (Excel spreadsheet - .xls) provided on the website. Comments should be submitted to DraftFips201@nist.gov with "Comments on Public Draft SP 800-76" in the subject line. The comment period closes at 5:00 EST on Friday, January 13th, 2006.

Posted November 21, 2005:
The NIST Computer Security Division is pleased to introduce the NIST Personal Identity Verification Program (NPIVP)'s official website. NPIVP validates Personal Identity Verification (PIV) components and sub-systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. The official NPIVP website, features the following services in support of NPIVP:

  • Up-to-date validation lists for PIV components/sub-systems
  • A list of NPIVP test facilities authorized to conduct FIPS 201 conformant components/sub-systems testing
  • Announcements to NPIVP news and updates such as announcing new conformance test suites.


 

The NPIVP official website is http://csrc.nist.rip/npivp.

Posted November 21, 2005:
NIST is pleased to announce the Personal Identity Verification (PIV) Demonstration. The purpose of the PIV demonstration is to provide proof of concept demonstrations of commercially available products that support Federal Information Processing Standard 201 (FIPS 201) Part 2. Additionally, the demonstrations will show the interoperability of NPIVP certified PIV cards and PIV middleware.

NIST invites potential vendors to provide products that support FIPS 201 Part 2 to NIST for the express purpose of their inclusion in the PIV demonstration. NIST will make the demonstrations open to all Federal agencies interested in FIPS 201 implementations. Participation requires vendors to execute a Cooperative Research and Development Agreement (CRADA) with NIST. All interested vendors should contact NIST by December 31, 2005, to participate. For further information, including participation criteria, please consult the PIV Demonstration Announcement.

Posted November 3, 2005:
Designation of new NIST Personal Identity Verification Program (NPIVP) Test Facilities - The National Institute of Standards and Technology (NIST) has designated Atlan Laboratories, atsec information security corporation, ICSA Labs, a division of Cybertrust, Inc, and LogicaCMG FIPS Laboratory as interim NIST Personal Identity Verification Program (NPIVP) test facilities. As such, these laboratories may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. Additional information regarding the laboratories is available at http://csrc.nist.rip/cryptval/ . These new laboratories join COACT Inc., CAFE Laboratory, InfoGard Laboratories, Inc., DOMUS IT Security Laboratory, BKP Security Labs, BT Cryptographic Module Testing Laboratory, CEAL: a CygnaCom Solutions Laboratory, and the EWA - Canada IT Security Evaluation & Test Facility as designated interim NVPIP test facilities. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed. Testing under the NPIVP has been authorized with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.

October 20, 2005:
NIST is pleased to announce the release of Special Publication 800-87 (SP 800-87) Codes for the Identification of Federal and Federally-Assisted Organizations.

SP 800-87 provides the organizational codes necessary to establish the Federal Agency Smart Credential Number (FASC-N) that is required to be included in the FIPS 201 Card Holder Unique (CHUID) and is a companion document to FIPS 201.

Posted October 19, 2005:
The NIST Computer Security Division is pleased to announce publication of NIST Special Publication 800-85 (SP800-85), PIV Middleware and PIV Card Application Conformance Test Guidelines (SP800-73 Compliance). SP800-85 provides an approach for development of conformance tests for PIV middleware and PIV card application products. The approach includes Derived Test Requirements (DTR) and Test Assertions (TA). The DTRs and TAs are based on SP 800-73 Interfaces for Personal Identity Verification. The Guidelines are to be used by the developers of software modules and testing laboratories.

Posted October 06, 2005:
The Errata Sheet for Special Publication 800-73 and Special Publication 800-73 Supplemental Information:Namespace Management for Personal Identity Verification(PIV) Applications and Data Objects have been updated. Please go to the PIV Program Supporting Documents page to view/download the latest versions.

Posted September 02, 2005:
The National Institute of Standards and Technology proposes revisions to paragraphs 2.2 and 5.3.1 of Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. Before recommending these proposed changes to FIPS 201 to the Secretary of Commerce for review and approval, NIST invites comments from the public, users, the information technology industry, and Federal, State and local government organizations concerning the proposed changes. Comments on these proposed changes must be received by 30 days after publication of the Federal Register notice of the change proposal.
Draft Federal Information Processing Standard 201 Revision 1 (FIPS 201-1), Personal Identity Verification (PIV) of Federal Employees and Contractors.

Posted August 26, 2005:
The NIST Computer Security Division is pleased to announce publication of NIST Special Publication 800-57, Recommendation for Key Management - Part 2, Best Practices for Key Management Organization. The Recommendation for Key Management is divided into three parts. Part 1 contains general guidance. Part 2 provides guidance for system and application owners for use in identifying appropriate organizational key management infrastructures, establishing organizational key management policies, and specifying organizational key management practices. Part 3 will provide guidance to system administrators regarding the use of cryptographic algorithms in specific applications, select products to satisfy specific operational environments, and configure the products appropriately.

Posted August 19, 2005:
Designation of new NIST Personal Identity Verification Program (NPIVP) Test Facilities - On August 16, 2005, the National Institute of Standards and Technology (NIST) designated CEAL: a CygnaCom Solutions Laboratory as interim NIST Personal Identity Verification Program (NPIVP) test facility. On August 18, 2005, the National Institute of Standards and Technology (NIST) designated the EWA-Canada IT Security Evaluation & Test Facility as interim NIST Personal Identity Verification Program (NPIVP) test facility. As such, CEAL and EWA may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. Additional information regarding the laboratories is available at http://csrc.nist.rip/cryptval/. CEAL and EWA join COACT, Inc. CAFÉ Laboratory, InfoGard Laboratories, DOMUS IT Security Laboratory, BKP Security Labs, and BT Cryptographic Module Testing Laboratory as designated interim NVPIP test facilities. It is anticipated that other Cryptographic Module Validation Program (CMVP) facilities will be added to the list of NPIVP test facilities in the near future. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed. Testing under the NPIVP will begin with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.

Posted August 19, 2005:
The NIST Computer Security Division is pleased to announce publication of NIST Special Publication 800-57, Recommendation for Key Management - Part 1, General. The Recommendation for Key Management is divided into three parts. Part 1 contains general guidance. Part 2 will provide guidance for system and application owners for use in identifying appropriate organizational key management infrastructures, establishing organizational key management policies, and specifying organizational key management practices. Part 3 will provide guidance to system administrators regarding the use of cryptographic algorithms in specific applications, select products to satisfy specific operational environments, and configure the products appropriately.

Posted August 16, 2005:
Designation of new NIST Personal Identity Verification Program (NPIVP) Test Facilities - On August 15, 2005, the National Institute of Standards and Technology (NIST) designated COACT, Inc. CAFÉ Laboratory and InfoGard Laboratories, Inc. as interim NIST Personal Identity Verification Program (NPIVP) test facilities. As such, the COACT, Inc. CAFÉ Laboratory and InfoGard Laboratories, Inc. may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. Additional information regarding the laboratories is available at http://csrc.nist.rip/cryptval/. COACT, Inc. CAFÉ Laboratory and InfoGard Laboratories, Inc. join DOMUS IT Security Laboratory, BKP Security Labs, and BT Cryptographic Module Testing Laboratory as designated interim NVPIP test facilities. It is anticipated that other Cryptographic Module Validation Program (CMVP) facilities will be added to the list of NPIVP test facilities in the near future. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed. Testing under the NPIVP will begin with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.

Posted August 15, 2005:
On August 5, 2005, the Office of Management and Budget issued a Memorandum for the Heads of all Departments and Agencies, M-05-24, "Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors." The memorandum provides implementing instructions and time frames for the Presidential Directive and for FIPS 201, "Personal Identity Verification for Federal Employees and Contractors."

Also, on August 10, 2005, the General Services Administration issued a Memorandum for Chief Financial Officers, Chief Information Officers, and Chief Acquisition Officers, "Acquisition of Products and Services for Implementation of HSPD 12." The GSA memorandum specifies the procedures for ordering goods and services in compliance with the Presidential Directive.

Posted August 12, 2005:
Designation of new NIST Personal Identity Verification Program (NPIVP) Test Facility On August 10, 2005, the National Institute of Standards and Technology (NIST) designated DOMUS IT Security Laboratory as an interim NIST Personal Identity Verification Program (NPIVP) test facility. As such, the DOMUS IT Security Laboratory may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. Additional information regarding the laboratories is available at http://csrc.nist.rip/cryptval/. DOMUS IT Security Laboratory joins BKP Security Labs and BT Cryptographic Module Testing Laboratory as designated interim NVPIP test facilities. It is anticipated that other Cryptographic Module Validation Program (CMVP) facilities will be added to the list of NPIVP test facilities in the near future. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed. Testing under the NPIVP will begin with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.

Posted August 9, 2005:
Draft NIST Special Publication 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations
Adobe .pdf file (446 KB)

NIST Special Publication 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations, is now available for a thirty day public comment period. Special Publication 800-87 provides the organizational codes necessary to establishing the Federal Agency Smart Credential Number (FASC-N) that is required to be included in the FIPS 201 Card Holder-Unique ID (CHUID). Please submit comments using the comment template form provided on the website. Comments should be submitted to DraftFips201@nist.gov with "Comments on Public Draft SP 800-87" in the subject line. The comment period closes at 5:00 EST (US and Canada) on September 8th, 2005.

Posted August 9, 2005:
Designation of NIST Personal Identity Verification Program (NPIVP) Test Facilities On August 8, 2005, the National Institute of Standards and Technology (NIST) designated BKP Security Labs and BT Cryptographic Module Testing Laboratory as interim NIST Personal Identity Verification Program (NPIVP) test facilities. As such, the BKP Security Labs and BT Cryptographic Module Testing Laboratory may employ NIST-provided test suites to validate Personal Identification Verification (PIV) components, sub-systems, and integrated systems required by Federal Information Processing Standard (FIPS) 201 that meet the NPIVP requirements. Additional information regarding the laboratories is available at http://csrc.nist.rip/cryptval/. It is anticipated that other Cryptographic Module Validation Program (CMVP) facilities will be added to the list of NPIVP test facilities in the near future. During the next year, these laboratories will be assessed for NVLAP accreditation for PIV testing. Once NVLAP accreditation is achieved, the "Interim" designation will be removed. Testing under the NPIVP will begin with a limited scope of tests based on FIPS 201. The scope of tests will be increased as the program matures.

Posted August 5, 2005:
Draft NIST Special Publication 800-85, PIV Middleware and PIV Card Application Conformance Test Guidelines
NIST Special Publication 800-85, PIV Middleware and PIV Card Application Conformance Test Guidelines (SP800-73 Compliance), is now available for a three week public comment period. These guidelines provide an approach for development of conformance tests for PIV middleware and PIV card application products. The approach includes Derived Test Requirements (DTR) and Test Assertions (TA). The DTRs and TAs are based on SP 800-73 Interfaces for Personal Identity Verification. The Guidelines are to be used by the developers of software modules and testing laboratories. Please submit comments using the comment template form provided on the website. Comments should be submitted to DraftFips201@nist.gov with "Comments on Public Draft SP 800-85" in the subject line. The comment period closes at 5:00 EST (US and Canada) on August 26th, 2005.

Posted July 26, 2005:
NIST Announces Publication of PIV Card Issuer (PCI) Accreditation Guidelines
The Computer Security Division, responsible for the development and support of the Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification of Federal Employees and Contractors, has published NIST Special Publication (SP) 800-79 entitled Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations. These Guidelines describe an assessment model that includes conformance testing (e.g., PIV component validation), certification, and accreditation. . Examples of PIV organization management structures, the attributes of PIV Card Issuers (PCIs) that are required and desired to demonstrate capability and reliability, the methods for assessing these attributes, and sample accreditation decision letters are included in the Guidelines. The Guidelines are to be used by Federal departments and agencies to accredit the capability and reliability of PCIs they use to perform identity proofing, PIV Card Applicant registration, and PIV Card issuing services. The Guidelines will be augmented as experience is gained by Federal departments and agencies in complying with FIPS 201. Electronic copies of SP 800-79 are available from the CSRC Special Publications page or click here to go directly to the pdf document. Questions and answers about SP 800-79 are also available.

Posted June 29, 2005:
On June 16, 2005, NIST posted a Request for Information (RFI) in the Commerce Business Daily (Federal Business Opportunities) concerning products and services that comply with Federal Information Processing Standard 201 on the following site:

http://www2.eps.gov/spg/DOC/NIST/AcAsD/Reference-Number-FIPS201/SynopsisR.html

The following is a synopsis of that request for information. People interested in providing information should visit the referenced site to obtain more complete information before preparing a response to the request. Information must be provided on or before July 1, 2005, in order to be responsive to the RFI.

This notice requests comments on products and services developed to meet the requirements of Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification of Federal Employees and Contractors; Special Publication 800-73, Interface for Personal Identity Verification; and Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. This document is not a request for proposals or a statement of intent to initiate a procurement action, but it is a request for information regarding vendor's capability to develop FIPS 201 compliant products. In order to facilitate planning for testing, procurement, validation, and implementation of PIV systems conforming to all applicable functional and security requirements, information is being sought regarding products and services being offered to meet FIPS 201 requirements.

Specifically, NIST requests information regarding the hardware and software characteristics of FIPS 201-compliant products, timelines for product development, dates of availability of compliant in production quantities, and estimated cost of products and services. NIST requests this information for both PIV components and integrated solutions. Additionally, NIST requests information on a vendor's capability to set up test harnesses for PIV systems and conduct compliance tests. Funding to support a future procurement has not been secured at this time. Responses are due by July 1, 2005.

DATES: Comments and information submitted by interested parties must be received by NIST by 5:00 p.m. Eastern Standard Time on July 1, 2005.

FOR FURTHER INFORMATION CONTACT: William C. Barker, NIST, (301) 975-8443 (FIPS201_products@nist.gov) or Ron Martin, Department of Commerce, (202) 482-4637.

PLEASE NOTE: All information submitted in response to this request will be publicly released. Therefore, do not include proprietary or confidential business information in your response. Vendors responding to this notice assume the risk of public disclosure if confidential information is included.

June 16, 2005
NIST has posted a Request for Information (RFI) (NOTE: You will be leaving NIST webserver after clicking this link) for products and services developed to meet the requirements of Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors; Special Publication 800-73, Interface for Personal Identity Verification; and Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification on FedBizOpps. Responses are requested by July 1, 2005.

June 13, 2005
NIST has announced a public workshop to provide additional guidance on Federal Information Processing Standards (FIPS) 201 implementation. The workshop is designed to provide clarifications and respond to the questions raised by the industry and Federal agencies. Further information about registration and the workshop can be found here.

Posted May 20, 2005:
May 16, 2005 -- Reporting Format for Homeland Security Presidential Directive (HSPD) 12 Implementation Plans: The Office of Management and Budget has published instructions and a reporting template for HSPD #12 implementation plans. HSPD #12, Policy for a Common Identification Standard for Federal Employees and Contractors, requires Federal Departments and Agencies, by June 27, 2005, to have a program in place to ensure identification issued by your department or agency to Federal employees and contractors meets a common standard. The instructions and a reporting template can be accessed at http://www.whitehouse.gov/omb/inforeg/hspd-12_corrected_051905.doc.

April 25, 2005:
NIST Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, is now available. This document contains the technical specifications needed for the mandatory and optional cryptographic keys specified in FIPS 201 as well as the supporting infrastructure specified in FIPS 201 and the related Special Publications 800-73, Interfaces for Personal Identity Verification, and 800-76, Biometric Data Specification for Personal Identity Verification, that rely on cryptographic functions.

April 12, 2005:
Special Publication 800-73 has been updated and an updated .pdf file is now available on the Special Publications page. An errata sheet also has been posted as well (both files posted April 12, 2005). The original release of SP 800-73 was April 8th.

April 8, 2005:
NIST is pleased to announce the release of Special Publication 800-73, Interfaces for Personal Identity Verification. SP 800-73 provides the specifications for interfacing with the Personal Identity Verification (PIV) Card as specified in FIPS 201. SP 800-73 provides a streamlined, ISO compliant unified card edge independent of the underlying card platform technology.

April 8, 2005
OMB has published a request for comments in the Federal Register on their draft agency implementation guidance for HSPD #12. Comments are due to OMB by May 9, 2005.

March 28, 2005
NIST Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, is now available for a two week public comment period. This document contains the technical specifications needed for the mandatory and optional cryptographic keys specified in FIPS 201 as well as the supporting infrastructure specified in FIPS 201 and the related Special Publications 800-73, Interfaces for Personal Identity Verification, and 800-76, Biometric Data Specification for Personal Identity Verification, that rely on cryptographic functions. Please submit comments using the comment template form provided on the website. Comments should be submitted to DraftFips201@nist.gov with "Comments on Public Draft SP 800-78" in the subject line. It is requested that Federal organizations submit one consolidated/coordinated set of comments. The comment period closes at 5:00 EST (US and Canada) on April 11th, 2005.

March 8, 2005
NIST has revised the Special Publication 800-73 Second DRAFT (SP 800-73) in response to the comments received on the January 31st public draft. The SP 800-73 provides the specifications for interfacing with the Personal Identity Verification (PIV) Card as specified in FIPS 201. SP 800-73 provides a streamlined, ISO compliant unified card edge independent of the underlying card platform technology. Please submit your comments using the comment template form provided on the website. Comments should be submitted to DraftFips201@nist.gov with "Comments on Public Draft SP 800-73" in the subject line. It is requested that Federal organizations submit one consolidated/coordinated set of comments. The comment period closes at 5:00 EST (US and Canada) on March 22nd, 2005.

March 3, 2005
Frequently Asked Questions About the Standard for Personal Identity Verification (PIV) of Federal Employees and Contractors

February 25, 2005
FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, developed in response to Homeland Security Presidential Directive #12, is now available. Details about the development of the new standard can be found on the NIST's PIV webpages.

January 24, 2005
Based on the comments received on November 8th draft of FIPS 201, NIST has decided to move technical requirements for biometric data to a Special Publication 800-76, Biometric Data Specification for Personal Identity Verification (.pdf). NIST is pleased to announce the draft of SP 800-76 for the public comments. The comment period for this draft is two weeks, ending on February 7th, 2005. Please direct all comments and questions to DraftFips201@nist.gov.

January 6, 2004 ­ A second session has been formed, from 1:00-4pm. Due to the number of responses from individuals interested in attending this meeting, there will a second meeting in the afternoon at the same location. The afternoon session will cover the same topics. Because of space limitations, attendees may only attend one session. Attendees registered for the morning session, may not switch sessions. If you are on the waiting list, you will receive email confirmation; there is no need to contact NIST.

January 4, 2005 -- Update:
NIST has received over 1900 comments from over 80 individuals and organizations during the public comment period on the draft standard. We are now working through the comments to finalize the standard for approval. As is our normal procedure for FIPS, we will be posting the comments we recevied to our web site (hopefully by the end of the month.) NIST appreciates the time and energy of those who reviewed the draft and provided us with many helpful comments and suggestions.

The morning meeting has reached capacity and is now full. All people registering now will be put on a waiting list.
December 22, 2004 -- On January 19, 2005, from 8:30-noon, the General Services Administration, in partnership with the Department of Commerce and the Office of Management and Budge will hold a public meeting. The meeting will cover the policy, privacy, and security issues associated with the Personal Identity Verification (PIV) Standard for Federal Employees and Contractors. Karen Evans, Administrator for E-Government and Information Technology is the keynote speaker. Ms. Evans will be followed by 2 panels to discuss key policy questions. For details click here.

December 8, 2004
FIPS 201/SP 800-73 Update: NIST held a FIPS 201 public industry briefing on November 18, 2004. The briefing provided an opportunity for an exchange of information among key government and industry representatives regarding FIPS 201 implementation requirements and capabilities. Many inputs were provided to NIST regarding implementation realities and the continuing requirement to meet HSPD 12 time lines. In answer to many questions, NIST's intent in the FIPS 201 companion document, Special Publication 800-73, is to provide a technology neutral approach to support all card types. Some readers have commented that the language in the draft Special Publication 800-73 is not clear on this point. NIST intends to make some changes to Special Publication 800-73. The Interagency Advisory Board (IAB) has subsequently agreed to make specific suggested changes for the revision through its Technical Working Group. NIST has provided a terms of reference document to the IAB. The IAB has agreed to provide its recommended revisions to NIST on Special Publication 800-73 by January 20, 2005. Given the different procedures for FIPS and Special Publication processing, this will afford more development and review time for Special Publication 800-73 than for FIPS 201 within the HSPD #12-prescribed schedule. NIST plans a brief second public review of the revised Special Publication 800-73 in late January, 2005. Comments on FIPS 201 are still due on December 23, 2004. Slides from the November 18 industry briefing are available at http://csrc.nist.rip/groups/SNS/piv/documents/workshop-Nov18-2004/presentations.html.

November 8, 2004
NIST is pleased to announce the first public drafts of Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification for Federal Employees and Contractors, and Special Publication 800-73 (SP 800-73), Integrated Circuit Card for Personal Identity Verification. These publications are being published in response to Homeland Security Presidential Directive #12 of August 27, 2004. The comment periods for FIPS 201 and SP 800-73 public drafts will be 45 days, ending on December 23rd, 2004. Please direct all comments and questions to DraftFips201@nist.gov. To view/download these two drafts, the README file and comment file.

Created May 24, 2016, Updated September 24, 2021