PIV Q and A Site Logo NIST Logo
Home Q&A
Frequently Asked Questions
 

Conformance Testing:

Question ID # Posted by
1 Ramaswamy Chandramouli
Question:
Is it possible to have a standalone certificate for the PIV comformant middleware (excluding the card)? It appears that the PIV certificate # will be entered into FIPS 140-2 certificate, but FIPS 140-2 is only about the crypto module, not the middleware.
Answer:
The PIV Middleware will carry its own certificate as it is a separate piece of software. Only the certificate for the PIV Card Application will be tied to the FIPS 140-2 certificate issued for the underlying platform on which the PIV Card Application is hosted.
2 Hildegard Ferraiolo
Question:
Are there standards by which SSPs must comply regarding RA/CA communication (e.g., RFC 2510) and key escrow?
Answer:
At present we have not mandated standards for communication between PIV RAs and CAs. However, PIV RAs and CAs would be expected to follow the general set of standards and requirements that apply to all Government RAs and CAs (use of FIPS-approved algorithms, etc.).

FIPS 201 requires the PIV CAs to be part of the Federal PKI (Section 5.4.1). So, the communication method and protocols for cert requests and responses will be covered by existing Federal PKI policies.

NIST is an agency of the U.S. Commerce Department last modified: October 07 2008
This site adheres to the NIST privacy policy.
Questions or comments? Contact the webmaster