U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Special Publication 800-79-2, Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) has been approved as final
July 30, 2015

NIST is pleased to announce the release of Special Publication 800-79-2Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI). The document provides guidelines for assessing the reliability of issuers of PIV Cards and issuers of the newly introduced Derived PIV Credential for mobile devices. The document has been updated to align with the release of FIPS 201-2, published in September 2013. The major changes for this revision of SP 800-79 include additions and updates to issuer controls in response to new or changed requirements in FIPS 201-2. These are:

  • Inclusion of issuer controls for Derived PIV Credentials Issuers (DPCI),
  • Addition of issuer controls for issuing PIV Cards under the grace period and for issuing PIV Cards to individuals under pseudonymous identity,
  • Addition of issuer controls for the PIV Card’s visual topography,
  • Updated issuer controls to detail controls for post-issuance updates of PIV Cards,
  • Updated references to the more recent credentialing guidance issued by OPM,
  • Addition of issuer controls with respect to the optional chain-of-trust records maintained by a PIV Card issuer, and.
  • Modified process to include an independent review prior to authorization of issuer.
Created December 21, 2016, Updated June 22, 2020