U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

FIPS 201-3 Approved and Published: NIST Revises Personal Identity Verification (PIV) of Federal Employees and Contractors
January 24, 2022

NIST is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.)

 
FIPS 201-3 addresses the comments received during the public comment period in November 2020.
 
High-level changes include:

  • Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services
  • Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials
  • Focus on the use of federation to facilitate interoperability and interagency trust
  • Addition of supervised remote identity proofing processes
  • Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)
  • Support for the secure messaging authentication mechanism (SM-AUTH)

A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History, and this matrix includes public comments received on the November 2020 draft, and their resolutions.

Federal Register Notice

Document Number: 2022-01246
Created January 20, 2022, Updated January 24, 2022