Date Published: January 10, 2023
Comments Due: March 24, 2023
Email Comments to: piv_comments@nist.gov
, ,
This publication complements FIPS 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors. The draft guidelines in SP 800-157r1 detail the issuance and maintenance of authenticators used as derived PIV credentials.
Submit public comments by 11:59 PM ET on March 24, 2023 to piv_comments@nist.gov. We encourage you to use this comment template.
See the Note to Reviewers below for specific topics about which NIST is seeking your feedback. NIST will review all comments and make them available on this website.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
Draft NIST SP 800-157r1 Guidelines for Derived Personal Identity Verification (PIV) Credentials expands the use of derived PIV credentials beyond mobile devices to include non-PKI-based phishing-resistant multi-factor credentials. The draft details the expanded set of derived PIV credentials in a variety of form factors and authenticator types as envisioned in OMB Memoranda M-19-22 and M-22-09, and subsequently outlined in FIPS 201-3. The cross-domain and interagency use of these credentials is provided by federation protocols outlined in the initial public draft of SP 800-217, Guidelines for PIV Federation. Both documents are closely aligned with draft release SP 800-63-4, Digital Identity Guidelines. NIST hopes that the draft document enables a close alignment with new and emerging digital authentication and federation technologies employed in the federal government, while maintaining a strong security posture.
NIST is specifically interested in comments on and recommendations for the following topics:
Identification and Authentication
Publication:
SP 800-157 Rev. 1 (Draft) (DOI)
Local Download
Supplemental Material:
Comment template (xls)
Virtual Workshop (Feb. 1, 2023) (web)
Related NIST Publications:
Document History:
01/10/23: SP 800-157 Rev. 1 (Draft)
Security and Privacy
authentication; digital signatures; Personal Identity Verification; public key infrastructure
Technologies
mobile
Applications
communications & wireless
Laws and Regulations
Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7