Date Published: September 27, 2023
Comments Due:
Email Comments to:
Author(s)
Hildegard Ferraiolo (NIST), Ketan Mehta (NIST), Salvatore Francomacaro (NIST), Ramaswamy Chandramouli (NIST), Sarbari Gupta (Electrosoft Services)
Announcement
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now available for public comment.
SP 800-73-5: Parts 1–3 ipd (Initial Public Draft)
SP 800-73-5: Parts 1–3 ipd, Interfaces for Personal Identity Verification, describes the technical specifications for using the PIV cards including a PIV data model (Part 1), card edge interface (Part 2), and application programming interface (Part 3). Major changes to the documents include:
- Removal of the previously deprecated CHUID authentication mechanism
- Deprecation of the SYM-CAK and VIS authentication mechanisms
- Addition of an optional 1-factor secure messaging authentication mechanism (SM-Auth) for contactless interfaces for facility access applications
- Additional use of the facial image biometric for general authentication via BIO and BIO-A authentication mechanisms
- Restriction on the number of consecutive activation retries for each of the activation methods (i.e., PIN and OCC attempts) to be 10 or less
- SP 800-73-5: Part 3 on PIV Middleware specification marked as optional to implement
We encourage you to use this comment template to record and organize your comments on the SP 800-73-5 parts.
Also see SP 800-78-5 ipd.
Submit Comments
The comment period for these drafts is open through November 15, 2023. See the publication details (linked above) to download the drafts and comment templates. Comments and inquiries should be sent to piv_comments@nist.gov.
Workshop
Additionally, NIST will host a public workshop on November 8, 2023, to discuss both SP 800-73-5 ipd and SP 800-78-5 ipd. Information about that event will soon be posted on CSRC Events and announced via email using the NIST Cybersecurity Events list on GovDelivery.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal department or agency and used when a PIV Card is not practical. This document contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials. The specifications reflect the design goals of interoperability and PIV Card functions. The goals are addressed by specifying a PIV data model, card edge interface, and application programming interface. Moreover, this document enumerates requirements for the options and branches in international integrated circuit card standards. The specifications go further by constraining interpretations of the normative standards to ease implementation, facilitate interoperability, and ensure performance in a manner tailored for PIV applications.
FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal...
See full abstract
FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal department or agency and used when a PIV Card is not practical. This document contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials. The specifications reflect the design goals of interoperability and PIV Card functions. The goals are addressed by specifying a PIV data model, card edge interface, and application programming interface. Moreover, this document enumerates requirements for the options and branches in international integrated circuit card standards. The specifications go further by constraining interpretations of the normative standards to ease implementation, facilitate interoperability, and ensure performance in a manner tailored for PIV applications.
Hide full abstract
Keywords
authentication; FIPS 201; identity credential; logical access control; on-card biometric comparison; Personal Identity Verification (PIV); physical access control; smart cards; secure messaging
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
