U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-79 Rev. 3 (Initial Public Draft)

Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers

Date Published: December 13, 2023
Comments Due: January 29, 2024
Email Comments to: piv_comments@nist.gov

Author(s)

Hildegard Ferraiolo (NIST), Andrew Regenscheid (NIST), Sarbari Gupta (Electrosoft Services), Nabil Ghadiali (Electrosoft Services)

Announcement

NIST SP 800-79r3 ipd, Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers, expands the set of issuer controls to include new and updated requirements from FIPS 201-3, its supporting updated publications (e.g., SP 800-157r1, SP 800-76r2, etc.) and newly-issued OMB Memoranda aimed at achieving compliance with federal requirements with regard to identity proofing and the issuance of a common and reliable form of a primary and derived identity credential.

NIST is specifically interested in comments on and recommendations for the following topics:

  1. Are the new and updated controls for identity proofing and the issuance and maintenance of PIV Cards and derived PIV credentials clear and practical to implement?
  2. Is it easy to determine where the updated controls need to be implemented (i.e., at the enterprise level, issuing facility level, or both)?
  3. Are the new controls for derived PIV credentials sufficient to provide comparable assurance for PIV Cards?

NIST requests that all comments be submitted by 11:59 p.m. Eastern Standard Time (EST) on January 29, 2024. Please submit comments to piv_comments@nist.gov. NIST will review all comments and make them available on CSRC. Commenters are encouraged to use this comment template.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy  Inclusion of Patents in ITL Publications.

Abstract

Keywords

assessment; authorization; compliance; derived PIV credentials; HSPD-12; issuer controls; personal identity verification; PIV Card
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-79r3.ipd
Download URL

Supplemental Material:
Comment template (xlsx)

Document History:
12/13/23: SP 800-79 Rev. 3 (Draft)