Multi-factor & Risk-based Authentication
NIST Issues PIV Guidance Draft
Personal Identity Verification of Federal Employees and ContractorsThe draft of FIPS 201-2 amends FIPS 201-1 and includes adaptation to changes in the environment of authentication since the publication of FIPS 201-1, and specific changes requested by federal agencies and implementers
According to the publication, the standard specifies the architecture and technical requirements for a common identification standard for federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to federally controlled government facilities and electronic access to government information systems.
NIST said the standard contains the minimum requirements for a federal personal identity verification system that meets the control and security objectives of Homeland Security Presidential Directive 12, including identity proofing, registration, and issuance. The standard also provides detailed specifications that will support technical interoperability among PIV systems of Federal departments and agencies. It describes the card elements, system interfaces, and security controls required to securely store, process, and retrieve identity credentials from the card.
Before recommending FIPS 201-2 to the secretary of Commerce for review and approval, NIST is inviting comments from the public concerning the proposed changes. During the public comment period, NIST will hold a public workshop at NIST in Gaithersburg, Md., on April 18 and 19 to present the draft of FIPS 201-2.
Electronic comments may be sent by June 6 to piv_comments@nist.gov.