Federal ID Credential Security Standard Strengthens Authentication, Extends To Mobile Devices
From NIST Tech Beat: September 5, 2013
The National Institute of Standards and Technology (NIST) has issued an updated version of the standard specification Personal Identification Verification (PIV) Card that federal employees and contractors use to enter government facilities or log on to federal computer systems.
The revised Federal Information Processing Standard (FIPS) 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors provides a stronger authentication credential that combines new technology, including enhanced support for mobile devices and lessons learned from federal agencies.
"Offering a strong credential provides better identity assurance as to who you are," explains Hildegard Ferraiolo, a NIST computer scientist who co-authored the document. "The standard can be updated every five years, if needed, and agencies wanted to incorporate their years of experience in a fresher revision."
The original FIPS 201 document from 2005 required all PIV cards to contain an integrated circuit chip for storing electronic credentials and protected biometric data—fingerprint specifics and, optionally, a photograph.
The FIPS 201-2 revision includes adaptions to changes in the environment since the original FIPS 201. It does not require existing cards to be replaced. Close to 5 million cards have been issued to date.
New FIPS 201-2 capabilities include:
The new version of FIPS 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors, is available at http://www.nist.gov/manuscript-publication-search.cfm?pub_id=914530.
The specification of the optional iris biometric is based on the ISO/IEC 19794-6 iris biometric standard published in 2011. These specifications can serve other iris-based authentication uses cases beyond the PIV program. The on-card fingerprint comparison may be used as an alternate to the Personal Identification Number in use currently. More information on these options can be found in the recently published, Biometric Data Specifications for Personal Identity Verification (NIST Special Publication 800-76-2). This publication is one of several that provide guidance to support FIPS 201.
Technical details for FIPS 201-2 PIV cards are published in a draft special publication Interfaces for Personal Identity Verification (3 Parts) (NIST SP 800-73-4). A draft of a new Special Publication 800-157 on derived PIV credentials for mobile devices is being prepared.
*NIST Special Publication 800-76-2, Biometric Specifications for Personal Identity Verification, is available at www.nist.gov/manuscript-publication-search.cfm?pub_id=914224.