NIST SP 800-79-1
Title: Guidelines for the Accreditation of Personal Identity Verification Card Issuers
Category: Security Assessment Guide
Date: February 2010
Creator: NIST
URL: http://csrc.nist.gov/publications/nistpubs/800-79-1/SP800-79-1.pdf
Description: Survey of the requirements to be met by a PIV Card Issuer (PCI) and an accreditation methodology for
ensuring their conformance with those requirements. Accreditation topics include organizational readiness,
security management and data protection, infrastructure elements and processes.
Privacy: The security management and data protection accreditation topic includes confirmation that privacy
requirements from FIPS 201 are satisfied. This document does not add privacy requirements but provides
guidelines for assessing conformance to those requirements. Privacy related documents required during the
accrediation process include the privacy policy, privacy impact analysis, system of record notice, privacy act
statement, rules of conduct and documented processes for requests to review personal information,
requests to amend personal information, appeals and complaints.
Security: Provides a structure for confirming that the PIV Card Issuer meets security obligations and requirements.
Interoperability: Supports interoperable use of PIV cards by providing a common baseline of security assurance in the
issuance process.
Terms: